Updated on 1/2999999999/2025
To turn a Raspberry Pi 5B into a router, I followed the excellent article: Setting up a Linux Server as a Router [1] . Also, helpful was Set Static IP Address [2]
Internet
|
__|__
WAN | | ISP Router
----------------------------------------------------
| 104.97.193.169 |
| |
| DHCP Server |
| _____________/ \____ |
| Ethernet Switch WiFi |
----------------------------------------------------
LAN | | | | | |
________________ _____
192.168.1.1
Figure 1. Typical Compbinational Router.
Figure 1 depicts a typical combinational router that included Wifi.
It has one wide area network (WAN), ethernet (RJ45), interface that faces the internet. Its ip address is controlled by your ISP.
It has three or more downstream ethernet (RJ45) interfaces and a wireless interface. These are your local area network (LAN). All of the LAN interfaces are connected to an ethernet switch. They all share a single default ip address that can be changed by the user. However, the address should be in one of the three ranges that are reserved for private LAN use.
The router may also include a modulater/demodulater (MODEM) for converting fiber, cable or other electrical signals to ethernet.
Coming Soon - Dynamic Host Configuration Protocol (DHCP) - Dynamic and Static Addresses
Coming Soon - Network Address Translation NAT
The article assumes that the Linux computer has 3 Ethernet interfaces, eth0, eth1, and eth2. It also assumes that eth0 has already been assigned an ip address from an upstream router. The author assigns ip address 192.168.200.254 to eth1 and ip address 192.168.100.254 to eth2. To the downstream interfaces, he attaches two host, and he assigns the ip addresses 192.168.100.10 and 192.168.200.15.
Internet
|
----------------
| 104.97.193.169 |
| ISP Router |
| 192.168.37.1 |
----------------
|
---------------
| Ether Switch |
--------------
| Linux Router
----------------------------------------------------------
| 192.168.37.58 |
| DHCP Server |
| WiFi |
| 192.168.100.254 192.168.200.254 192.168.37.59 |
----------------------------------------------------------
| |
-------------- --------------
| Ether Switch | | Ether Switch |
-------------- --------------
| |
---------------- ----------------
| 192.168.100.10 | | 192.168.200.15 |
---------------- ----------------
This router is different than the typical home router. It does not have a built-in ethernet switch. Each of the three downstream interfaces has its own ip address. This allows you to have up to three subnets.
The disadvantage is that if you have more than one host connected to an ethernet subnet then you will have to add an eternal ethernet swtich.
The computer that I wanted to turn into a router was a Raspberry Pi 5B. The Rasoberry Pi 5B only has one built-in ethernet interface. For the 2nd and 3th interfaces, I used Plugable USB/Ethernet Adapters. To avoid the problem of which was assigned eth2 and eth3, I enabled predictable interface naming. "eth0" became "end0" and the other two interfaces became "enx" followed by their 12-digit mac addresses.
I used the built-in ethernet interface for the upstream interface to the ISP router and the two USB/Ethernet adapters for the downstream interfaces.
Internet
|
------------
| ISP Router |
------------
| Raspberry Pi 5B
----------------------------------------------------------
| end0 |
| |
| USB 3.0 USB 3.0 |
----------------------------------------------------------
| |
-------------- --------------
| USB/Ethernet | | USB Ethernet |
| Adapter | | Adpter |
-------------- --------------
| |
---------------- ----------------
| 1st Downstream | | 2nd Downstream |
| Host | | Host |
---------------- ----------------
After assigning ip addresses and combining the USB and Ethernet blocks:
Internet
|
--------------
| ISP Router |
| 192.168.37.1 |
--------------
| Raspberry Pi 5B
----------------------------------------------------------
| end0 |
| 192.168.37.58 |
| |
| 192.168.100.254 192.168.200.254 |
| enx8cae4cddf0f1 enx8cae4cdddeec |
----------------------------------------------------------
| |
---------------- ----------------
| Host | | Host |
| 192.168.100.10 | | 192.168.200.15 |
---------------- ----------------
How the addresses and routes are assigned depends on which network manager you are using.
