Table of contents
To enable router functionality on vanilla Ubuntu, the kernel has to be compiled with several NETFILTER/IPTABLES/NAT features. This page shows instructions for the 4.4.8 kernel, but the same steps apply for the 4.4.52 version as well. For the mainline kernel, see section Mainline kernel.
First head to where you have downloaded your kernel when following Build from source - Kernel and fetch & rebase your repository to make sure you have the latest updates. Now set the necessary environment variables and create a default .config file using the default values from arch/$ARCH/configs/${PLATFORM}_defconfig (in this case from arch/arm64/configs/mvebu_v8_lsp_defconfig):
espressobin@buildserver:~/kernel/4.4.8$ export ARCH=arm64 espressobin@buildserver:~/kernel/4.4.8$ export CROSS_COMPILE=aarch64-linux-gnu- espressobin@buildserver:~/kernel/4.4.8$ make mvebu_v8_lsp_defconfig
There are two methods of enabling NETFILTER/IPTABLES/NAT options.
Downloading pre-configured .config file
.config file is located in the top of your kernel source tree and it contains kernel configuration. This file can be configured manually or via menuconfig, make xconfig, make XXX defconfig, make oldconfig and similar make XXXconfig targets in the Linux kernel.
The quickest method of achieving a .config file with afore-mentioned options enabled is to replace the file with a .config that has all these options already enabled. The .config files with NETFILTER/IPTABLES/NAT features enabled can be downloaded here:
Make sure to backup your existing .config file with:
espressobin@buildserver:~/kernel/4.4.8$ cp .config .config_old
before replacing it with the .config you have downloaded on the link above:
espressobin@buildserver:~/kernel/4.4.8$ cp /path_to_downloaded_config/ubuntu_config .config
Manually selecting the options via menuconfig
Instead of replacing .config files you can also launch make menuconfig where you will manually need to select needed options:
espressobin@buildserver:~/kernel/4.4.8$ make menuconfig
Here we will search for (open search prompt by typing / and search string under Symbol) and select the following options:
- 1) NETFILTER
Symbol: NETFILTER
Type : boolean
Prompt: Network packet filtering framework
Location:
-> Networking support (NET [=y])
(1) -> Networking options
Defined at net/Kconfig:109
Depends on: NET [=y]
By hitting the number on the left side of the option (in this case (1)) we are redirected to the location of this option:
[TRUNCATED]
[ ] Timestamping in PHY devices
[*] Network packet filtering framework (Netfilter) --->
< > The DCCP Protocol ----
[TRUNCATED]
Hit Space to select the highlighted package (the option will be built-in when * is shown beside it). Use this method to select all options below.
- 2) IP_NF_IPTABLES
Symbol: IP_NF_IPTABLES [=y]
Type : tristate
Prompt: IP tables support (required for filtering/masq/NAT)
Location:
-> Networking support (NET [=y])
-> Networking options
-> Network packet filtering framework (Netfilter) (NETFILTER [=y])
(1) -> IP: Netfilter Configuration
Defined at net/ipv4/netfilter/Kconfig:177
Depends on: NET [=y] && INET [=y] && NETFILTER [=y]
Selects: NETFILTER_XTABLES [=y]
- 3) NF_CONNTRACK
Symbol: NF_CONNTRACK [=y]
Type : tristate
Prompt: Netfilter connection tracking support
Location:
-> Networking support (NET [=y])
-> Networking options
-> Network packet filtering framework (Netfilter) (NETFILTER [=y])
(1) -> Core Netfilter Configuration
Defined at net/netfilter/Kconfig:43
Depends on: NET [=y] && INET [=y] && NETFILTER [=y]
- 4) NF_CONNTRACK_IPV4
Symbol: NF_CONNTRACK_IPV4 [=y]
