Ana akeh informasi ing Internet babagan nggawe titik akses Wi-Fi adhedhasar PC papan tunggal Raspberry. Minangka aturan, iki tegese nggunakake sistem operasi Raspbian asli saka Raspberry.
Dadi penganut sistem berbasis RPM, aku ora bisa ngliwati keajaiban cilik iki lan ora nyoba CentOS sing ditresnani.
Artikel kasebut menehi instruksi kanggo nggawe router Wi-Fi 5GHz/AC saka Raspberry Pi 3 Model B+ adhedhasar sistem operasi CentOS. Bakal ana sawetara trik standar nanging kurang dikenal, lan minangka bonus - gambar kanggo nyambungake peralatan Wi-Fi tambahan menyang Raspberry, saéngga bisa digunakake kanthi bebarengan ing sawetara mode (2,4 + 5GHz).
(campuran gambar sing kasedhiya gratis)
Ayo kita elinga manawa sawetara kecepatan kosmik ora bisa digunakake. Aku remet maksimum 100 Mbps metu saka Raspberry liwat udhara, lan iki kalebu kacepetan panyedhiya Internet. Apa sampeyan kudu AC sluggish kuwi, yen ing teori sampeyan bisa njaluk setengah gigabit malah ing N? Yen sampeyan wis takon dhewe pitakonan iki, banjur menyang toko kanggo tuku router nyata karo wolung antena external.
0. Apa sampeyan kudu
- Bener, "produk raspberry" dhewe kaliber: Pi 3 Model B + (kanggo entuk kecepatan lan saluran 5GHz sing dikarepake);
- microSD apik> = 4GB;
- Workstation karo Linux lan microSD maca / panulis;
- Kasedhiya katrampilan sing cukup ing Linux, artikel kasebut kanggo Geek sing dilatih;
- Konektivitas jaringan kabel (eth0) antarane Raspberry lan Linux, mbukak server DHCP ing jaringan lokal lan akses Internet saka piranti loro-lorone.
A komentar cilik ing titik pungkasan. "Sing teka dhisik, endhog utawa ..." carane nggawe router Wi-Fi tanpa peralatan akses Internet? Ayo ninggalake latihan sing nyenengake iki ing njaba ruang lingkup artikel lan mung nganggep yen Raspberry disambungake menyang jaringan lokal kanthi kabel lan nduweni akses menyang Internet. Ing kasus iki, kita ora mbutuhake TV tambahan lan manipulator kanggo nyetel "raspberry".
1. Instal CentOS
Nalika nulis artikel iki, versi CentOS sing mlaku ing piranti kasebut yaiku 32-bit. Nang endi wae ing World Wide Web aku nemokake panemu manawa kinerja OS kasebut ing arsitektur ARM 64-bit suda nganti 20%. Aku bakal ninggalake wayahe iki tanpa komentar.
Ing Linux, download gambar minimal nganggo kernel "-RaspberryPI-"lan tulisake menyang microSD:
# xzcat CentOS-Userland-7-armv7hl-RaspberryPI-Minimal-1810-sda.raw.xz |
dd of=/dev/mmcblk0 bs=4M
# sync
Sadurunge miwiti nggunakake gambar, kita bakal mbusak partisi SWAP saka iku, nggedhekake ROOT kanggo kabeh volume kasedhiya lan nyisihaken saka SELinux. Algoritma prasaja: nggawe salinan root ing Linux, mbusak kabeh partisi saka microSD kajaba sing pisanan (/boot), nggawe root anyar lan bali isi saka salinan kasebut.