On Oct 11,2023, the NetworkManager became the new default network manager for the Raspberry Pi OS. It's major advance is that it has a built-in DHCP Server. It also has a GUI. However, in this case, you will probably spend more time trying to get the GUI to do what you want to than it is worth. My advice is to the NetworkManager command line interface, nmcli.
You can also use the older systemd-networkd network manager, but since Nov 2024 the Raspberry Pi OS has quit installing by default two the packages it requires.
Another alternative is to use the built-in ip commands and to place them in a script file that is called by crontab at boot. Conceptionally, this or the nmcli are the most straight forward.
In this article, all four methods will be used:
The disadvantage of the systemd-networkd and the script ip commands is that you will need to install a separate DHCP server. However, if there are only a few downstream hosts, you can just assign them static ip addresses. Only the latter will be done in this article.
To use the non-NetworkManger methods, you either have to disable the NetworkManger or keep it from managing the ethernet interfaces that will be managed by other means. You can have more than one network manager running at the same time as long as they do not try to manage the same interface.
Disabling the NetworkManager has the disadvantage of removing the following icons and their functionality from the top-right task bar.
To keep the NetworkManager from managing the three ehternet interfaces,
add the following to
/etc/NetworkManager/NetworkManager.conf:
[main]
plugins=keyfile
[keyfile]
unmanaged-devices=interface-name:end0, interface-name:enx8cae4cddf0f1, interface-name:enx8cae4cdddeec
In lieu of interface-name, you can also use mac addresses:
unmanaged-devices=interface-name:end0, mac:8c:ae:4c:dd:f0:f1, mac:8c:ae:4c:dd:de:ec
In my case, under [main] plugins, there was already a keyfile entry so I only had to add the last two lines.
This leaves the NetworkManager managing on the wireless interface.
Another thing that is necessary with the non-NetworkManager methods is to enable packet forwarding; otherwise, if the packet is not addressed to the host, it will simply drop it. Also, since this is a LAN, you don't need the complications associated with IPv6 address. To do both, add the following to the end of /etc/sysctrl.conf:
net.ipv4.ip_forward = 1
net.ipv6.conf.end0.disable_ipv6 = 1
net.ipv6.conf.enx8cae4cddf0f1.disable_ipv6 = 1
net.ipv6.conf.enx8cae4cdddeec.disable_ipv6 = 1
To reinstall the two packages for systemd-networkd that the Raspberry Pi OS no longer installs by default:
sudo apt install ifupdown, resolvconf
To enable it at boot:
sudo systemctl enable systemd-networkd
The ISP router can automatically assign an ip address, gateway, and dns server to end0, or you can manually assign a static ip address, gateway and dns server. For this article, I decided to assign them manually.
Systemd-networkd allows you to specify them for multiple interfaces in the configuration file /etc/network/interfaces or you can specify them in multiple files at: /etc/network/interface.d. I chose to put everything in /etc/network/interfaces:
cd /etc/network
sudo vi interfaces
# end0
auto end0
iface end0 inet static
address 192.168.37.58/24
gateway 192.168.37.1
dns 192.168.37.1
# --------------------------------
# enx8cae4cddf0f1
auto enx8cae4cddf0f1
iface enx8cae4cddf0f1 inet static
address 192.168.100.254/24
# --------------------------------
# enx8cae4cdddeec
auto enx8cae4cdddeec
iface enx8cae4cdddeec inet static
address 192.168.200.254/24
Note that the two downstream interfaces are not assigned a gateway or dns server.
