LibrePlanet Workstation Network Configuration

LibrePlanet 2024

It's 2024 and LibrePlanet is being held at the Wentworth Institute of Technology, Boston, MA. Due to video bandwidth we asked for a wired network drop in each room. They provided it with the request that we only connect it to one workstation. Don't connect it to a switch or router. I assume this is due to previous bad experiences with people connecting a router with an active DHCP server and thereby breaking their network. Their tech team there is wonderful by the way! We wanted to help them out as much as they have helped us out. But we needed at least three systems and sometimes four connected to the network.

Systems

There are several machines needed to host the online conference.

  • a D16 in deskside case doing most of the heavy lifting work running OBS
  • a laptop on the podium displaying the presenter's slides
  • a room monitor laptop for IRC
  • optionally another laptop

The D16 deskside and the IRC monitor need Internet access. The presenter laptop does not need any access and it is desirable to keep it isolated.

Network Design

We decided we would connect the D16's primary NIC to the room's one provided ethernet wire to the Internet WAN. Then we would connect the laptops and the D16's secondary NIC to a switch creating an isolated LAN. The D16 will be configured as a router.

No DHCP server is present. This prevents any possibility of accidentally having a DHCP server escape to the site network and breaking things there. It is certainly possible to configure a DHCP server for use on the LAN and keep it isolated if that is desired though. It was decided that it was simple enough to configure each of the laptops with a static IP address for this event. This does require that every podium laptop get a static IP assignment. We did that and labeled each machine with the IP address on a piece of gaffer tape for easy access from the D16. It was decided to use the traditional "ifupdown" configuration for these systems as everyone was very familiar with it.

The D16's primary NIC is configured for DHCP in the typical configuration. At this time later documenting this I don't remember if there was a firewall configured on the primary interface or not. I do not recall now. I think not however.

The D16's secondary NIC is configured for a static IP address and as a router for it. The secondary NIC device name was "ens10" on the systems. I wanted to include all of the configuration in one place in the one network "interfaces" file. I arbitrarily chose "182" as a subnet unlikely to collide with the site subnet and 182 is an easy number for me to remember. (A Cessna C-182 is an airplane.)

The interfaces file supports "UP" and "DOWN" action to be invoked when the interface is brought up and down. This supported adding iptables commands to set up NAT routing for the subnet.

Here is the "interfaces" file configuration as we used it.

$ cat /etc/network/interfaces
auto ens10
iface ens10 inet static
    address 192.168.182.1/24
    up sysctl -w net.ipv4.ip_forward=1
    up iptables -A FORWARD -j ACCEPT
    up iptables -t nat -s 192.168.182.0/24 -A POSTROUTING -j MASQUERADE
    down iptables -t nat -F
    down iptables -t nat -X

This worked well. When the interface is brought up the iptables UP commands set up the LAN routing for NAT. When the interface is brought down the iptables DOWN commands de-configure and clean up from the same setup. LAN devices do not need any firewall as the NAT routing setup acts as a defacto firewall.

That's it. One file with everything in one place. I can't resist saying that I was rather pleased with the simplicity of this configuration.