Conto tumindak sing dibutuhake (output konsol sing abot)
# mount /dev/mmcblk0p3 /mnt
# cd /mnt
# tar cfz ~/pi.tgz . --no-selinux
# cd
# umount /mnt
# parted /dev/mmcblk0
(parted) unit s
(parted) print free
Model: SD SC16G (sd/mmc)
Disk /dev/mmcblk0: 31116288s
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:
Number Start End Size Type File system Flags
63s 2047s 1985s Free Space
1 2048s 1370111s 1368064s primary fat32 boot, lba
2 1370112s 2369535s 999424s primary linux-swap(v1)
3 2369536s 5298175s 2928640s primary ext4
5298176s 31116287s 25818112s Free Space
(parted) rm 3
(parted) rm 2
(parted) print free
Model: SD SC16G (sd/mmc)
Disk /dev/mmcblk0: 31116288s
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:
Number Start End Size Type File system Flags
63s 2047s 1985s Free Space
1 2048s 1370111s 1368064s primary fat32 boot, lba
1370112s 31116287s 29746176s Free Space
(parted) mkpart
Partition type? primary/extended? primary
File system type? [ext2]? ext4
Start? 1370112s
End? 31116287s
(parted) set
Partition number? 2
Flag to Invert? lba
New state? on/[off]? off
(parted) print free
Model: SD SC16G (sd/mmc)
Disk /dev/mmcblk0: 31116288s
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:
Number Start End Size Type File system Flags
63s 2047s 1985s Free Space
1 2048s 1370111s 1368064s primary fat32 boot, lba
2 1370112s 31116287s 29746176s primary ext4
(parted) quit
# mkfs.ext4 /dev/mmcblk0p2
mke2fs 1.44.6 (5-Mar-2019)
/dev/mmcblk0p2 contains a swap file system labelled '_swap'
Proceed anyway? (y,N) y
Discarding device blocks: done
Creating filesystem with 3718272 4k blocks and 930240 inodes
Filesystem UUID: 6a1a0694-8196-4724-a58d-edde1f189b31
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208
Allocating group tables: done
Writing inode tables: done
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done
# mount /dev/mmcblk0p2 /mnt
# tar xfz ~/pi.tgz -C /mnt --no-selinux
Sawise mbongkar isi partisi root, wektune kanggo nggawe sawetara owah-owahan.
Pateni SELinux ing /mnt/etc/selinux/config:
SELINUX=disabled
Ngedit /mnt/etc/fstab, ninggalake mung rong entri babagan partisi: boot (/boot, ora ana owah-owahan) lan root (kita ngganti nilai UUID, sing bisa ditemokake kanthi nyinaoni output perintah blkid ing Linux):
UUID=6a1a0694-8196-4724-a58d-edde1f189b31 / ext4 defaults,noatime 0 0
UUID=6938-F4F2 /boot vfat defaults,noatime 0 0
Pungkasan, kita ngganti parameter boot kernel: kita nemtokake lokasi anyar kanggo partisi root, mateni output informasi debugging lan (opsional) nglarang kernel menehi alamat IPv6 ing antarmuka jaringan:
# cd
# umount /mnt
# mount /dev/mmcblk0p1 /mnt
Punika isinipun /mnt/cmdline.txt menyang formulir ing ngisor iki (siji baris tanpa tanda hubung):
root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait quiet ipv6.disable_ipv6=1
Rampung:
# cd
# umount /mnt
# sync
Kita ngatur maneh microSD menyang "raspberry", miwiti lan entuk akses jaringan liwat ssh (root / centos).
2. Nyetel CentOS
Telung gerakan pisanan sing ora bisa diowahi: passwd, yum -y update, urip maneh.
Kita menehi manajemen jaringan jaringan d:
# yum install systemd-networkd
# systemctl enable systemd-networkd
# systemctl disable NetworkManager
# chkconfig network off
Nggawe file (bebarengan karo direktori) /etc/systemd/network/eth0.network:
[Match]
Name=eth0
[Network]
DHCP=ipv4
Kita urip maneh "raspberry" lan entuk akses jaringan liwat ssh (alamat IP bisa diganti). Pay manungsa waé kanggo apa digunakake /etc/resolv.conf, digawe sadurungé dening Network Manager. Mulane, yen ana masalah karo solusi, sunting isine. Gunakake sistemd-dirampungake kita ora bakal.