|
--------------
| 192.168.37.1 |
| ISP Router |
--------------
|
-----------------------------------------------------------------------------
| end0 |
| 192.168.37.58 |
| |
| auto end0 auto enx8cae4cddf0f1 auto enx8cae4cdddeec |
| iface endo inet static iface enx8cae4cddf0f1\ iface enx8cae4cdddeec\ |
| address 192.168.37.59 inet static inet static |
| netmask 255.255.255.0 address 192.168.100.254 address 192.168.200.254 |
| gateway 192.168.37.1 netmask 255.255.255.0 netmask 255.255.255.0 |
| dns 192.168.37.1 |
| 192.168.100.254 192.168.200.254 |
| enx8cae4cddf0f1 enx8cae4cdddeec |
-----------------------------------------------------------------------------
| |
| |
--------------------- ---------------------
| Host 1 | | Host 2 |
| 192.168.100.10 | | 192.168.200.15 |
--------------------- ---------------------
The outout of the "route" command was:
Whether it is a router or not, all hosts have a routing table. When you assign ip address, gateways, and dns servers, those entries are put into the host's routing table.
There are two ways to display the routing table: the command "route", which is nicely formatted, and "ip route", which includes more information.
The output of the command "route" was:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.37.1 0.0.0.0 UG 0 0 0 end0
192.168.37.0 0.0.0.0 255.255.255.0 U 0 0 0 end0
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 enx8cae4cddf0f1
192.168.200.0 0.0.0.0 255.255.255.0 U 0 0 0 enx8cae4cdddeec
The output of the "ip route" command was:
default via 192.168.37.1 dev end0 onlink
192.168.37.0/24 dev end0 proto kernel scope link src 192.168.37.56
192.168.100.0/24 dev enx8cae4cddf0f1 proto kernel scope link src 192.168.100.254
192.168.200.0/24 dev enx8cae4cdddeec proto kernel scope link src 192.168.200.254
If the downstream interfaces had been assigned a gateway, there would be a second default route in the table for the Linux Router. If the metric of the second default route was less than the first then the default path would be one of the downstream interfaces. This would result in no access to a dns server and/or the internet.
I did not assign a metric to any of the routes. To add the line metric follow by a number. The smaller the number the higher the prioroity. As shown in the table above if you do not specify a matric it uses 0.
When a packet passed from behind the router through end0, its local address is removed from the packet and replaced with the router's address (in this case 192.168.37.58). This is known as masquerading and Network Address Translation (NAT). Using Network Filter Table (nft), all it takes is one instruction. Place the followng in a file and call it from Crontab @reboot:
#!/usr/bin/nft -f
table inet router {
chain postrouting {
type nat hook postrouting priority filter; policy accept;
masquerade
}
}
I named my file /etc/router.nft and placed it in the etc directory.
All nft commands require root privilege so it needs to be called from the root's crontab. To do this:
sudo crontab -e
If this is your first time to use crontab, you will be prompted to select an editor.
Add the following line at the end followed by a newline:
@reboot /usr/bin/nft -f /etc/rounter.nft
You must use he full path, /usr/bin/nft, to call nft, and you have to use the full path for /etc/router.nft.
If you are using a distro other than the Raspberry Pi OS or Debian, you may need to use the whichis command to find the location of nft.
Finally, there needs to be a newline character at the end of crontab.
This is a mininum nft table. If the router were directly facing the Internet, for security purposes, you would need to filter or block all incoming packages except those that were responses or related to requests from hosts behind the router.
As you will see in the the NetworkManager section, it will automatically produce a more sophisticated nft table. you can substitute it for my minimal table.