Type : tristate
Prompt: IPv4 connection tracking support (required for NAT)
Location:
-> Networking support (NET [=y])
-> Networking options
-> Network packet filtering framework (Netfilter) (NETFILTER [=y])
(1) -> IP: Netfilter Configuration
Defined at net/ipv4/netfilter/Kconfig:12
Depends on: NET [=y] && INET [=y] && NETFILTER [=y] && NF_CONNTRACK [=y]
Selects: NF_DEFRAG_IPV4 [=n]
- 5) NF_NAT_IPV4
Symbol: NF_NAT_IPV4 [=y] Type : tristate Prompt: IPv4 NAT Location: -> Networking support (NET [=y]) -> Networking options -> Network packet filtering framework (Netfilter) (NETFILTER [=y]) (1) -> IP: Netfilter Configuration Defined at net/ipv4/netfilter/Kconfig:98 Depends on: NET [=y] && INET [=y] && NETFILTER [=y] && NF_CONNTRACK_IPV4 [=y] Selects: NF_NAT [=y] Selected by: IP_NF_NAT [=y] && NET [=y] && INET [=y] && NETFILTER [=y] && IP_NF_IPTABLES [=y] && NF_CONNTRACK_IPV4 [=y]
- 6) NF_NAT_MASQUERADE_IPV4
Symbol: NF_NAT_MASQUERADE_IPV4 [=y]
Type : tristate
Prompt: IPv4 masquerade support
Location:
-> Networking support (NET [=y])
-> Networking options
-> Network packet filtering framework (Netfilter) (NETFILTER [=y])
-> IP: Netfilter Configuration
(1) -> IPv4 NAT (NF_NAT_IPV4 [=y])
Defined at net/ipv4/netfilter/Kconfig:119
Depends on: NET [=y] && INET [=y] && NETFILTER [=y] && NF_NAT_IPV4 [=y]
Selected by: NFT_MASQ_IPV4 [=n] && NET [=y] && INET [=y] && NETFILTER [=y] && NF_NAT_IPV4 [=y] && NF_TABLES_IPV4 [=n] && NFT_MASQ [=n] || IP_NF_TARGET_MASQUERADE [=y] && NET [=y] && INET [=y] && NETFILTER [=y] && IP_NF_IPTABLES [=y] && IP_NF_NAT [=y]
- 7) IP_NF_NAT
Symbol: IP_NF_NAT [=y]
Type : tristate
Prompt: iptables NAT support
Location:
-> Networking support (NET [=y])
-> Networking options
-> Network packet filtering framework (Netfilter) (NETFILTER [=y])
-> IP: Netfilter Configuration
(1) -> IP tables support (required for filtering/masq/NAT) (IP_NF_IPTABLES [=y])
Defined at net/ipv4/netfilter/Kconfig:267
Depends on: NET [=y] && INET [=y] && NETFILTER [=y] && IP_NF_IPTABLES [=y] && NF_CONNTRACK_IPV4 [=y]
Selects: NF_NAT [=y] && NF_NAT_IPV4 [=y] && NETFILTER_XT_NAT [=y]
- 8) IP_NF_TARGET_MASQUERADE
Symbol: IP_NF_TARGET_MASQUERADE [=y]
Type : tristate
Prompt: MASQUERADE target support
Location:
-> Networking support (NET [=y])
-> Networking options
-> Network packet filtering framework (Netfilter) (NETFILTER [=y])
-> IP: Netfilter Configuration
-> IP tables support (required for filtering/masq/NAT) (IP_NF_IPTABLES [=y])
(1) -> iptables NAT support (IP_NF_NAT [=y])
Defined at net/ipv4/netfilter/Kconfig:283
Depends on: NET [=y] && INET [=y] && NETFILTER [=y] && IP_NF_IPTABLES [=y] && IP_NF_NAT [=y]
Selects: NF_NAT_MASQUERADE_IPV4 [=y]
After all these options have been selected, save your configuration and exit the menuconfig. Now we can make a new kernel image using our newly made .config file:
espressobin@buildserver:~/kernel/4.4.8$ make -j4
Now we need to transfer the new kernel images to a microSD card or USB stick containing the desired Ubuntu file system (the same instructions apply for both 14.04 and 16.04 Ubuntu versions). Here we will use a microSD card, and mount it to /mnt/sdcard:
espressobin@buildserver:/$ sudo mount /dev/sdb1 /mnt/sdcard espressobin@buildserver:/$ cd /mnt/sdcard espressobin@buildserver:~/mnt/sdcard$ sudo cp /home/espressobin/kernel/4.4.8/arch/arm64/boot/Image boot/ espressobin@buildserver:~/mnt/sdcard$ sudo cp /home/espressobin/kernel/4.4.8/arch/arm64/boot/dts/marvell/armada-3720-community.dtb boot/
and boot from the SD card or USB stick as shown in Boot from MicroSD card/USB stick - Ubuntu.
