NanoPI with steps:
Increase linux history
vi .bashrc
- for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=10000000
HISTFILESIZE=20000000
apt-get install avahi-daemon libnss-mdns avahi-autoipd
The following NEW packages will be installed:
avahi-daemon libavahi-common-data libavahi-common3 libavahi-core7 libdaemon0 libnss-mdns avahi-autoipd
apt-get update
apt-get disc-upgrade
apt install armbian-config
sshd_config:
UseDNS no
network/interfaces:
auto lan0
allow-hotplug lan0
iface lan0 inet static
address 10.0.0.1
netmask 255.255.255.0
network 10.0.0.0
broadcast 10.0.0.255
Disable ifupdown to avoid duplicated routes with different metrics:
#https://askubuntu.com/questions/239533/identical-default-gateway-with-different-metric-0-and-100-ubuntu-12-04-desktop
vi /etc/NetworkManager/NetworkManager.conf
[ifupdown]
managed=false
apt-get install isc-dhcp-server
vi /etc/default/isc-dhcp-server
- Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
- Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
- Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
DHCPDv4_PID=/var/run/dhcpd.pid
#DHCPDv6_PID=/var/run/dhcpd6.pid
- Additional options to start dhcpd with.
- Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
#OPTIONS=""
- On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
- Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACESv4="lan0"
INTERFACESv6=""
vi /etc/dhcp/dhcpd.conf
- option definitions common to all supported networks…
option domain-name "romerocauli.local";
option domain-name-servers 103.86.96.100, 103.86.99.100;
default-lease-time 86400;
max-lease-time 100000;
ddns-update-style none;
- No service will be given on this subnet, but declaring it helps the
- DHCP server to understand the network topology.
subnet 192.168.0.0 netmask 255.255.255.0 {
}
- A slightly different configuration for an internal subnet.
subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.3 10.0.0.30;
option domain-name-servers 103.86.96.100;
option domain-name "romerocauli.local";
option subnet-mask 255.255.255.0;
option routers 10.0.0.1;
option broadcast-address 10.0.0.255;
}
host nanopi-r2s {
hardware ethernet 96:62:ed:22:da:2d;
fixed-address 10.0.0.1;
}
host tv {
hardware ethernet 70:2a:d5:a7:eb:bc;
fixed-address 10.0.0.2;
}
Disable dhcp for IPv6
systemctl is-enabled isc-dhcp-server6.service
systemctl is-active isc-dhcp-server6.service
systemctl stop isc-dhcp-server6.service
systemctl disable isc-dhcp-server6.service
Disable ZeroConf 169.254.0.0
vi /etc/dhcp/dhclient-exit-hooks.d/rfc3442-classless-routes
RUN="no"
apt-get update
apt-get dist-upgrade
apt install armbian-config
apt-get install traceroute bwm-ng tcpdump ethtool iotop screen vim lynx elinks whois nmap
apt-get remove —purge dhcpcd5
Enable forwarding
vi /etc/sysctl.conf
#Enable routing
“net.ipv4.ip_forward=1”
#Disable ipv6:
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
sysctl -p
IGMP Iptables
apt-get install iptables
iptables -I INPUT -d 224.0.0.0/4 -j ACCEPT
iptables -I FORWARD -d 224.0.0.0/4 -j ACCEPT
https://zeroshell.org/forums/topic/igmp-proxy-for-iptv/
https://openwrt.org/docs/guide-user/network/wan/udp_multicast
https://forums.centos.org/viewtopic.php?t=8286
https://wiki.ipfire.org/addons/igmpproxy
https://wiki.alpinelinux.org/wiki/IPTV_How_To
iptables -A FORWARD -d 224.0.0.0/4 -i eth0 -o lan0 -j ACCEPT
iptables -A FORWARD -i eth0 -o lan0 -m state —state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
apt-get install igmpproxy
vi /etc/igmpproxy.conf
########################################################
#
- Example configuration file for the IgmpProxy
- --------——
#
- The configuration file must define one upstream
- interface, and one or more downstream interfaces.
#
- If multicast traffic originates outside the
- upstream subnet, the "altnet" option can be
- used in order to define legal multicast sources.
- (Se example…)
#
- The "quickleave" should be used to avoid saturation
- of the upstream link. The option should only
- be used if it's absolutely nessecary to
- accurately imitate just one Client.