To the 1st downstream host, I added:
cd /etc/network/interfaces.d/
sudo vi end0
auto end0
iface end0 inet static
address 192.168.100.10/24
gateway 192.168.100.254
dns 192.168.37.1
To the 2nd downstream host, I added:
cd /etc/network/interfaces.d/
sudo vi end0
auto end0
iface end0 inet static
address 192.168.200.15/24
gateway 192.168.200.254
dns 192.168.37.1
|
--------------
| 192.168.37.1 |
| ISP Router |
--------------
|
-----------------------------------------------------------------------------
| end0 |
| 192.168.37.58 |
| |
| auto end0 auto enx8cae4cddf0f1 auto enx8cae4cdddeec |
| iface endo inet static iface enx8cae4cddf0f1\ iface enx8cae4cdddeec\ |
| address 192.168.37.59 inet static inet static |
| netmask 255.255.255.0 address 192.168.100.254 address 192.168.200.254 |
| gateway 192.168.37.1 netmask 255.255.255.0 netmask 255.255.255.0 |
| dns 192.168.37.1 |
| 192.168.100.254 192.168.200.254 |
| enx8cae4cddf0f1 enx8cae4cdddeec |
-----------------------------------------------------------------------------
| |
| |
------------------------- -------------------------
| end0 | | end0 |
| 192.168.100.10 | | 192.168.200.15 |
| | | |
| auto end0 | | audo end0 |
| iface end0 inet static | | iface end0 inet static |
| address 192.168.100.10 | | address 192.168.200.15 |
| netmask 255.255.255.0 | | netmask 255.255.255.0 |
| gateway 192.168.100.254 | | gateway 192.168.200.254 |
| dns 192.168.37.1 | | dns 192.168.37.1 |
------------------------- -------------------------
You should now be able to access the Internet from one of the hosts behind the new router.
Before assigning ip addresses, you need to keep the NetworkManager from managing these interfaces, and you need to enable forwarding and disable IPv6 addresses. See the previous section.
Put the following code in a script file (/etc/ip_static.sh), and call it from crontab @reboot:
#!/bin/bash
sleep 2s
ip link set dev end0 up
ip address add 192.168.37.58/24 brd + dev end0
ip route add 192.168.37.0/24 dev end0
ip route add default via 192.168.37.1 dev end0
#
ip link set dev enx8cae4cddf0f1 up
ip address add 192.168.100.254/24 brd + dev enx8cae4cddf0f1
ip route add 192.168.100.0/24 dev enx8cae4cddf0f1
#
ip link set dev enx8cae4cdddeec up
ip address add 192.168.200.254/24 brd + dev enx8cae4cdddeec
ip route add 192.168.200.0/24 dev enx8cae4cdddeec
The output of the "route" command was:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.37.1 0.0.0.0 UG 0 0 0 end0
192.168.37.0 0.0.0.0 255.255.255.0 U 0 0 0 end0
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 enx8cae4cddf0f1
192.168.200.0 0.0.0.0 255.255.255.0 U 0 0 0 enx8cae4cdddeec
Note that the metric is 0 for all routes.
The output of the "ip route" command was:
default via 192.168.37.1 dev end0
192.168.37.0/24 dev end0 proto kernel scope link src 192.168.37.58
192.168.100.0/24 dev enx8cae4cddf0f1 proto kernel scope link src 192.168.100.254
192.168.200.0/24 dev enx8cae4cdddeec proto kernel scope link src 192.168.200.254
Note the "ip route" command does not list the metrics.
To add metric just add it to the end of your ip route add statement. for example:
ip route add default via 192.168.37.1 dev end0 metric 201
If you forgot to add a metric, you pretty have to retype everything:
ip route replace default via 192.168.37.1 dev end0 metric 201
The NetworkManger normally overwrites what is in /etc/resolv.conf. To get to get around this:
sudo apt install resolvconf
then add your name server at the end of /etc/resolvconf/resolv.conf.d/head.
In my case, I added:
nameserver 192.168.37.1
upon rebooting, everything that is in head file will be written to /etc/resolv.conf. The message in the comments of the head file about do not modify this file by hand - it will be overwritten, is actually for the /etc/resolv.conf file.
Add the same one instruction nft table that we did in the last section and called it the same way.