Kita mbusak "ora perlu", ndandani lan nyepetake loading OS:
# systemctl set-default multi-user.target
# yum remove GeoIP Network* aic* alsa* cloud-utils-growpart
cronie* dhc* firewal* initscripts iwl* kexec* logrotate
postfix rsyslog selinux-pol* teamd wpa_supplicant
Sapa sing butuh cron lan sing ora Digest dibangun ing
# mkdir /var/log/journal
# systemd-tmpfiles --create --prefix /var/log/journal
# systemctl restart systemd-journald
# vi /etc/systemd/journald.conf
Pateni panggunaan IPv6 dening layanan dhasar (yen dibutuhake)/ etc / ssh / sshd_config:
AddressFamily inet
/etc/sysconfig/chronyd:
OPTIONS="-4"
Relevansi wektu ing "raspberry" iku penting. Wiwit metu saka kothak ora ana kemampuan hardware kanggo nyimpen kahanan saiki jam nalika urip maneh, sinkronisasi dibutuhake. A daemon apik banget lan cepet kanggo iki kroni - wis diinstal lan diwiwiti kanthi otomatis. Sampeyan bisa ngganti server NTP menyang sing paling cedhak.
/etc/chrony.conf:
server 0.ru.pool.ntp.org iburst
server 1.ru.pool.ntp.org iburst
server 2.ru.pool.ntp.org iburst
server 3.ru.pool.ntp.org iburst
Kanggo nyetel zona wektu sing bakal digunakake trik. Amarga tujuane yaiku nggawe router Wi-Fi sing beroperasi ing frekuensi 5GHz, kita bakal nyiapake kejutan sadurunge pengatur:
# yum info crda
Ringkesan: Daemon kepatuhan peraturan kanggo jaringan nirkabel 802.11
Desain ala iki, uga adhedhasar zona wektu, "nglarang" panggunaan (ing Rusia) frekuensi lan saluran 5GHz kanthi nomer "dhuwur". Trik kasebut yaiku nyetel zona wektu tanpa nggunakake jeneng bawana / kutha, yaiku, tinimbang:
# timedatectl set-timezone Europe/Moscow
Kita pencet:
# timedatectl set-timezone Etc/GMT-3
Lan sentuhan pungkasan kanggo gaya rambut sistem:
# hostnamectl set-hostname router
/root/.bash_profile:
. . .
# User specific environment and startup programs
export PROMPT_COMMAND="vcgencmd measure_temp"
export LANG=en_US.UTF-8
export PATH=$PATH:$HOME/bin
3. CentOS Add-ons
Kabeh sing kasebut ing ndhuwur bisa dianggep minangka instruksi lengkap kanggo nginstal "vanilla" CentOS ing Raspberry Pi. Sampeyan kudu mungkasi munggah karo PC sing (re) boots ing kurang saka 10 detik, nggunakake kurang saka 15 Megabyte RAM lan 1.5 Gigabyte microSD (bener kurang saka 1 Gigabyte amarga ora pepak / boot, nanging jujur).
Kanggo nginstal piranti lunak titik akses Wi-Fi ing sistem iki, sampeyan kudu rada nggedhekake kapabilitas distribusi CentOS standar. Kaping pisanan, ayo upgrade driver (firmware) adaptor Wi-Fi sing dibangun. Kaca ngarep proyek ngandika:
Wifi ing Raspberry 3B lan 3B+
File firmware Raspberry PI 3B/3B+ ora diidini disebarake dening Proyek CentOS. Sampeyan bisa nggunakake artikel ing ngisor iki kanggo mangerteni masalah kasebut, entuk perangkat kukuh lan nyiyapake wifi.
Apa sing dilarang kanggo proyek CentOS ora dilarang kanggo panggunaan pribadi. Kita ngganti firmware distribusi Wi-Fi ing CentOS karo sing cocog saka pangembang Broadcom (blok binar sing disengiti sing padha ...). Iki, utamane, bakal ngidini sampeyan nggunakake AC ing mode titik akses.
Nganyari firmware Wi-FiTemokake model piranti lan versi perangkat kukuh saiki:
# journalctl | grep $(basename $(readlink /sys/class/net/wlan0/device/driver))
Jan 01 04:00:03 router kernel: brcmfmac: F1 signature read @0x18000000=0x15264345
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_fw_map_chip_to_name: using brcm/brcmfmac43455-sdio.bin for chip 0x004345(17221) rev 0x000006
Jan 01 04:00:03 router kernel: usbcore: registered new interface driver brcmfmac
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_c_preinit_dcmds: Firmware version = wl0: Mar 1 2015 07:29:38 version 7.45.18 (r538002) FWID 01-6a2c8ad4
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_c_preinit_dcmds: CLM version = API: 12.2 Data: 7.14.8 Compiler: 1.24.9 ClmImport: 1.24.9 Creation: 2014-09-02 03:05:33 Inc Data: 7.17.1 Inc Compiler: 1.26.11 Inc ClmImport: 1.26.11 Creation: 2015-03-01 07:22:34
We ndeleng sing versi perangkat kukuh 7.45.18 tanggal 01.03.2015/XNUMX/XNUMX, lan elinga pesawat ing ngisor iki nomer: 43455 (brcmfmac43455-sdio.bin).