#
########################################################
##----------—
## Enable Quickleave mode (Sends Leave instantly)
##----------—
quickleave
##----------—
## Configuration for eth0 (Upstream Interface)
##----------—
phyint eth0 upstream ratelimit 0 threshold 1
altnet 10.0.0.0/8
altnet 192.168.0.0/24
##----------—
## Configuration for eth1 (Downstream Interface)
##----------—
phyint lan0 downstream ratelimit 0 threshold 1
##----------—
## Configuration for eth2 (Disabled Interface)
##----------—
phyint eth2 disabled
armbian-config -> system -> cpu: 408000 - 1512000 - userspace
NORDVPN
Download nordvpn-release_1.0.0_all.deb
dpkg -i nordvpn-release_1.0.0_all.deb
apt-get update
apt-get install nordvpn
nordvpn login
nordvpn whitelist add subnet 192.168.0.0/24
nordvpn whitelist add subnet 10.0.0.0/24
nordvpn set cybersec on
nordvpn set technology NordLynx
Install the script in /usr/local/bin
Configure rc.local:
/usr/local/bin/manageVPN connect
Configure /etc/crontab:
#Check Firewall settings for the VPN
#* * * * * root /usr/local/bin/checkFW 2>&1 >/dev/null
#Check VPN interface
01,03,05,07,09,11,13,15,17,19,21,23,25,27,29,31,33,35,37,39,41,43,45,47,49,51,53,55,57,59 * * * * root /usr/local/bin/checkVPN 2>&1 >/dev/null
#Reboot if nothing else works
02,06,10,14,18,22,26,30,34,38,42,46,50,54,58 * * * * root /usr/local/bin/rebootOnNoPing 2>&1 >/dev/null
#* * * * * root /usr/bin/nordvpn d
Configure rsyslog
Enable debug
cat /etc/rsyslog.d/enableDebug.conf.disabled
*.* /var/log/all.log;RSYSLOG_DebugFormat
Remove debug nordvpn messages
cat /etc/rsyslog.d/00SuppressNordVPN.conf
:msg,contains,"Ephemeral:" stop
:msg,contains,"64 0 0 0" stop
Log dhcpd messages to a different log file
cat 00dhcpd.conf
:programname, isequal, "dhcpd" /var/log/dhcpd.log
:programname, isequal, "dhcpd" stop
cat /etc/logrotate.d/dhcpd
/var/log/dhcpd.log {
rotate 12
weekly
compress
missingok
notifempty
}
Add the igmptv table to rt_tables
root@nanopi-r2s:/usr/local/bin# cat /etc/iproute2/rt_tables
#
- reserved values
#
255 local
254 main
253 default
0 unspec
#
- local
#
#1 inr.ruhep
1 igmptv
Install PiHole
armbian-config -> software -> Softy -> PiHole. It automatically disables the local resolver.
────────────────────┤ Installation Complete! ├─────────────────────┐
│ │
│ Configure your devices to use the Pi-hole as their DNS server │
│ using: │
│ │
│ IPv4: 192.168.0.100 │
│ IPv6: Not Configured │
│ │
│ If you set a new IP address, you should restart the Pi. │
│ │
│ The install log is in /etc/pihole. │
│ │
│ View the web interface at http://pi.hole/admin or │
│ http://192.168.0.100/admin │
│ │
│ Your Admin Webpage login password is YourPassword │
│ │
│ <Ok>
?????
echo 2 > /proc/sys/net/ipv4/conf/lan0/force_igmp_version
echo 2 > /proc/sys/net/ipv4/conf/eth0/force_igmp_version
igmpproxy -d -vvvv /etc/igmpproxy.conf &
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -o lan0 -j MASQUERADE
iptables -I FORWARD -s 10.0.0.0/24 -d 224.0.0.0/4 -j ACCEPT
iptables -I FORWARD -s 192.168.0.0/24 -d 224.0.0.0/4 -j ACCEPT
iptables -I FORWARD -d 224.0.0.0/4 -j ACCEPT
iptables -I INPUT -d 224.0.0.0/4 -j ACCEPT
iptables -A INPUT -s 240.0.0.0/4 -j ACCEPT
Packages installed for igmpproxy 0.3:
automake autoconf autotools-dev libsigsegv2 m4
https://sites.google.com/site/miclinuxcorner/technology/multicast-routing
cat /proc/net/igmp
/proc/net/ip_mr_cache
- contains the active multicast routes
/proc/net/ip_mr_vif
- contains the 'virtual' interfaces used by the active multicast routing daemon
/proc/sys/net/ipv4/conf/<ifname>/force_igmp_version
- can be set to control what IGMP version the kernel should use on the upstream
interface. Ex.: 'echo 2 > /proc/sys/net/ipv4/conf/eth0/force_igmp_version' will
force the kernel to use IGMPv2 on eth0 (provided this is the upstream interface).