Again, I used a script file (ip_static_host.sh) and called it from crontab @reboot. My script file for 192.168.100.10 is:
#!/bin/bash
sleep 5s
ip link set dev eth0 up
ip address add 192.168.100.10/24 brd + dev eth0
ip route add 192.168.100.254 dev eth0
ip route add default via 192.168.37.1 dev eth0
My script file for 192.168.200.15 is:
#!/bin/bash
sleep 5s
ip link set dev eth0 up
ip address add 192.168.200.15/24 brd + dev eth0
ip route add 192.168.200.254 dev eth0
ip route add default via 192.168.37.1 dev eth0
References:
From the time that I implement the above with systemd-networkd and the time I decided to implement it with NetworkManager, I changed my policy on letting my Apple router assign static ip addresses for my Raspberry Pi 5's. I am currently doing this manually, which results in code for setting up all the static ip addresses. Well, I am not really writing code, I am using the NetworkManager's GUI.
Also for this implementation, I decided to enable predictable names for the network interfaces. Eth0 is now end0, and eth1 is now enx8cae4cdddeec, where "8cae4cdddeec" is the mac address of the USB/Ethernet adapter.
Upstream Rounter
|
|
------------------------------------------------------------------------------
| end0 |
| 192.168.37.58 |
| |
| Medthod: Manual Method: Manual Method: Sharing |
| Address: 192.168.37.58 Address: 192.168.37.254 Address: 192.168.200.254 |
| Netmask: 255.255.255.0 Netmask: 255.255.255.0 Netmask: 255.255.255.0 |
| Gateway: 192.168.37.1 Gateway: Leave Blank !!! Gateway: Leave Blank !!! |
| DNS: 192.168.37.1 Grayed Out DNS: Grayed Out |
| |
| 192.168.100.254 192.168.200.254 |
| enx8cae4cddf0f1 enx8cae4cdddeec |
------------------------------------------------------------------------------
| USB/Ethernet | USB/Ethernet
| |
-------------------------- --------------------------
| end0 | | end0 |
| 192.168.100.10 | | 192.168.200.15 |
| | | |
| Method: Manual | | Method: Manual |
| Address: 192.168.100.10 | | Address: 192.168.200.15 |
| Netmask: 255.255.255.0 | | Netmask: 255.255.255.0 |
| Gateway: 192.168.100.254 | | Gateway: 192.168.200.254 |
| DNS : 192.168.37.1 | | DNS : 192.168.37.1 |
--------------------------- --------------------------
If you manually set the ip address of end0 and/or eth0 (which I did here), you have to make a manual dns entry when you set up the interface. Either a dns server or an upstream rounter. I chose the next upstream router.
The output of the "route" comand was:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.37.1 0.0.0.0 UG 102 0 0 end0
192.168.37.0 0.0.0.0 255.255.255.0 U 102 0 0 end0
192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 enx8cae4cddf0f1
192.168.200.0 0.0.0.0 255.255.255.0 U 101 0 0 enx8cae4cdddeec
The output of the "ip route" command was:
default via 192.168.37.1 dev end0 proto static metric 102
192.168.37.0/24 dev end0 proto kernel scope link src 192.168.37.58 metric 102
192.168.100.0/24 dev enx8cae4cddf0f1 proto kernel scope link src 192.168.100.254 metric 100
192.168.200.0/24 dev enx8cae4cdddeec proto kernel scope link src 192.168.200.254 metric 101
Note that "default" has the highest metric, which means it has lowest priority. Therefore, you must leave the gateways for enx8cae4cddf0f1 and enx8cae4cdddeec blank. If you make an entry for either, a new "default" gateway that has a higher priority than end0 will be added to the routing table. This will result in the router not having access to the Internet. Needless to say, if the router does not have access to the internet neither do the downstream host. When I was first learning about networks, this cause me lots of problems.