# wget https://downloads.raspberrypi.org/raspbian_lite_latest
# unzip -p raspbian_lite_latest > raspbian.img
# fdisk -l raspbian.img
Disk raspbian.img: 2 GiB, 2197815296 bytes, 4292608 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x17869b7d
Device Boot Start End Sectors Size Id Type
raspbian.img1 8192 532480 524289 256M c W95 FAT32 (LBA)
raspbian.img2 540672 4292607 3751936 1.8G 83 Linux
# mount -t ext4 -o loop,offset=$((540672 * 512)) raspbian.img /mnt
# cp -fv /mnt/lib/firmware/brcm/*43455* ...
'/mnt/lib/firmware/brcm/brcmfmac43455-sdio.bin' -> ...
'/mnt/lib/firmware/brcm/brcmfmac43455-sdio.clm_blob' -> ...
'/mnt/lib/firmware/brcm/brcmfmac43455-sdio.txt' -> ...
# umount /mnt
File firmware adaptor Wi-Fi sing diasilake kudu disalin lan diganti karo "raspberry" menyang direktori /usr/lib/firmware/brcm/
Kita urip maneh router mbesuk lan mesem kanthi puas:
# journalctl | grep $(basename $(readlink /sys/class/net/wlan0/device/driver))
Jan 01 04:00:03 router kernel: brcmfmac: F1 signature read @0x18000000=0x15264345
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_fw_map_chip_to_name: using brcm/brcmfmac43455-sdio.bin for chip 0x004345(17221) rev 0x000006
Jan 01 04:00:03 router kernel: usbcore: registered new interface driver brcmfmac
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_c_preinit_dcmds: Firmware version = wl0: Feb 27 2018 03:15:32 version 7.45.154 (r684107 CY) FWID 01-4fbe0b04
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_c_preinit_dcmds: CLM version = API: 12.2 Data: 9.10.105 Compiler: 1.29.4 ClmImport: 1.36.3 Creation: 2018-03-09 18:56:28
Versi: 7.45.154 tanggal 27.02.2018/XNUMX/XNUMX.
Lan mesthi EPEL:
# cat > /etc/yum.repos.d/epel.repo << EOF
[epel]
name=Epel rebuild for armhfp
baseurl=https://armv7.dev.centos.org/repodir/epel-pass-1/
enabled=1
gpgcheck=0
EOF
# yum clean all
# rm -rfv /var/cache/yum
# yum update
4. Konfigurasi jaringan lan tantangan ing ngarep
Kaya sing wis disepakati ing ndhuwur, "raspberry" disambungake karo "kabel" menyang jaringan lokal. Ayo nganggep manawa panyedhiya nyedhiyakake akses Internet kanthi cara sing padha: alamat ing jaringan umum ditanggepi kanthi dinamis dening server DHCP (bisa uga nganggo ikatan MAC). Ing kasus iki, sawise persiyapan pungkasan raspberry, sampeyan mung kudu "nyolok" kabel panyedhiya menyang lan sampeyan wis rampung. Wewenang nggunakake systemd-jaringand - topik artikel sing kapisah lan ora dibahas ing kene.
Antarmuka Wi-Fi Raspberry (e) minangka jaringan lokal, lan adaptor Ethernet sing dibangun ing (eth0) eksternal. Ayo nomer jaringan lokal statis, contone: 192.168.0.0/24. Alamat Raspberry: 192.168.0.1. Server DHCP bakal beroperasi ing jaringan eksternal (Internet).
Kekacauan paralel (lirik digression)Lennart Pottering wis nyusun program dhewe sistem Apik tenan. Iki sistem ngluncurake program liyane kanthi cepet supaya ora duwe wektu kanggo pulih saka wasit singsot, kesandhung lan tiba ing wiwitan tanpa miwiti alangan.
