How to merge multiples physical network interfaces into a single vlan?

0

I am currently trying to build a home server. This home server will do a lot of things such as acting as a NAS, a media server, file server, etc, and also a router. This pc has one ethernet port on the motherboard (let's call it eth0, or wan) and 4 ethernet ports on a pcie card (let's call them eth1, eth2, eth3, eth4). eth0 is currently receiving it's ip address trough dhcp from the isp. What I'd like is for eth1, eth2, eth3 and eth4 to all be set to 192.168.0.1/24 so that connected devices can get their ip from the dhcp server on the home server as if it was a normal router. Connected devices must be able to talk to each other and also be able to access internet.

The thing is I lack the knowledge on how to merge eth1, eth2, eth3 and eth4 into a single virtual interface and bridge them with eth0 so they can have internet access. How is it possible to do this (With network manager cli ideally, as it is required for me)? Thanks !

Mog01

Posted 2019-08-22T02:37:37.040

Reputation: 1

Is eth0/wan directly connected to your ISP (modem only, you only get a single IP address), or is it connected to a home router or router provided by your ISP that can give out a range of IP addresses? Depending on that, the recommended setup is completely different. In the first case, your home "server" (which acts more as a "home main router + server") will also have to do NAT and DHCP and possibly DNS proxying. In the second case, just bridge eth0, eth1, ..., eth4, then you have a "home server + switch", and let your main router do its job. – dirkt – 2019-08-22T08:11:11.847

It is connected to a router+modem that the ISP provides. Yes, just bridging is a good option and you're right. I just tought it would be interesting to make it a router since I also wanted to do things like firewall (iptables), dns forwarding (unbound), adblocking (also unbound) since the isp router don't do any of that. – Mog01 – 2019-08-23T01:39:55.680

Answers

0

Ok, very partial answer:

Basically you want you want your home server to do everything a normal home router does. The usual setup for this is to put eth1 to eth4 (and possibly other client-side interface like a WLAN AP) into a bridge br-client, give it a separate subnet (say 192.168.71.0/24), enable forwarding, do NAT between br-client and eth0 via iptables, and add other firewall rules via iptables.

Then you use something like dnsmasq for DHCP and as a DNS forwarding proxy.

There are distributions like OpenWRT tuned for the kind of embedded hardware that available routers use, but also available for x86, that do all of that out of the box. As they are for space-restricted embedded machines, they are a bit different from what you are used on Arch-Linux, though.

The downside of this is that you are doing what's called "double NAT": Your home server will rewrite the IP address once, and then your ISP router will rewrite the IP address coming from your home server a second time. This does work, but it's not very elegant, and as the ISP router only works with a single address, it will lead much quicker to port exhaustion when you have lots of client machines that open lots of connections to the internet.

The best way around that is if you can configure your ISP router to stop doing NAT (sometimes called "use router like a modem" or similar).

A working setup where your ISP router does the NAT and DHCP, but your home server only does the firewalling will be difficult.

dirkt

Posted 2019-08-22T02:37:37.040

Reputation: 11 627

Asked: 2019-08-22T02:37:37.040

Viewed: 42 times

Active: 2019-08-23T04:47:45.230