matthewh
Posts: 15
Joined: Tue Dec 30, 2014 5:04 pm

Static Public IP

Wed Dec 30, 2015 5:18 pm

I need to assign a public static IPv4 and IPv6 address to my RaspberryPI running Rasbian minimal. Think this would easy but having issues.

/etc/network/interfaces

Would think it would be easy as editing this file but apparently not. How do I do this?

Heater
Posts: 16334
Joined: Tue Jul 17, 2012 3:02 pm

Re: Static Public IP

Wed Dec 30, 2015 6:21 pm

Does your internet service provider give you a static public IP address? Most domestic providers do not.

You cannot just give yourself a public IP address. You have to buy them.

I'm lucky that I get a public IP address via DHCP from my provider but it is dynamic. It could change at any time. There are ways to deal with that.

If you are stuck with a non-public address there are ways around that too. Like use the services of resin.io.

Or do what I do and rent an Amazon AWS instance with a pubic IP and have the Pi connect to that.

You do realize that after editing /etc/network/interfaces you have to restart the interface?
Memory in C++ is a leaky abstraction .

User avatar
DougieLawson
Posts: 39613
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: Static Public IP

Wed Dec 30, 2015 6:34 pm

sudo modprobe ipv6
sudo nano /etc/modprobe.d/*blacklist* # remove all the IPv6 blacklist stuff.

IPv6 doesn't need static address assignment, the address for an interface with MAC address b8:27:eb:be:ca:fe is
2001:pppp:pppp:pppp:ba27:ebff:febe:cafe if you take the IPv6 defaults. [2001:pppp:pppp:pppp/64 is your ISP assigned prefix]

It's controlled by

Code: Select all

# Generate Stable Private IPv6 Addresses instead of hardware based ones
#slaac private
slaac hardware
in /etc/dhcpcd.conf - I've changed that to slaac hardware because I want it based on my MAC addresses.
Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All fake doctors are on my foes list.

User avatar
DougieLawson
Posts: 39613
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: Static Public IP

Wed Dec 30, 2015 6:37 pm

Heater wrote: You cannot just give yourself a public IP address. You have to buy them.
Or get one for free from your favourite tunnel broker http://tunnelbroker.net (Hurricane Electric) or http://www.gogo6.com

I've been tunnelling IPv6 traffic from my network for ten years (and more).
Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All fake doctors are on my foes list.

matthewh
Posts: 15
Joined: Tue Dec 30, 2014 5:04 pm

Re: Static Public IP

Wed Dec 30, 2015 7:07 pm

I have public IPv4 and IPv6 space to use. Under Centos I would:

nano /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
BOOTPROTO=static
IPADDR=x.x.x.50
NETMASK=255.255.255.0
GATEWAY=x.x.x.1
ONBOOT=yes
IPV6INIT=yes
IPV6ADDR=xxxx:xxxx::0050/64
IPV6_DEFAULTGW=xxxx:xxxx::1

How do I do this in Rasbian?

Tried this on Rasbian but no go.

sudo nano /etc/network/interfaces
#iface eth0 inet manual
iface eth0 inet static
address x.x.x.50
netmask 255.255.255.0
gateway x.x.x.1

User avatar
rurwin
Forum Moderator
Forum Moderator
Posts: 4257
Joined: Mon Jan 09, 2012 3:16 pm
Contact: Website

Re: Static Public IP

Wed Dec 30, 2015 7:52 pm

Another point worth noting...

If your Raspberry Pi has a public static IP address, then you need to configure your router completely differently and you probably can't have any other computers on your network. If your router has a public static IP address and passes some of the data to the Raspberry Pi, then you have to configure the Router a little bit differently. That's how 99% of people handle it.

You don't need your Pi to have a public static IP address. There are solutions that allow people to connect to you even though your address is dynamic. And if you only pass some of the traffic through the router to the Pi, then you will be vulnerable to fewer hackers. If you have a static address and you let traffic through you will have hackers and bots buzzing around like flies trying to get in within hours, maybe minutes.

W. H. Heydt
Posts: 13047
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: Static Public IP

Wed Dec 30, 2015 8:10 pm

rurwin wrote:Another point worth noting...

If your Raspberry Pi has a public static IP address, then you need to configure your router completely differently and you probably can't have any other computers on your network. If your router has a public static IP address and passes some of the data to the Raspberry Pi, then you have to configure the Router a little bit differently. That's how 99% of people handle it.

You don't need your Pi to have a public static IP address. There are solutions that allow people to connect to you even though your address is dynamic. And if you only pass some of the traffic through the router to the Pi, then you will be vulnerable to fewer hackers. If you have a static address and you let traffic through you will have hackers and bots buzzing around like flies trying to get in within hours, maybe minutes.
That depends on whether you have a single static public IP address, or if you have a block of addresses. Keep in mind that, with a block, 3 of the addresses are assigned to specific purposes and the block sizes progress in binary sizes. So a block of 8 IPv4 addresses means that you can have 5 devices with a public address.

matthewh
Posts: 15
Joined: Tue Dec 30, 2014 5:04 pm

Re: Static Public IP

Wed Dec 30, 2015 8:50 pm

I know how to configure the router, firewall, etc. I have other servers configured with public static IP's already. I just want to know how to configure the Raspberry Pi for static IPv4 and IPv6.

