Novena Dogfood Setup

Novena is now running, serving bunniefoo.com. This is what we had to do to configure it. The board is running Debian Jessie.

Network Setup
Install required packages:

apt-get install bridge-utils

Replace /etc/network/interfaces with the following:

auto br0 eth1 lo iface lo inet loopback iface eth1 inet static address 210.23.25.254 gateway 210.23.25.253 network 210.23.25.252 netmask 255.255.255.252 dns-nameserver 210.23.4.6 dns-nameserver 210.23.1.3 iface br0 inet static bridge_ports wlan0 eth0 address 10.0.49.1 network 10.0.49.0 netmask 255.255.255.0 up /sbin/ifconfig br0 up        down /sbin/ifconfig br0 down iface eth0 inet static iface wlan0 inet static

Add the following to /etc/resolv.conf:

nameserver 210.23.4.6 nameserver 210.23.1.3

Create a file called /etc/iptables.up.rules:

*raw :PREROUTING ACCEPT [7778:649264] :OUTPUT ACCEPT [8166:10358462] COMMIT *nat :PREROUTING ACCEPT [1139:92224] :INPUT ACCEPT [34:1862] :OUTPUT ACCEPT [3:428] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -j MASQUERADE COMMIT *mangle :PREROUTING ACCEPT [7778:649264] :INPUT ACCEPT [6457:408198] :FORWARD ACCEPT [1251:238839] :OUTPUT ACCEPT [8166:10358462] :POSTROUTING ACCEPT [9417:10597301] COMMIT *filter :INPUT ACCEPT [527:36345] :FORWARD ACCEPT [341:42451] :OUTPUT ACCEPT [614:811000] -A INPUT -p udp -m udp --dport 53 -j DROP -A FORWARD -i br0 -o eth1 -m conntrack --ctstate NEW -j ACCEPT -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT COMMIT
 * 1) Completed on Tue May 27 08:14:31 2014
 * 2) Generated by iptables-save v1.4.21 on Tue May 27 08:14:31 2014
 * 1) Completed on Tue May 27 08:14:31 2014
 * 2) Generated by iptables-save v1.4.21 on Tue May 27 08:14:31 2014
 * 1) Completed on Tue May 27 08:14:31 2014
 * 2) Generated by iptables-save v1.4.21 on Tue May 27 08:14:31 2014
 * 1) Completed on Tue May 27 08:14:31 2014

Create /etc/network/if-pre-up.d/iptables: /sbin/iptables-restore < /etc/iptables.up.rules
 * 1) !/bin/sh

Mark it as executable:

chmod a+x /etc/network/if-pre-up.d/iptables

Create /etc/sysctl.d/local.conf:

net.ipv4.ip_forward=1

DHCP server
Install ISC DHCP server:

apt-get install isc-dhcp-server

Edit /etc/default/isc-dhcp-server and set it to only start up on br0:

INTERFACES="br0"

Configure /etc/dhcp/dhcpd.conf:

ddns-update-style none; option domain-name "bunniefoo.com"; option domain-name-servers 210.23.4.6, 210.23.1.3; default-lease-time 600; max-lease-time 7200; authoritative; subnet 10.0.49.0 netmask 255.255.255.0 { range 10.0.49.100 10.0.49.200; option routers 10.0.49.1; }

Wifi Host
Install hostapd:

apt-get install hostapd

Add the configuration file /etc/hostapd/hostapd.conf:

interface=wlan0 bridge=br0 driver=nl80211 country_code=SG channel=2 ssid=bunniefoo wpa_passphrase=xxx hw_mode=g ieee80211n=1 wmm_enabled=1 ht_capab=[HT40][SHORT-GI-40][RX-STBC1] wpa=2 wpa_key_mgmt=WPA-PSK rsn_pairwise=CCMP auth_algs=3 macaddr_acl=0 ignore_broadcast_ssid=0 eapol_key_index_workaround=0
 * 1) These four, combined, enable 802.11n
 * 1) Static WPA2 key configuration
 * 2) 1=wpa1, 2=wpa2, 3=both
 * 1) Encrypton
 * 1) Needed for Windows clients

Enable it by setting the config file in /etc/default/hostapd:

DAEMON_CONF="/etc/hostapd/hostapd.conf"