The Network Manager automaticaly generated and inserted the following two nft tables:
table ip nm-shared-enx8cae4cdddeec {
chain nat_postrouting {
type nat hook postrouting priority srcnat; policy accept;
ip saddr 192.168.200.0/24 ip daddr != 192.168.200.0/24 masquerade
}
chain filter_forward {
type filter hook forward priority filter; policy accept;
ip daddr 192.168.200.0/24 oifname "enx8cae4cdddeec" ct state { established, related } accept
ip saddr 192.168.200.0/24 iifname "enx8cae4cdddeec" accept
iifname "enx8cae4cdddeec" oifname "enx8cae4cdddeec" accept
iifname "enx8cae4cdddeec" reject
oifname "enx8cae4cdddeec" reject
}
}
table ip nm-shared-enx8cae4cddf0f1 {
chain nat_postrouting {
type nat hook postrouting priority srcnat; policy accept;
ip saddr 192.168.100.0/24 ip daddr != 192.168.100.0/24 masquerade
}
chain filter_forward {
type filter hook forward priority filter; policy accept;
ip daddr 192.168.100.0/24 oifname "enx8cae4cddf0f1" ct state { established, related } accept
ip saddr 192.168.100.0/24 iifname "enx8cae4cddf0f1" accept
iifname "enx8cae4cddf0f1" oifname "enx8cae4cddf0f1" accept
iifname "enx8cae4cddf0f1" reject
oifname "enx8cae4cddf0f1" reject
}
}
The NetwokManager also has a built-in DHCP server that can assign ip addresses to downstream host. Thus, if you do not care what the ip addresses of the hosts behind the router are, the NetworkManager's DHCP server will assign one.
If you unplug one of the cables to the downstream host, it will remove that host's entry in the routing table. Similarly, it will remove that host's nft table from the nft ruleset.
If you plug the cable back in, a new entry in the routing table will be added, and it will be assigned a metric one number higher than the last metric that was assigned. Similarly, a new nft table will be added to the nft ruleset.
Rather than physically unplug a cable, you can accomplish the same thing with the command:
nmcli connection down "profile_name"
Change the word "down" to "up" to bring the interface back up.
Before, I understood that should leave the gateways blank for the sharing interfaces, I had a workaround that called a script from contab @reboot. The script brought the sharing interfaces down and back up. This would change the metrics of the sharing interfaces so that the end0 nterface had the lowest metric (highest priority).
Another workaround that I had, changed the metric of the end0 interface to 99:
nmcli connection modify 'Wired Connection 1' ipV4.route-metric 99
The NetworkManager starts ethernet interfaces at a metric of 100 and wireless interfaces at a metric of 600.
The above command adds a line, with the specifed metric, to the profile file, "/etc/NetworkManager/system-connections/Wired Connection 1", so the change is persitent after a reboot.
Back to subject at hand, if you specify a dns server, the NetworkManager will modify the /ect/resolv.conf file. It does this in real or near time. To see this, set up manually an ethernet interface without any dns server, then set up manually a wireless interface with a dns server. cat /etc/resolv.conf then cut off or disable the wireless radio.
The NetworkManager does a lot of thing under the hood:
Whether this is good or bad depends on your point of view. You are giving up control for supposedly easy of use.
I suspect that I wil want to modify the nft tables. The best way to do this may be to just use the manual mode instead of the shared mode, and call my modified nft tables from crontab @reboot.
The NetworkManager command line (nmcli) can do eveyting the GUI can do and more.
nmcli code Comming Soon
The statements below are from the main article, and I need to investigate this further.
"IP aliasing in Linux allows assigning multiple IP addresses to a single network interface. To add these IP addresses, we can use the nmtui command-line tool. We can utilize it to host multiple services or network configurations on one physical interface."
"By creating virtual interfaces with unique IP addresses, our Linux systems can handle diverse network tasks efficiently, like providing different services over unique IP addresses. This flexibility optimizes resource utilization and streamlines network administration."
References
Internet
/ \
|
|
|
-----------------------------------------------
| bond0 |
| nic_inet |
| |
| Linx Router/Firewall |
| |
| nic_DMZ nic_LAN |
| bond1 bond2 |
----------------------------------------------
| |
| |
============ | =========== =========== | ============
|| | || || | ||
|| ---------- || || ---------- ||
|| | Swtich | || || | Switch | ||
|| ---------- || || ---------- ||
|| | || || | ||
|| -------------- || || -------------- ||
|| | Server | || || | Workstation | ||
|| | 10.0.1.2 | || || | 10.0.2.2 | ||
|| -------------- || || -------------- ||
|| || || ||
|| 10.0.1.x DMZ Zone || || 10.0.2.x LAN ||
========================== ==========================
There is only one Ethernet cable going from my desk into the floor. Hence, all of the hosts on my desk (HP EliteDesk and Raspberry Pi's) go through an Ethernet switch, and everything in my office goes to a second Ethernet Switch. Thus, traffic between any host on my desk and the Synology 220 (network attaches storage - nas) must pass through two Ethernet switches.
