Skip to content

2. Router based on Alpine Linux

In this section, we propose a way to configure a Router and its networks. We will assign the IP address 192.168.88.2/24 to this router (so it does not interfere with the 1st practice, in case it has been done), allowing both routers to work on the same network.

Create a generic Alpine Linux base template

To create the desktop, we need the Alpine ISO. You can find it on its official website: https://dl-cdn.alpinelinux.org/

How to install and create a virtual machine with Alpine?

You can follow this guide to create an Alpine desktop in IsardVDI: Alpine Installation

After following all the steps to install Alpine in Isard VDI, we can start configuring it as a Router.

In this case, since it is a desktop that we want to function as a Router, edit the virtual machine with these characteristics:

  • vCPUs: 1
  • Memory (GB): 0.5 GB
  • Boot: Hard disk
  • Networks:
    • eth0: Default (Internet output)
    • eth1: WireGuardVPN
    • eth2: Personal1

The goal is to prepare a script to set up Firewall rules, routes, and actions we want to perform when the router starts.

Create an initial script: 

touch /usr/local/bin/startup_script.sh
chmod u+x /usr/local/bin/startup_script.sh

The script content can be: 

#!/bin/bash
ip address show >> /tmp/log_ip.txt

Create the service file: 

touch /etc/init.d/router
chmod u+x /etc/init.d/router

The service file should contain: 

#!/sbin/openrc-run

depend() {
    after sshd
}

start() {
    ebegin "router starting"
    /usr/local/bin/startup_script.sh
    eend $?
}

Enable the service: 

rc-update add router default

Enable the forwarding bit: 

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

You can check if it is active after a reboot (system restart) by looking at the following file: 

cat /proc/sys/net/ipv4/ip_forward

Install the necessary packages for network functions: 

apk add iptables iproute2 dnsmasq bash

  • Now that we have the necessary packages and a Router base, edit the script /usr/local/bin/startup_script.sh and add the following content:
#!/bin/bash

# CONFIGURE VPN IP FOR USER ISARD
# Manually adding the route, since udhcpc does not configure it by default.
ip link set eth1 name vpnisard
ip link set vpnisard up
udhcpc -i vpnisard
ip route add 10.0.0.0/14 via 10.2.0.1

# CONFIGURE LAN1 IP
ip link set eth2 name lan1
ip link set lan1 up
ip address add 192.168.88.2/24 dev lan1

# DHCP SERVER
# Create configuration file
cat <<'EOF' > /etc/dnsmasq_router.conf
interface=lan1
dhcp-range=192.168.88.20,192.168.88.99,255.255.255.0,24h
dhcp-option=3,192.168.88.2
dhcp-option=6,8.8.8.8,1.1.1.1
EOF
# Start the dnsmasq server
dnsmasq --conf-file=/etc/dnsmasq_router.conf

# NAT MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

To check, restart the desktop, make sure the boot messages do not show an error, and that what was programmed in the script has been applied correctly.

Once verified that everything works properly, using another desktop as a client, check that it obtains an IP, Internet access, and DNS resolution... Create a template named router-Alpine.