User:GNUtoo/Alix.1c
From ParabolaWiki
Contents
1 Introduction
- This Article explains how to do a router/server which goal is to act as a wired<->wireless bridge.
- The setup is kind of advanced.
- The server is also used for server purpose(NFS root, MPD etc...)
2 Rename the interfaces
Find the MAC addresses of your cards:
# ip addr [...] 2: enp0s13: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:0d:b9:0c:d5:34 brd ff:ff:ff:ff:ff:ff 3: wlp0s14: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:1d:19:e2:a2:10 brd ff:ff:ff:ff:ff:ff
Add your MAC address to etc/udev/rules.d/10-network.rules
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="00:0d:b9:0c:d5:34", NAME="wired_int" SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="00:1d:19:e2:a2:10", NAME="wireless_int"
3 Hostapd
Add that to /etc/hostapd/hostapd.conf:
interface=wireless_int driver=nl80211 ssid=GNUtoo channel=5 country_code=IT #ap_max_inactivity=600 hw_mode=g bridge=br0 ctrl_interface=/var/run/hostapd ctrl_interface_group=0 wpa_passphrase=changeme #macaddr_acl=0 #auth_algs=1 #ignore_broadcast_ssid=0 wpa=2 wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP
Then do:
cp /lib/systemd/system/hostapd.service /etc/systemd/system/
Edit /etc/systemd/system/hostapd.service to look like that:
[Unit] Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator After=network.target After=sys-subsystem-net-devices-wireless_int.device Requires=sys-subsystem-net-devices-wireless_int.device [Service] Type=forking PIDFile=/run/hostapd.pid ExecStart=/usr/bin/hostapd /etc/hostapd/hostapd.conf -P /run/hostapd.pid -B [Install] WantedBy=multi-user.target
Then do:
systemctl start hostapd.service systemctl enable hostapd.service
4 dnsmasq
Add the following /etc/dnsmasq.conf config:
# filter what we send upstream domain-needed bogus-priv filterwin2k localise-queries # allow /etc/hosts and dhcp lookups via *.lan local=/lan/ domain=workgroup expand-hosts #resolv-file=/tmp/resolv.conf.auto dhcp-authoritative #dhcp-leasefile=/tmp/dhcp.leases # use /etc/ethers for static hosts; same format as --dhcp-host # <hwaddr> <ipaddr> #read-ethers # other useful options: # default route(s): dhcp-option=3,192.168.2.1 # dns server(s): dhcp-option=6,192.168.2.1 dhcp-range=192.168.2.100,192.168.2.255,255.255.255.0,12h
Enable and start dnsmasq:
systemctl start dnsmasq.service systemctl enable dnsmasq.service
5 Internet connection sharing
# iptables -t nat -A POSTROUTING -o wireless_ext -j MASQUERADE # iptables-save > /etc/iptables/iptables.rules # systemctl start iptables # systemctl enable iptables
in /etc/sysctl.conf change that:
# Disable packet forwarding. net.ipv4.ip_forward = 0
to that:
# Disable packet forwarding. net.ipv4.ip_forward = 1
6 Wpa supplicant
In /etc/wpa_supplicant/wpa_supplicant.conf put:
network={ ssid="router" key_mgmt=NONE }
7 network.service
/etc/systemd/system/network.service:
[Unit] Description=Full Network Connectivity Wants=network.target After=network.target Require=hostapd.service After=hostapd.service [Service] Type=oneshot RemainAfterExit=yes ExecStart=/usr/sbin/iw phy phy0 interface add wireless_ext type managed ExecStart=/usr/sbin/ip link set dev wireless_ext address 00:1d:19:e2:a2:11 ExecStart=/usr/sbin/ip link set wireless_ext up ExecStart=/usr/sbin/ip addr add 192.168.2.1/24 dev br0 ExecStart=/usr/sbin/ip link set br0 up ExecStart=/usr/sbin/brctl addif br0 wired_int ExecStart=/usr/sbin/ip link set wired_int up ExecStart=/usr/sbin/wpa_supplicant -B -i wireless_ext -c /etc/wpa_supplicant/wpa_supplicant.conf ExecStart=/usr/sbin/dhcpcd wireless_ext ExecStop=/usr/sbin/iw dev wireless_ext del ExecStop=/usr/sbin/ip addr del 192.168.2.1/24 dev br0 ExecStop=/usr/sbin/brctl delif br0 wired_int ExecStop=/usr/bin/killall wpa_supplicant ExecStop=/usr/bin/killall dhcpcd [Install] WantedBy=multi-user.target
Then do:
systemctl start network.service systemctl enable network.service