Nanging kanthi serius, paralelisasi agresif proses sing diluncurake ing wiwitan sistem OS minangka jinis "jembatan kuldi" kanggo spesialis LSB sekuensial sing berpengalaman. Begjanipun, nggawa urutan kanggo iki "lam podo karo" dadi metu dadi prasaja, sanajan ora tansah ketok.
Kita nggawe rong antarmuka jembatan virtual kanthi jeneng konstan: lan и wan. Kita bakal "nyambungake" adaptor Wi-Fi menyang sing pisanan, lan eth0 "raspberry" menyang sing kapindho.
/etc/systemd/network/lan.netdev:
[NetDev]
Name=lan
Kind=bridge
/etc/systemd/network/lan.network:
[Match]
Name=lan
[Network]
Address=192.168.0.1/24
IPForward=yes
/etc/systemd/network/wan.netdev:
[NetDev]
Name=wan
Kind=bridge
#MACAddress=xx:xx:xx:xx:xx:xx
/etc/systemd/network/wan.network:
[Match]
Name=wan
[Network]
DHCP=ipv4
IPForward=yes
IPForward=ya ngilangake perlu kanggo pitunjuk menyang kernel liwat sysctl kanggo ngaktifake nuntun.
MACAddress= Ayo mbusak komentar lan ganti yen perlu.
Pisanan kita "nyambung" eth0. Kita ngelingi "masalah keseragaman" lan mung nggunakake alamat MAC antarmuka iki, sing bisa ditemokake, contone, kaya iki:
# cat /sys/class/net/eth0/address
Kita nggawe /etc/systemd/network/eth.network:
[Match]
MACAddress=b8:27:eb:xx:xx:xx
[Network]
Bridge=wan
Kita mbusak file konfigurasi sadurunge eth0, urip maneh Raspberry lan entuk akses jaringan menyang (alamat IP kemungkinan bakal diganti):
# rm -fv /etc/systemd/network/eth0.network
# reboot
5. DNSMASQ
Kanggo nggawe titik akses Wi-Fi, boten ngalahaken saperangan manis DNSMASSQ + hostapd durung ngerti. Ing mratelakake panemume.
Yen ana sing lali, banjur ...
Ayo miwiti nganggo dnsmasq:
# yum install dnsmasq
Pola /etc/resolv.conf:
nameserver 1.1.1.1
nameserver 1.0.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 77.88.8.8
nameserver 77.88.8.1
domain router.local
search router.local
nyunting sak senengmu.
minimalis /etc/dnsmasq.conf:
domain-needed
bogus-priv
interface=lan
bind-dynamic
expand-hosts
domain=#
dhcp-range=192.168.0.100,192.168.0.199,255.255.255.0,24h
conf-dir=/etc/dnsmasq.d
Ing "sihir" kene dumunung ing parameter ikatan-dinamis, sing ngandhani daemon dnsmasq ngenteni nganti katon ing sistem antarmuka = lan, lan ora semaput saka pas kasepen bangga sawise wiwitan.
# systemctl enable dnsmasq
# systemctl start dnsmasq; journalctl -f
6. HOSTAPD
Lan pungkasane, konfigurasi hostapd sihir. Aku ora mangu-mangu yen ana wong sing maca artikel iki kanggo nggoleki garis sing dihormati.
Sadurunge nginstal hostapd, sampeyan kudu ngatasi "masalah keseragaman". Adaptor Wi-Fi sing dibangun wlan0 bisa kanthi gampang ngganti jeneng dadi wlan1 nalika nyambungake peralatan Wi-Fi USB tambahan. Mulane, kita bakal ndandani jeneng antarmuka kanthi cara ing ngisor iki: kita bakal nemokake jeneng unik kanggo adaptor (nirkabel) lan diikat menyang alamat MAC.
Kanggo adaptor Wi-Fi sing dibangun, sing isih wlan0:
# cat /sys/class/net/wlan0/address
b8:27:eb:xx:xx:xx
Kita nggawe /etc/systemd/network/wl0.link:
[Match]
MACAddress=b8:27:eb:xx:xx:xx
[Link]
Name=wl0
Saiki kita bakal yakin manawa wl0 - Iki dibangun ing Wi-Fi. Kita urip maneh Raspberry kanggo mesthekake iki.
