DHCP & DNS server for your home gateway. Gives you visibility into what's happening inside your network.
Gatekeeper aims to replace traditional DHCP and DNS servers, such as dnsmasq, for home network management. Gatekeeper is resource efficient thanks to implementation in modern C++. It offers visibility into its configuration & network state with a web interface served on port 1337.
Current feature set covers most of the basic DHCP & DNS functionality and should be usable for most home networks. In the future it may be extended with more "Home Gateway"-oriented features, such as interface configuration, port forwarding, bandwidth accounting, NAT connection tracking, etc.
If there are features you'd like to see, don't hesitate to modify its source code. Gatekeeper is written in a readable manner, making it easy for anyone with basic C++ knowledge to extend its functionality.
Over last years I've grown annoyed with lack of well-designed open-source software for managing home gateways. I imagine I can't be the only person that would like to have a performant & intuitive admin panel for my home network. Probably everybody is busy writing configs for dnsmasq (or netplan, or networkd, or whatever). By sharing a simple implementation of a gateway management server I hope to redirect the ad-hoc efforts of various home-network-admins into a single project. Instead of writing configs we could be adding cool features that would be used by everyone.
The key idea that distinguishes Gatekeeper from most other network management software is the focus on "Home Gateway" use-case. While other tools offer great flexibility, this flexibility comes at a cost of complexity. As a result they lack sensible defaults and their config options are a mess. What it means for Gatekeeper is that its only configuration option is "which interface to run on". Everything else is handled automatically. Because really - why wouldn't it be?
Before running Gatekeeper you should configure the home network interface. This means:
- The gateway machine should be able to access internet. This usually means plugging the internet cable & running DHCP client on the external interface:
dhclient <external interface name>
. - Assign IP & netmask to the interface. You can see current interface configuration with
ip addr show
. Adding IP addresses can be done withip addr add 192.168.1.1/24 dev <local interface name>
. - The interface should be in "up" state. You can bring it up with
ip link set <local interface name> up
. - The interface should have "forwarding" enabled. You can enable it with
sysctl -w net.ipv4.ip_forward=1
. - Enable NAT Masquerading. You can do it with
iptables -t nat -A POSTROUTING -o <external interface name> -j MASQUERADE
.
This config will be lost after reboot - so add those commands to /etc/rc.local
& sudo chmod a+x /etc/rc.local
to make it executable.
Interface configuration can also be done with other tools, such as systemd-networkd
(Debian), netplan
(Ubuntu) or other, distro-specific mechanisms.
Eventually, Gatekeeper should take care of this but I'm adding new features as I need them.
- Create
/opt/gatekeeper/
directory. - Download .tar.gz file from the Releases page.
- Extract it with
cd /opt/gatekeeper && tar -xzf <path to downloaded gatekeeper.tar.gz>
. - (Optionally) Do a test run with
sudo ./gatekeeper <interface name>
. Ctrl+C to stop. - Edit
/opt/gatekeeper/gatekeeper.service
file and change the interface name frombr0
to the name of your local interface. - Install systemd service with
sudo systemctl enable --now /opt/gatekeeper/gatekeeper.service
. - Open web interface by navigating to
http://<IP of the local interface>:1337/
in your browser.
Logo from aamatniekss.itch.io (Twitter)