We’re going to use the 192.168.0.0/24 subnet for our LAN devices and pretend 10.2.3.0/24 is our WAN subnet. Because we’re tagging both VLANs assigned to the firewall switch port, we’re going to need to make quite a few edits to the /etc/network/interfaces file. Once the initial setup is complete, we’ll tackle the network configuration. Install the ‘vlan’ package which contains the utilities needed to manage VLAN virtual interfaces: Switch the system to using the console, rather than booting into X.Configure the locale settings to your liking.I’ll assume you’re using the console, for the rest of this configuration.ĭuring the initial boot, you’ll want to perform some basic setup steps For the initial setup, you’re going to need to use the console (HDMI) or plug it into a standard (VLAN 1) switch port with DHCP enabled. Download Raspbian from the usual sources and transfer it to the SD card. We’re going to use a model B Pi and a basic setup with Raspbian (Wheezy) on a 4GB SD card. If your switch doesn’t do auto-sense on it’s ports, or it doesn’t have a designated ‘uplink’ port, your going to need to use a crossover cable. Plug an ethernet cable between your internet router/modem/etc and port #1 on the switch. Then configure VPID for this port, by assigning incoming, untagged traffic to VLAN 99.įor the firewall port (#2) we’re going to assign both VLAN 1 and VLAN 99 to the port, both of them setup as being tagged. Assign port #1 to VLAN 99 and make sure it’s untagged. I chose port #1 for the internet connection and port #2 for the firewall connection. Your normal LAN devices (workstations, etc) should be on switch ports that are on VLAN 1 and set to untagged.įirst we’ll need to configure two special switch ports. Go ahead and configure those two VLANs on your switch, now. In this article, we’ll use the default VLAN (1) for our LAN subnet and we’ll use VLAN 99 for our WAN subnet. We’ll be setting up two VLANs, one for the WAN(internet) connection and another for the LAN(internal) traffic.
We’ll need a switch that supports both VLAN tagging and VPID. Network-wise, we’re going to need a good managed switch to accomplish this feat. In this article, I assume you know your way around a managed network switch, have some experience with administering Linux and have configured a Raspberry Pi before. And for a device that runs 24/7, that adds up over time. My old firewall was an older x86 system, and while it is pretty bare-bones it still used a large amount of power (~150 watts) compared to the ~3.5 watts for the Pi. The second reason is more practical, saving power. Raspberry Pis are cool little devices to experiment with. You might ask why would I do this? One reason is, it’s just fun. In this article, I’ll show you how to configure a Raspberry Pi as a firewall device.
0 kommentar(er)
