Hey, I have been building a DIY router on NanoPi R5C with Debian 11 and I cannot figure out why DNS / DHCP refuses to work. Currently on testing I get Internet out of it if I assign IP address as a static and DNS to 1.1.1.1. However changing DNS to router IP doesn't work. I will post my config below.
nano /etc/network/interfaces
---
#WAN
auto eth0
iface eth0 inet dhcp
#LAN
auto eth1
iface eth1 inet static
address 192.168.99.1
netmask 255.255.255.0
#WLAN
auto wlan0
iface wlan0 inet static
address 192.168.99.1
netmask 255.255.255.0
---
systemctl disable NetworkManager
systemctl restart networking.service
nano /etc/hostapd/hostapd.conf
---
interface=wlan0
ssid=$NAME
hw_mode=g
channel=6
wpa=2
wpa_passphrase=$PASSWORD
---
nano /etc/sysctl.conf -> uncomment net.ipv4.ip_forward=1
nano /etc/dnsmasq.conf
---
domain-needed
bogus-priv
no-resolv
server=1.1.1.1
server=1.0.0.1
interface=eth1
interface=wlan0
dhcp-range=192.168.99.50,192.168.99.99,12h
---
apt install iptables-persistent
systemctl restart networking.service
systemctl start hostapd.service
systemctl start dnsmasq.service
---
iptables config:
# Clear all existing rules and set default policies to DROP
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# Setup NAT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE --random
# Allow traffic from internal to external
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
# Allow returning traffic from external to internal
iptables -A FORWARD -i eth0 -o eth1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o wlan0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# Drop all other traffic that shouldn't be forwarded
iptables -A FORWARD -j DROP
# Save the rules to persist after a reboot
iptables-save > /etc/iptables/rules.v4
I will happily provide more information if needed. Thanks in advance for help!
nano /etc/network/interfaces
---
#WAN
auto eth0
iface eth0 inet dhcp
#LAN
auto eth1
iface eth1 inet static
address 192.168.99.1
netmask 255.255.255.0
#WLAN
auto wlan0
iface wlan0 inet static
address 192.168.99.1
netmask 255.255.255.0
---
systemctl disable NetworkManager
systemctl restart networking.service
nano /etc/hostapd/hostapd.conf
---
interface=wlan0
ssid=$NAME
hw_mode=g
channel=6
wpa=2
wpa_passphrase=$PASSWORD
---
nano /etc/sysctl.conf -> uncomment net.ipv4.ip_forward=1
nano /etc/dnsmasq.conf
---
domain-needed
bogus-priv
no-resolv
server=1.1.1.1
server=1.0.0.1
interface=eth1
interface=wlan0
dhcp-range=192.168.99.50,192.168.99.99,12h
---
apt install iptables-persistent
systemctl restart networking.service
systemctl start hostapd.service
systemctl start dnsmasq.service
---
iptables config:
# Clear all existing rules and set default policies to DROP
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# Setup NAT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE --random
# Allow traffic from internal to external
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
# Allow returning traffic from external to internal
iptables -A FORWARD -i eth0 -o eth1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o wlan0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# Drop all other traffic that shouldn't be forwarded
iptables -A FORWARD -j DROP
# Save the rules to persist after a reboot
iptables-save > /etc/iptables/rules.v4
I will happily provide more information if needed. Thanks in advance for help!
Last edited:
