Network Interfaces Layout
Overview of Pimeleon's network interface configuration including WAN, LAN, and WiFi interfaces with detailed specifications and security zones
Network Interfaces Layout
Overview
Pimeleon uses multiple network interfaces to provide comprehensive routing, filtering, and connectivity services. Each interface serves a specific purpose in the network architecture, creating distinct security zones for different types of devices and traffic.
Interface Summary
| Interface | Type | IP Address | Network | Purpose | Hardware |
|---|---|---|---|---|---|
| eth0 | WAN | DHCP from ISP | Dynamic DHCP | Internet Gateway | Built-in Gigabit Ethernet |
| eth1 | LAN | 192.168.76.1/24 | Trusted Wired | Optional USB adapter | USB 3.0 Gigabit LAN |
| wlan0 | WiFi | 192.168.77.1/24 | WiFi Access | Built-in AP | 802.11n/ac WiFi |
| lo | Loopback | 127.0.0.1/8 | Local | System loopback | Virtual |
Detailed Interface Configuration
eth0 - WAN Interface (Internet Connection)
Type: Built-in Ethernet (direct WAN connection)
IP: DHCP assigned by ISP
MAC: Hardware-dependent
Speed: 1000 Mbps (Gigabit)
Status: UP,BROADCAST,RUNNING,MULTICAST
Key Points:
- Direct WAN connection to ISP/upstream router
- Built-in Raspberry Pi Gigabit Ethernet port
- DHCP client for automatic ISP IP assignment
- Primary internet gateway for all internal networks
- RPi 3B+ limitation: ~300 Mbps throughput (USB 2.0 bus shared)
- RPi 4: Full gigabit performance (900+ Mbps)
Configuration:
- Connection type: DHCP (automatic from ISP)
- Default gateway: Provided by ISP
- DNS servers: Configured via DHCP or static override
- MTU: 1500 (standard Ethernet)
eth1 - Trusted LAN Interface (Optional)
Type: USB 3.0 Gigabit LAN adapter
IP: 192.168.76.1/24 (static)
MAC: Adapter-dependent
Hardware: USB 3.0 Wired LAN adapter
Speed: 1000 Mbps (Gigabit)
Status: UP,BROADCAST,RUNNING,MULTICAST
Key Points:
- Optional hardware component - Requires external USB Gigabit adapter
- Provides wired network for trusted devices
- Minimal filtering for maximum performance
- Supports USB 3.0 adapters with good Linux kernel support
- DHCP range: 192.168.76.100-200
- Static IP reservations: 192.168.76.10-99
Recommended Adapters:
- Realtek RTL8153 chipset (excellent Linux support)
- ASIX AX88179 chipset (native kernel driver)
- Avoid generic chipsets with poor driver support
Use Cases:
- Desktop workstations requiring high performance
- Network-attached storage (NAS) devices
- Local servers and development machines
- Security cameras and monitoring equipment
wlan0 - WiFi Access Point
Type: Built-in WiFi chipset
IP: 192.168.77.1/24 (static)
MAC: Hardware-dependent
Standard: 802.11n (RPi 3B+) or 802.11ac (RPi 4)
Frequency: 2.4GHz (RPi 3B+) or 2.4/5GHz (RPi 4)
Security: WPA2-PSK or WPA3-PSK (hardware-dependent)
Max Clients: 30-50 (hardware-dependent)
Status: UP,BROADCAST,RUNNING,MULTICAST
Key Points:
- Built-in WiFi chipset (no external hardware required)
- RPi 3B+: 802.11n, 2.4GHz only, ~50 Mbps typical
- RPi 4: 802.11ac, dual-band 2.4/5GHz, ~200 Mbps typical
- DHCP range: 192.168.77.100-200
- Static IP reservations: 192.168.77.10-99
- Standard security zone with DNS and content filtering
Configuration:
- SSID: Configured during setup
- Security: WPA2-PSK (minimum) or WPA3-PSK
- Channel: Auto-selected or manually configured
- Power management: Disabled for stability
Use Cases:
- Smartphones and tablets
- Laptops and mobile devices
- IoT devices (smart home, cameras)
- Guest devices with restricted access
lo - Loopback Interface
Type: Virtual loopback interface
IP: 127.0.0.1/8 (IPv4)
IPv6: ::1/128
Status: UP,LOOPBACK,RUNNING
Key Points:
- System-internal communication
- Services binding to localhost
- Used by monitoring tools and local services
- Always active, never goes down
Network Zones and Security
Trusted Zone (eth1 - 192.168.76.0/24)
Access Level: Full internet + all local services
Typical Devices:
- Desktop workstations
- Development machines
- Network-attached storage (NAS)
- Local servers
- Printers and office equipment
Security Policy:
- Filtering: Minimal (malware/phishing protection only)
- Content Filtering: Disabled by default
- DNS Filtering: Basic ad/tracker blocking optional
- QoS Priority: High (guaranteed bandwidth)
- Access Control: Full access to all services
Performance:
- Maximum throughput with minimal overhead
- Low-latency routing for real-time applications
- Priority traffic shaping
Standard Zone (wlan0 - 192.168.77.0/24)
Access Level: Internet + limited local services
Typical Devices:
- Smartphones and tablets
- Personal laptops
- Smart home devices (IoT)
- Media streaming devices
- Guest devices
Security Policy:
- Filtering: DNS filtering, content filtering enabled
- Content Filtering: Optional parental controls
- DNS Filtering: Ad/tracker blocking, malware protection
- QoS Priority: Standard (fair bandwidth allocation)
