« PI Routeur » : différence entre les versions
Aller à la navigation
Aller à la recherche
mAucun résumé des modifications |
|||
| Ligne 16 : | Ligne 16 : | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
ip -o link show | awk -F': ' '/eth|enx/{print $2}' | ip -o link show | awk -F': ' '/eth|enx/{print $2}' | ||
</syntaxhighlight>Moi j'ai<syntaxhighlight lang="text"> | |||
eth0 | |||
eth1 | |||
</syntaxhighlight> | </syntaxhighlight> | ||
== | == Configuration réseau == | ||
=== Bookworm (NetworkManager) === | === Bookworm (NetworkManager) === | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
| Ligne 35 : | Ligne 38 : | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== | == DHCP (dnsmasq) == | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo apt install -y dnsmasq | sudo apt install -y dnsmasq | ||
| Ligne 49 : | Ligne 52 : | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== | == Routage IPv4 et NAT == | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
echo 'net.ipv4.ip_forward=1' | sudo tee /etc/sysctl.d/99-ip-forward.conf | echo 'net.ipv4.ip_forward=1' | sudo tee /etc/sysctl.d/99-ip-forward.conf | ||
| Ligne 76 : | Ligne 79 : | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== | == Tests == | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
ip addr show eth0 | ip addr show eth0 | ||
Version du 29 novembre 2025 à 23:18
Routeur Raspberry Pi 2 : WAN DHCP, LAN 10.11.11.0/24, DHCP & NAT
Objectif
eth0(WAN) en **client DHCP** – adresse et passerelle obtenues du réseau amont.eth1(USB‑Ethernet) en **IP statique10.11.11.1/24** – **passerelle** du LAN.- **Serveur DHCP** via
dnsmasq: plage10.11.11.100–10.11.11.200, passerelle10.11.11.1. - **Routage IPv4** activé et **NAT** (masquerade) avec
nftables.
Prérequis
- Raspberry Pi 2 avec Raspberry Pi OS.
- Un adaptateur USB‑Ethernet pour le LAN (nommé
eth1ouenx<MAC>). - Accès
sudo.
Identifier les interfaces
ip -o link show | awk -F': ' '/eth|enx/{print $2}'
Moi j'ai
eth0
eth1
Configuration réseau
Bookworm (NetworkManager)
sudo nmcli con add type ethernet ifname eth0 con-name wan ipv4.method auto ipv6.method ignore
sudo nmcli con add type ethernet ifname eth1 con-name lan ipv4.method manual ipv4.addresses 10.11.11.1/24 ipv4.never-default yes ipv6.method ignore
sudo nmcli con up wan
sudo nmcli con up lan
Anciennes versions (dhcpcd)
sudo nano /etc/dhcpcd.conf
interface eth1
static ip_address=10.11.11.1/24
sudo systemctl restart dhcpcd
DHCP (dnsmasq)
sudo apt install -y dnsmasq
sudo tee /etc/dnsmasq.d/lan.conf >/dev/null <<'EOF'
interface=eth1
bind-interfaces
domain-needed
bogus-priv
dhcp-range=10.11.11.100,10.11.11.200,255.255.255.0,24h
dhcp-option=option:router,10.11.11.1
EOF
sudo systemctl enable --now dnsmasq
Routage IPv4 et NAT
echo 'net.ipv4.ip_forward=1' | sudo tee /etc/sysctl.d/99-ip-forward.conf
sudo sysctl -p /etc/sysctl.d/99-ip-forward.conf
nftables
sudo tee /etc/nftables.conf >/dev/null <<'EOF'
flush ruleset
table inet filter {
chain input { type filter hook input priority 0; policy accept; }
chain output { type filter hook output priority 0; policy accept; }
chain forward { type filter hook forward priority 0; policy drop;
ct state established,related accept
iif "eth1" oif "eth0" accept
}
}
table ip nat {
chain postrouting { type nat hook postrouting priority 100;
oif "eth0" masquerade
}
}
EOF
sudo systemctl enable --now nftables
Tests
ip addr show eth0
ip addr show eth1
journalctl -u dnsmasq | tail -n 50
ping 1.1.1.1
curl -s https://ifconfig.me
Script complet
#!/bin/bash
# Routeur Pi 2 – WAN DHCP (eth0), LAN 10.11.11.0/24 (eth1), DHCP & NAT
set -e
sudo nmcli con add type ethernet ifname eth0 con-name wan ipv4.method auto ipv6.method ignore
sudo nmcli con add type ethernet ifname eth1 con-name lan ipv4.method manual ipv4.addresses 10.11.11.1/24 ipv4.never-default yes ipv6.method ignore
sudo nmcli con up wan; sudo nmcli con up lan
sudo apt install -y dnsmasq
sudo tee /etc/dnsmasq.d/lan.conf >/dev/null <<'EOF'
interface=eth1
bind-interfaces
domain-needed
bogus-priv
dhcp-range=10.11.11.100,10.11.11.200,255.255.255.0,24h
dhcp-option=option:router,10.11.11.1
EOF
sudo systemctl enable --now dnsmasq
echo 'net.ipv4.ip_forward=1' | sudo tee /etc/sysctl.d/99-ip-forward.conf
sudo sysctl -p /etc/sysctl.d/99-ip-forward.conf
sudo tee /etc/nftables.conf >/dev/null <<'EOF'
flush ruleset
table inet filter {
chain input { type filter hook input priority 0; policy accept; }
chain output { type filter hook output priority 0; policy accept; }
chain forward { type filter hook forward priority 0; policy drop;
ct state established,related accept
iif "eth1" oif "eth0" accept
}
}
table ip nat {
chain postrouting { type nat hook postrouting priority 100;
oif "eth0" masquerade
}
}
EOF
sudo systemctl enable --now nftables