0

The setup Hardware:

  • Raspberry Pi 4
  • 2 ethernet ports (one via USB ethernet)
  • one switch

Software:

  • Raspbian 10 (buster)
  • Pi-hole active as DNS server without DHCP (until now the router takes care of that)
  • Unbound as DNS provider
  • Network Traffic scanner (Network Monitor)

IP:

  • eth0 = 192.168.178.2
  • eth1 = 192.168.178.3
  • wlan0 = 192.168.178.4 (if needed)
  • DNS = 127.0.0.1 (because of unbound)
  • DHCP = 192.168.178.1 (local router)

I want the connection with everything to look like this: ISP -> Router -> Raspbarry -> Switch -> Endpoints

So the Raspbarry should forward the packets through its eth0 to eth1 (where the switch is). Everything that goes through eth0 should be recorded (via network monitoring). Not one single instruction helps me completely (because they are all outdated and don't work anymore).

When I try to make a bridge from eth0 to eth1, I can't access my Raspbarry at all and have to reset it.

Can someone help me please?

From the official Raspberry documentation (Setting up a Raspberry Pi as a bridged wireless access point) I took the following and tried to implement it:

sudo nano /etc/systemd/network/bridge-br0.netdev

[NetDev]
name=br0
type=bridge


sudo nano /etc/systemd/network/br0-member-eth0.network


[Match]
Name=eth0


[network]
bridge=br0


sudo systemctl enable systemd-networkd


sudo nano /etc/dhcpcd.conf


denyinterfaces eth0 eth1
interface br0

my dhcpcd.conf looks like this

# A sample configuration for dhcpcd.
# See dhcpcd.conf(5) for details.

Allow users of this group to interact with dhcpcd via the control socket.


#controlgroup wheel


Inform the DHCP server of our hostname for DDNS.


hostname


Use the hardware address of the interface for the Client ID.


clientid


or


Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.


Some non-RFC compliant DHCP servers do not reply with this set.


In this case, comment out duid and enable clientid above.


#duid


Persist interface configuration when dhcpcd exits.


persistent


Rapid commit support.


Safe to enable by default because it requires the equivalent option set


on the server to actually work.


option rapid_commit


A list of options to request from the DHCP server.


option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes


Respect the network MTU. This is applied to DHCP routes.


option interface_mtu


Most distributions have NTP support.


#option ntp_servers


A ServerID is required by RFC2131.


require dhcp_server_identifier


Generate SLAAC address using the Hardware Address of the interface


#slaac hwaddr


OR generate Stable Private IPv6 Addresses based from the DUID


slaac private


Example static IP configuration:


#interface eth0
#static ip_address=192.168.178.2/24
#static ip6_address=fd51:42f8:caae:d92e::ff/64
#static routers=192.168.178.1
#static domain_name_servers=192.168.178.1 8.8.8.8 fd51:42f8:caae:d92e::1


It is possible to fall back to a static IP if DHCP fails:


define static profile


#profile static_eth0
#static ip_address=192.168.1.23/24
#static routers=192.168.1.1
#static domain_name_servers=192.168.1.1


fallback to static profile on eth0


#interface eth0
#fallback static_eth0


denyinterfaces eth0 eth1
interface eth0
        static ip_address=192.168.178.2/24
        static routers=192.168.178.1
        static domain_name_servers=8.8.8.8 8.8.4.4


interface eth0
        fallback static_eth0


interface eth1
        static ip_address=192.168.178.3/24
        static routers=192.168.178.1
        static domain_name_servers=8.8.8.8 8.8.4.4


interface eth1
        fallback static_eth1


interface wlan0
        static ip_address=192.168.178.4/24
        static routers=192.168.178.1
        static domain_name_servers=8.8.8.8 8.8.4.4


interface wlan0
        fallback static_wlan0


interface br0

The dnsmasq-pihole settings looks like this:

# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Dnsmasq config for Pi-hole's FTLDNS
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.

###############################################################################


FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.


ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE




IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:


/etc/pihole/setupVars.conf




ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE


WITHIN /etc/dnsmasq.d/yourname.conf


###############################################################################


addn-hosts=/etc/pihole/local.list
addn-hosts=/etc/pihole/custom.list


localise-queries


no-resolv


cache-size=10000


log-queries
log-facility=/var/log/pihole.log


local-ttl=2


log-async
server=127.0.0.1#5335
domain-needed
expand-hosts
bogus-priv
local-service
server=/use-application-dns.net/

I need to be sure that eth0 is IP 192.168.178.2 and eth1 is 192.168.178.3. Whatever is behind eth1 can get a DHCP address. That's why I put the Static IP.

I do not have much experience in bridging. That's why I don't know how to customize something so that it works.

NewbeeAdmin
  • 1
  • 1

0 Answers0