Instal:
# yum install hostapd wireless-tools
File konfigurasi /etc/hostapd/hostapd.conf:
ssid=rpi
wpa_passphrase=1234567890
channel=36
country_code=US
interface=wl0
bridge=lan
driver=nl80211
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
macaddr_acl=0
hw_mode=a
wmm_enabled=1
# N
ieee80211n=1
require_ht=1
ht_capab=[MAX-AMSDU-3839][HT40+][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]
# AC
ieee80211ac=1
require_vht=1
ieee80211d=0
ieee80211h=0
vht_capab=[MAX-AMSDU-3839][SHORT-GI-80]
vht_oper_chwidth=1
vht_oper_centr_freq_seg0_idx=42
Tanpa lali sedhela
# hostapd /etc/hostapd/hostapd.conf
hostapd bakal diwiwiti ing mode interaktif, nyiarake negara kasebut menyang konsol. Yen ora ana kesalahan, banjur klien sing ndhukung mode AC bakal bisa nyambung menyang titik akses. Kanggo mungkasi hostapd - Ctrl-C.
Kabeh sing isih ana yaiku ngaktifake hostapd ing wiwitan sistem. Yen sampeyan nindakake perkara standar (systemctl ngaktifake hostapd), banjur sawise urip maneh sabanjure sampeyan bisa njaluk setan "gulung-gulung ing getih" kanthi diagnosis "antarmuka wl0 ora ditemokake". Minangka asil saka "kaos paralel," hostapd diwiwiti luwih cepet tinimbang kernel sing nemokake adaptor nirkabel.
Internet kebak obat: saka wektu entek dipeksa sadurunge miwiti daemon (sawetara menit), kanggo daemon liyane sing ngawasi tampilan antarmuka lan (maneh) miwiti hostpad. Solusi sing cukup bisa digunakake, nanging banget ala. We nelpon ing gedhe kanggo bantuan sistem kanthi "tujuan" lan "tugas" lan "ketergantungan".
Nyalin file layanan distribusi menyang /etc/systemd/system/hostapd.service:
# cp -fv /usr/lib/systemd/system/hostapd.service /etc/systemd/system
lan ngurangi isine dadi wangun ing ngisor iki:
[Unit]
Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
After=sys-subsystem-net-devices-wl0.device
BindsTo=sys-subsystem-net-devices-wl0.device
[Service]
Type=forking
PIDFile=/run/hostapd.pid
ExecStart=/usr/sbin/hostapd /etc/hostapd/hostapd.conf -P /run/hostapd.pid -B
[Install]
WantedBy=sys-subsystem-net-devices-wl0.device
Keajaiban file layanan sing dianyari dumunung ing ikatan dinamis hostapd menyang target anyar - antarmuka wl0. Nalika antarmuka katon, daemon diwiwiti; nalika ilang, iku mandheg. Lan iki kabeh online - tanpa rebooting sistem. Teknik iki bakal migunani banget nalika nyambungake adaptor Wi-Fi USB menyang Raspberry.
Saiki sampeyan bisa:
# systemctl enable hostapd
# reboot
7. IPTABLES
“Wae???” © Ya, ya! ora ana sistem. Ora ana kombinasi newfangled (ing wangun firewalld), sing pungkasane nindakake perkara sing padha.
Ayo nganggo sing lawas sing apik iptables, kang layanan, sawise miwiti, bakal mbukak aturan jaringan menyang kernel lan quietly mati tanpa tetep penduduk lan tanpa nggunakake sumber daya. systemd wis elegan IPMasquerade=, nanging kita isih bakal ngandelake terjemahan alamat (NAT) lan firewall menyang iptables.