- Access Control: Internet access + selected local services
Restrictions:
- No direct access to trusted LAN devices
- Limited ICMP (ping) responses
- Blocked ports: 445 (SMB), 139 (NetBIOS), administrative ports
WAN Zone (eth0 - ISP Network)
Purpose: Internet gateway and ISP connectivity
Configuration:
- NAT: All internal traffic translated through eth0
- Firewall: Strict inbound rules (default DROP)
- Outbound: Permissive for established connections
- Port Forwarding: User-configurable for services
- DMZ: Optional for specific devices
Security:
- Stateful firewall with connection tracking
- Drop all unsolicited inbound connections
- Rate limiting for flood protection
- Optional WAN ping response blocking
Interface Dependencies
Internet (ISP)
↓
eth0 (WAN - DHCP from ISP)
↓
[Pimeleon Routing & Filtering]
↓
┌──eth1 (Trusted LAN - 192.168.76.0/24)
└──wlan0 (WiFi AP - 192.168.77.0/24)
Startup Order:
lo(loopback) - Always firsteth0(WAN) - Establishes internet connectioneth1(LAN) - Trusted wired networkwlan0(WiFi) - Wireless access point
Service Dependencies:
- DHCP Server: Requires eth1/wlan0 UP
- DNS Server: Requires all interfaces UP
- Firewall: Requires eth0 UP for WAN rules
- WiFi AP: Requires wlan0 UP + hostapd service
Hardware Requirements
Minimum Configuration (RPi 3B+)
- WAN (eth0): Built-in Gigabit Ethernet (300 Mbps actual)
- WiFi (wlan0): Built-in 802.11n (2.4GHz only)
- LAN (eth1): Optional USB 3.0 Gigabit adapter
- Power: Official 5V 2.5A power supply
- Cooling: Passive heatsink recommended
Recommended Configuration (RPi 4)
- WAN (eth0): Built-in Gigabit Ethernet (950 Mbps actual)
- WiFi (wlan0): Built-in 802.11ac (dual-band 2.4/5GHz)
- LAN (eth1): USB 3.0 Gigabit adapter (optional)
- Power: Official 5V 3A USB-C power supply
- Cooling: Active cooling for sustained load
Optional Components
- USB Ethernet Adapter: For eth1 trusted LAN
- Chipset: Realtek RTL8153 or ASIX AX88179
- Interface: USB 3.0 (blue connector)
- Speed: Gigabit (1000 Mbps)
- Cables: Cat5e or Cat6 Ethernet cables
- Case: With ventilation or heatsink mounting
Monitoring Interfaces
Quick Status Check
# Overview of all interfaces
ip addr show
# Show only active interfaces
ip link show up
# Interface routing table
ip route show
Detailed Statistics
# Per-interface packet statistics
ip -s link show
# Detailed statistics for specific interface
ip -s -s link show eth0
# Real-time bandwidth monitoring
ifstat -i eth0,eth1,wlan0 1
Interface Speed Verification
# Check negotiated speed for all Ethernet interfaces
for iface in eth0 eth1; do
speed=$(cat /sys/class/net/$iface/speed 2>/dev/null || echo "N/A")
echo "$iface: $speed Mbps"
done
# Check interface link status
cat /sys/class/net/eth0/operstate
cat /sys/class/net/eth1/operstate
WiFi-Specific Monitoring
# WiFi interface status
iw dev wlan0 info
# Connected WiFi clients
iw dev wlan0 station dump
# WiFi signal strength and channel
iwconfig wlan0
Continuous Monitoring
# Watch interface statistics (updates every 2 seconds)
watch -n 2 'ip -s link show'
# Monitor DHCP leases
watch -n 5 'cat /var/lib/dhcp/dhcpd.leases'
# Real-time connection tracking
watch -n 1 'conntrack -L | wc -l'
Performance Considerations
RPi 3B+ Limitations
- eth0 throughput: ~300 Mbps (USB 2.0 bus shared with eth1)
- WiFi throughput: ~50 Mbps (802.11n, 2.4GHz)
- Combined throughput: Limited by USB 2.0 bus bandwidth
- Concurrent connections: 5,000-10,000 maximum
RPi 4 Performance
- eth0 throughput: ~950 Mbps (dedicated PCIe lane)
- WiFi throughput: ~200 Mbps (802.11ac, 5GHz)
- Combined throughput: Full gigabit on eth0 + WiFi
- Concurrent connections: 20,000+ maximum
Optimization Tips
- Use wired connections for bandwidth-intensive devices
- 5GHz WiFi (RPi 4) for better performance and less interference
- QoS prioritization for latency-sensitive traffic (VoIP, gaming)
- Disable unused interfaces to reduce overhead
- Monitor bandwidth usage to identify bottlenecks
Troubleshooting
Interface Won't Come Up
# Check interface status
ip link show eth0
# Bring interface up manually
sudo ip link set eth0 up
# Check for driver errors
dmesg | grep eth0
No DHCP IP Address (WAN)
# Release and renew DHCP lease
sudo dhclient -r eth0
sudo dhclient eth0
# Check DHCP client logs
sudo journalctl -u dhclient
USB Ethernet Adapter Not Detected
# List USB devices
lsusb
# Check kernel driver binding
dmesg | grep usb
# Verify interface creation
ip link show
WiFi Access Point Not Starting
# Check hostapd service
sudo systemctl status hostapd
# Verify wlan0 interface
iw dev wlan0 info
# Check for channel conflicts
iw dev wlan0 scan | grep "DS Parameter set"
Related Documentation
- Network Topology Overview - Complete network architecture
- IP Addressing Scheme - IP allocation and subnets
- eth0 Configuration - WAN interface details
- Firewall Configuration - Security rules and policies
- DHCP Server Setup - DHCP configuration for LAN zones