User avatar
rurwin
Forum Moderator
Forum Moderator
Posts: 4257
Joined: Mon Jan 09, 2012 3:16 pm
Contact: Website

Re: Static Public IP

Wed Dec 30, 2015 9:26 pm

Firstly, you don't configure the Pi to have the public IP address. That can go on the router.

Then, again on the router you can set the DHCP server to always give your Pi the same address. You tell it the Pi's MAC address and give it an IP address that is outside the range that the dynamic allocations go. On my network the dynamic allocation are in the range 192.168.1.1 to 192.168.1.60 My desktop PC (that may have an ssh server on it sometimes) is at 192.168.1.61 and the printer is on 192.168.1.67, The Raspberry Pi's start at 71.

Now your Pi has a static IP address, you can tell the router to pass all traffic for a given TCP port to the Pi.

If a hacker gains access to the Pi, then they can use that as a staging post to attack all the other machines in your network. So you need to minimize your exposure to a small set of known services and be certain to keep up with the security updates and vulnerability reports.

The other way of doing things is to use a secure DMZ. See: https://en.wikipedia.org/wiki/DMZ_%28computing%29 But for that you need more than a regular router; you need one or more separate firewall machines. I believe there are a few routers that put the DMZ on only one of the Ethernet ports and implement a firewall between it and the rest of the internal network. That would be secure (unless the router was hacked) but it isn't common practise.

tomarq
Posts: 2
Joined: Mon Nov 30, 2015 8:46 pm

Re: Static Public IP

Wed Dec 30, 2015 10:09 pm

For my statically configured hosts, I had to add an "auto" line in the /etc/network/interfaces file also. Try:

auto eth0
iface eth0 inet static
address x.x.x.50
netmask 255.255.255.0
gateway x.x.x.1

matthewh
Posts: 15
Joined: Tue Dec 30, 2014 5:04 pm

Re: Static Public IP

Thu Dec 31, 2015 6:19 pm

Think I got this static IPv4 and IPv6 assignment working on the Raspberry Pi. I removed all the dhcp packages with apt-get since I no longer needed them. Not sure if they were causing conflicts with static assignments. I will likely later remove all wireless and wpa packages I do not need.

I then added this to "sudo nano /etc/network/interfaces"

#iface eth0 inet manual
auto eth0
iface eth0 inet static
address x.x.x.22
netmask 255.255.255.0
gateway x.x.x.1

iface eth0 inet6 static
address xxxx:xxxx:x:x::22
netmask 64
gateway xxxx:xxxx:x:x::1

I then edited "sudo nano /etc/resolv.conf"

nameserver 2001:4860:4860::8888
nameserver 8.8.8.8

Installed lynx with apt-get. I appear to have both IPv4 and IPv6 Internet connectivity on IP addresses specified.

Heater
Posts: 16334
Joined: Tue Jul 17, 2012 3:02 pm

Re: Static Public IP

Thu Dec 31, 2015 6:55 pm

rurwin,
Firstly, you don't configure the Pi to have the public IP address. That can go on the router.
Except if your Pi is your router.
...you need to minimize your exposure to a small set of known services...
You can do that on your Pi as router.
Memory in C++ is a leaky abstraction .

User avatar
Shoka
Posts: 147
Joined: Sat Jul 12, 2014 8:35 pm
Location: Manchester, UK

Re: Static Public IP

Thu Dec 31, 2015 8:38 pm

I have public IPv4 and IPv6 space to use. Under Centos I would:

nano /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
BOOTPROTO=static
IPADDR=x.x.x.50
NETMASK=255.255.255.0
GATEWAY=x.x.x.1
ONBOOT=yes
IPV6INIT=yes
IPV6ADDR=xxxx:xxxx::0050/64
IPV6_DEFAULTGW=xxxx:xxxx::1

How do I do this in Rasbian?
That is Red Hat syntax, Debian is different.

Note that with debian you can define alternative network configs like this :

Code: Select all

auto eth0
allow-hotplug eth0
iface eth0 inet manual
    pre-up ifconfig $IFACE up
    post-down ifconfig $IFACE down

iface eth0-static inet static
   address 10.10.10.2
   netmask 255.255.255.0
   gateway 10.10.10.1

iface eth0-dhcp inet dhcp
(from my Mint 71.3 laptop recently upgraded)

And control the interface by

ifup and ifdown

eg:

Code: Select all

sudo ifdown eth0

sudo ifup eth0=eth0-dhcp

for a dhcp configured address or

Code: Select all

sudo ifdown eth0

sudo ifup eth0=eth0-static

for the static setting.

Not sure how that plays in a jessie set up ...
Cheers Harry

Return to “General discussion”