Instal:
# yum install iptables-services
# systemctl enable iptables ip6tables
Aku luwih seneng nyimpen konfigurasi iptables minangka skrip (umpamane):
#!/bin/bash
#
# Disable IPv6
#
ip6tables --flush
ip6tables --delete-chain
ip6tables --policy INPUT DROP
ip6tables --policy FORWARD DROP
ip6tables --policy OUTPUT DROP
ip6tables-save > /etc/sysconfig/ip6tables
systemctl restart ip6tables
#
# Cleaning
#
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
#
# Loopback, lan
#
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i lan -j ACCEPT
#
# Ping, Established
#
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#
# NAT
#
iptables -t nat -A POSTROUTING -o wan -j MASQUERADE
#
# Saving
#
iptables-save > /etc/sysconfig/iptables
systemctl restart iptables
Kita nglakokake skrip ing ndhuwur lan kelangan kemampuan kanggo nggawe sambungan SSH kabel anyar karo Raspberry. Bener, kita wis nggawe router Wi-Fi, akses sing "liwat Internet" dilarang kanthi standar - saiki mung "liwat udhara". Kita nyambungake kabel Ethernet panyedhiya lan miwiti surfing!
8. Bonus: + 2,4GHz
Nalika aku ngumpulake router Raspberry pisanan nggunakake gambar sing diterangake ing ndhuwur, aku nemokake sawetara gadget ing omahku sing, amarga watesan desain Wi-Fi, ora bisa ndeleng "raspberry" kabeh. Ngonfigurasi ulang router supaya bisa digunakake ing 802.11b / g / n ora olahraga, amarga kacepetan maksimal "liwat udhara" ing kasus iki ora ngluwihi 40 Mbit, lan panyedhiya Internet favoritku nawakake 100 (liwat kabel).
Nyatane, solusi kanggo masalah kasebut wis diciptakake: antarmuka Wi-Fi kapindho sing beroperasi ing frekuensi 2,4 GHz, lan titik akses liya. Ing kios sing cedhak, aku ora tuku sing pertama, nanging "singsot" USB Wi-Fi nomer loro sing aku temokake. Sing bakul disiksa dening pitakonan babagan chipset, kompatibilitas karo kernel Linux ARM lan kemungkinan bisa digunakake ing mode AP (dheweke sing pisanan miwiti).
Kita ngatur "singsot" kanthi analogi karo adaptor Wi-Fi sing dibangun.
Pisanan, ayo ganti jeneng dadi wl1:
# cat /sys/class/net/wlan0/address
b0:6e:bf:xx:xx:xx
/etc/systemd/network/wl1.link:
[Match]
MACAddress=b0:6e:bf:xx:xx:xx
[Link]
Name=wl1
Kita bakal ngandelake manajemen antarmuka Wi-Fi anyar menyang daemon hostapd sing kapisah, sing bakal diwiwiti lan mandheg gumantung anané "singsot" sing ditetepake kanthi ketat ing sistem: wl1.
File konfigurasi /etc/hostapd/hostapd2.conf:
ssid=rpi2
wpa_passphrase=1234567890
#channel=1
#channel=6
channel=11
interface=wl1
bridge=lan
driver=nl80211
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
macaddr_acl=0
hw_mode=g
wmm_enabled=1
# N
ieee80211n=1
require_ht=1
ht_capab=[HT40][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]
Isi file iki langsung gumantung ing model adaptor USB Wi-Fi, supaya salinan banal / tempel bisa gagal sampeyan.
Nyalin file layanan distribusi menyang /etc/systemd/system/hostapd2.service:
# cp -fv /usr/lib/systemd/system/hostapd.service /etc/systemd/system/hostapd2.service
lan ngurangi isine dadi wangun ing ngisor iki:
[Unit]
Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
After=sys-subsystem-net-devices-wl1.device
BindsTo=sys-subsystem-net-devices-wl1.device
[Service]
Type=forking
PIDFile=/run/hostapd2.pid
ExecStart=/usr/sbin/hostapd /etc/hostapd/hostapd2.conf -P /run/hostapd2.pid -B
[Install]
WantedBy=sys-subsystem-net-devices-wl1.device
Kabeh sing isih ana yaiku ngaktifake conto anyar saka hostapd:
# systemctl enable hostapd2
Iku kabeh! Narik "singsot" lan "raspberry" dhewe, katon ing jaringan nirkabel watara sampeyan.
Lan pungkasane, aku pengin ngelingake sampeyan babagan kualitas adaptor Wi-Fi USB lan sumber daya Raspberry. Sambungan "panas singsot" kadhangkala bisa nimbulaké "raspberry pembekuan" amarga short-term listrik masalah.
Source: www.habr.com