Mainline kernel
To enable basic routing on Ubuntu powered by mainline kernel, at the top level directory of the kernel do:
make defconfig echo "CONFIG_ARM_ARMADA_37XX_CPUFREQ=y" >> .config echo "CONFIG_NET_DSA=y" >> .config echo "CONFIG_MTD_NAND_MARVELL=y" >> .config echo "CONFIG_NET_DSA_MV88E6XXX=y" >> .config echo "CONFIG_MARVELL_10G_PHY=m" >> .config echo "CONFIG_ARMADA_THERMAL=y" >> .config echo "CONFIG_RTC_DRV_ARMADA38X=y" >> .config echo "CONFIG_PHY_MVEBU_CP110_COMPHY=y" >> .config make olddefconfig
and then rebuild the image, device tree file and modules with:
make -j4 Image dtbs modules
Once the board has booted, follow the steps in the section below to configure routing.
Configuring routing in Ubuntu
Now that Ubuntu has booted successfully, we will first enable Internet connection in order to download packages necessary for routing. Connect one end of an Ethernet cable into the WAN port on ESPRESSObin and the other to your router. In the console issue:
root@localhost:~# ifconfig eth0 up root@localhost:~# dhclient wan
and install the necessary packages:
root@localhost:~# apt-get update root@localhost:~# apt-get install bridge-utils root@localhost:~# apt-get install samba root@localhost:~# apt-get install dnsmasq-base root@localhost:~# apt-get install iptables
Now connect another Ethernet cable by plugging one end into the LAN port on your ESPRESSObin and the other end to your laptop. To start routing, issue the following commands in the console:
brctl addbr br0 ifconfig eth0 0.0.0.0 up ifconfig wan 0.0.0.0 up ifconfig lan0 0.0.0.0 up ifconfig lan1 0.0.0.0 up brctl addif br0 lan0 brctl addif br0 lan1 ifconfig br0 192.168.22.1 /etc/init.d/smbd stop /etc/init.d/smbd start dnsmasq --interface=br0 --dhcp-range=br0,192.168.22.2,192.168.22.199,12h echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o wan -j MASQUERADE dhclient wan
or you can copy/paste these commands in a file (e.g. network.sh), save the file, make it executable and run the script:
root@localhost:~# vi network.sh #C/P commands and exit root@localhost:~# chmod +x network.sh root@localhost:~# ./network.sh
Your ESPRESSObin should now act as a gateway between your laptop and Internet. Check that everything is working, e.g. ping google:
root@localhost:~# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=49.7 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=56 time=49.1 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=56 time=51.5 ms ^C --- 8.8.8.8 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 49.105/50.133/51.528/1.038 ms
and ping your laptop:
root@localhost:~# ping 192.168.22.37 PING 192.168.22.37 (192.168.22.37) 56(84) bytes of data. 64 bytes from 192.168.22.37: icmp_seq=1 ttl=64 time=0.466 ms 64 bytes from 192.168.22.37: icmp_seq=2 ttl=64 time=0.541 ms 64 bytes from 192.168.22.37: icmp_seq=3 ttl=64 time=0.631 ms ^C --- 192.168.22.37 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1999ms rtt min/avg/max/mdev = 0.466/0.546/0.631/0.067 ms