The diagram below depicts my test setup. The HP Elite Desk is running Windows 11. A Raspberry Pi 5B only has one native Ethernet port. For the second Ethernet Port, a Benfei USB 3.0 to Ethernet adapter was used ( Amazon #10 ).
Internet
|
| 192.168.50.xxx
|
/----------\
| Ethernet |
| Switch |
\----------/
| |
| |
------- ------
| |
| |
/----------\ /----------\
| Synology | | Desk |
| Network | | Ethernet |
| Attached | | Switch |
| Storage | \----------/
\----------/ | | 192.168.200.xxx
NAS | ------- ---------------------
| | | |
| /--------------------\ |
| | Ethernet USB 3.0 | |
| | | /-----------------\
| | Linux Router | | USB 3.0 |
| | Raspberry Pi 5B | | Benfie |
| | NVMe Gen 3 x 1 | | USB to Ethernet |
| \--------------------/ | Adapter |
| | Ethernet |
| \-----------------/
| |
| |
| /-------------------\
| | Ethernet USB 3.0 |
/----------------\ | |
| HP Elite Desk | | Raspberry Pi 5B |
| Gen 6 | | NVMe Gen 2 x 1 |
| NVME Gen 3 x 4 | | or SD Card |
\----------------/ \-------------------/
Windows - Host Linux - Host
The table below is for transfer a single 7.5GB file, "Subject-Contactor-CT_Scan.zip" from and to the Synology NAT (network attached storage).
| From | To | Seconds | Router |
|---|---|---|---|
| HP Elite Desk Gen 6 | Synology 220 | 69 | none |
| Synology 220 | HP Elite Desk G6 | 69 | none |
| RPi-5 with NVMe Gen 2 | Synology 220 | 74 | RPi-5 |
| Synology 220 | RPi-5 with NVMe Gen 3 | 69 | RPi-5 |
| RPi-5 with SD Card | Synology 220 | 84 | RPi-5 |
| Synology 220 | RPi-5 with sd Card | 94 | Rpi-5 |
Thus, the Raspberry Pi 5B with a Benfie USB-to-Ethernet adapter is plenty fast enough for a 1 Gbps Ethernet network.
It looks like most Linux distros are using or switching to the "Network Manager" as their default network manager. The above code does not use the "Network Manager" to assign static IP address or the default gateway. I need to learn how to do this with the "NetworkManager".
Nordvpn has its own nftables. Unfortunately, Nordvpn will flush the nft rules in /etc/nftables.conf and install its own rules. This occurs even if Nordvpn is not connected.
However, after booting, you can install your own nft rules: with the command:
sudo nft -f /etc/nftables.conf
If you now execute:
sudo nft list ruleset
It will only list your ruleset and not Nordvpn's. However, Nordvpn is still working. In fact, all host connected to this Linux router are going through Nordvpn.
If you want to have the list ruleset show both sets of rules, disconnect Nordvpn and then run your script or /etc/nftables.conf and afterwards reconnect to Nordvpn.
You can then disconnect and reconnect to Nordvpn, and both sets of rules will be active. Now all host connected to this Linux router, will go through Nordvpn. To the outside world, all host connected to this Linux router will all have the same IP address.
One way to accomplish this is to not enable autoconnect on Nordvpn, and to use an on reboot cron job to load your nft ruleset and then connect to Nordvpn
References:
© Copyright Dr. Ray Franco, PhD, PE | 2006-2025. All rights reserved.
