Critical Linux Infrastructure & Ad-Hoc Networking

Overview

A series of “bare metal” Linux networking interventions designed to restore and automate critical business infrastructure for a large multi-site RV park. These custom-built routers and servers bridged gaps where off-the-shelf hardware failed or was unavailable, ensuring business continuity for fuel sales and enterprise operations.

Key Scenarios

1. The “Flagstop” Rescue (Network Core Restoration)

• The Crisis: A third-party planning failure severed the critical 11km wireless backhaul connecting the Thunderbird RV Park & Marina to the internet. This outage halted all business operations, including credit card processing, third-party fuel pump monitoring, and guest Wi-Fi. The legacy network infrastructure at the “Flagstop” site had to be preserved and routed through a new tower connection, requiring an immediate custom routing solution.
• The Solution: Constructed a custom Linux router on a standard Dell workstation to act as the core routing engine for the entire multi-VLAN network.
• Technical Implementation:
  • OS/Networking: Ubuntu Server with systemd-networkd managing a complex tree of VLANs (802.1q), Bridges (br0), and veth pairs.
  • Firewall: Implemented a hand-written nftables ruleset to handle State-Full inspection, NAT/Masquerading, and specific Port Forwarding (DNAT) for the proprietary gas pump transaction protocol.
  • Services: Deployed ISC-Kea DHCP for sub-millisecond address assignment across 4 distinct subnets and a Ubiquiti UniFi Controller (Docker) to restore guest/POS Wi-Fi access.

2. The “Thunderbird” Link (IoT Automation)

• The Problem: The marina fuel pumps relied on a network-triggered “dry contact” relay in a distant pump house. A vendor replaced the original transparent Point-to-Point link with segmented DOCSIS modems (consumer-grade ISP isolation). This broke the direct IP visibility needed for the control logic, and the vendor could not bridge the networks. The system also required local survivability if the internet uplink failed.
• The Solution: Built a Dockerized MQTT “Long Distance Wire” to bypass the restrictions and restore pump activation capabilities.
• Technical Implementation:
  • Container Networking: Utilized Docker ipvlan (L2) networks to bypass the default Docker bridge, placing containers directly on the physical network segment for transparent communication.
  • Logic: Deployed Eclipse Mosquitto (MQTT) acting as the message broker between Shelly automation relays.
  • Access: Maintained remote manageability via AutoSSH reverse tunnels, punching through the ISP’s CGNAT.

Technical Skills Applied

• Advanced Linux Networking: iproute2, systemd-networkd, Linux Bridges, Virtual Ethernet (veth) pairs.
• Packet Filtering: Deep understanding of nftables hooks (Input, Forward, Output, Prerouting/Postrouting) and connection tracking (ct state).
• Infrastructure as Code: All configurations (network, firewall, services) version-controlled and deployable via script.
• Protocol Analysis: Debugging specific port requirements for legacy industrial equipment.

Outcome

• Immediate Financial Impact: Restored minimal viable operations for the fuel dock within hours of the original failure.
• Long-Term Reliability: The “Flagstop” router proved more stable than the proprietary hardware it replaced, handling months of continuous traffic with zero downtime.