Ingens copia notitiarum in Interreti est ut accessum Wi-Fi creando puncta in RUBUS IDAICA unius tabulae PC fundatae sint. Pro regula, hoc significat Raspbian operandi systema indigena ad Raspberry.

Cum RPM systematis fundamento adhaerens, hoc minimo miraculo praeterire non potui nec dilectum meum CentOS in eo experiri potui.

Articulus instructiones praebet ad iter faciendum 5GHz/AC Wi-Fi ex Raspberry Pi 3 Exemplar B+ fundatur in systemate CentOS operante. Plures regulae sed parum notae strophæ erunt, et quasi bonus - extractio ad accessionem accessionis Wi-Fi cum instrumento ad Raspberry permittens, eam pluribus modis simul operari (2,4+5GHz).

(Misce gratis praesto imagines)

Ilicet notemus aliquas velocitates cosmicae non operari. Exprimo maximum 100 Mbps e meo Raspberry super aerem, et hoc velocitatem provisoris mei Internet contegit. Cur tam segnis AC eges, si in speculatione etiam in N dimidium gigabit? Si te ipsum interrogasti, vade ad macellum ut iter verum cum octo antennis externis emeret.

0. quod tibi opus est

• Profecto ipsum "raspberry productum" de gente est: Pi 3 exemplar B+ (ad optatum 5GHz velocitates et canales assequendum);
• Good microSD >= 4GB;
• Workstation cum Linux et microSD lectore / scriptore;
• Articulus sufficientis artes in Linux pro docta Geek;
• Retis wired (eth0) connectivity inter Raspberry et Linux, servo DHCP currentis in retiacula locali et interretialem accessum ab utraque machinis.

Commentarium parvum de ultimo puncto. "Qui primum, ovum vel ..." quomodo Wi-Fi iter facere sine aliquo instrumento interretiali accessu? Hanc delectationem extra ambitum articuli abeamus et simpliciter assumamus quod Raspberry per filum ad network locali coniungitur et ad interreti aditum habet. In hoc casu, non opus est nobis addito TV et tractatori ad "raspberry" constituere.

1. Install CentOS

Project home page

In tempore scribendi huius articuli, versio CentOS currens in fabrica est 32 frenum. Alicubi in Tela Mundi Incidi opiniones pervenerunt ut architecturae in 64 bits ARM architecturae talium OSes perficiendi quantum 20% minui posse. Hoc momento sine commento relinquo.

In Linux, minimam imaginem cum nucleo fac "-RaspberryPI-"et microSD scribere;

# xzcat CentOS-Userland-7-armv7hl-RaspberryPI-Minimal-1810-sda.raw.xz | 
  dd of=/dev/mmcblk0 bs=4M
# sync

Priusquam imagini utendum esse incipias, partitio SWAP solvemus, radicem toti volumini in promptu dilate et SELinux tollemus. Algorithmus simplex est: exemplum radicis in Linux fac, omnes partitiones e microSD dele praeter primam (/boot), novam radicem crea et contenta ex exemplari redde.

Exemplum actionum inquisitae (graves console output)

# mount /dev/mmcblk0p3 /mnt
# cd /mnt
# tar cfz ~/pi.tgz . --no-selinux
# cd
# umount /mnt

# parted /dev/mmcblk0

(parted) unit s
(parted) print free
Model: SD SC16G (sd/mmc)
Disk /dev/mmcblk0: 31116288s
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number  Start     End        Size       Type     File system     Flags
        63s       2047s      1985s               Free Space
 1      2048s     1370111s   1368064s   primary  fat32           boot, lba
 2      1370112s  2369535s   999424s    primary  linux-swap(v1)
 3      2369536s  5298175s   2928640s   primary  ext4
        5298176s  31116287s  25818112s           Free Space

(parted) rm 3
(parted) rm 2

(parted) print free
Model: SD SC16G (sd/mmc)
Disk /dev/mmcblk0: 31116288s
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number  Start     End        Size       Type     File system  Flags
        63s       2047s      1985s               Free Space
 1      2048s     1370111s   1368064s   primary  fat32        boot, lba
        1370112s  31116287s  29746176s           Free Space

(parted) mkpart
Partition type?  primary/extended? primary
File system type?  [ext2]? ext4
Start? 1370112s
End? 31116287s

(parted) set
Partition number? 2
Flag to Invert? lba
New state?  on/[off]? off

(parted) print free
Model: SD SC16G (sd/mmc)
Disk /dev/mmcblk0: 31116288s
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number  Start     End        Size       Type     File system  Flags
        63s       2047s      1985s               Free Space
 1      2048s     1370111s   1368064s   primary  fat32        boot, lba
 2      1370112s  31116287s  29746176s  primary  ext4

(parted) quit

# mkfs.ext4 /dev/mmcblk0p2 
mke2fs 1.44.6 (5-Mar-2019)
/dev/mmcblk0p2 contains a swap file system labelled '_swap'
Proceed anyway? (y,N) y
Discarding device blocks: done                            
Creating filesystem with 3718272 4k blocks and 930240 inodes
Filesystem UUID: 6a1a0694-8196-4724-a58d-edde1f189b31
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done   

# mount /dev/mmcblk0p2 /mnt
# tar xfz ~/pi.tgz -C /mnt --no-selinux

Post partitionem radicis contenta nudare, tempus est ad aliquas mutationes facere.

Inactivare SELinux in /mnt/etc/selinux/config:

SELINUX=disabled

Emendo /mnt/etc/fstabin eo relinquens duos tantum introitus circa partitiones: tabernus (/boot, nullas mutationes) et radicem (mutamus valorem UUID, quod inveniri potest per investigationem praepositorum blkidorum de Linux);

UUID=6a1a0694-8196-4724-a58d-edde1f189b31  /     ext4    defaults,noatime 0 0
UUID=6938-F4F2                             /boot vfat    defaults,noatime 0 0

Denique nucleos tabernus parametris mutamus: novum locum partitio radicis denotamus, outputa debugging informationes disable et (libitum) prohibemus nucleum ne inscriptiones IPv6 in retis interfaces assignes;

# cd
# umount /mnt
# mount /dev/mmcblk0p1 /mnt

Hic est contentus /mnt/cmdline.txt ad formam sequentem (una linea sine paucis edd.);

root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait quiet ipv6.disable_ipv6=1

consummare;

# cd
# umount /mnt
# sync

MicroSD in "raspberry" ordinamus, eam deducimus et accessum ad retiaculum accipimus per ssh (radix/centos).

2. constituendum CentOS

Primum tres motus inconcussi sunt; passwd, yum y update, reboot.

Damus network procuratio networkd:

# yum install systemd-networkd
# systemctl enable systemd-networkd
# systemctl disable NetworkManager
# chkconfig network off

Facere lima (una cum directoriis) /etc/systemd/network/eth0.network:

[Match]
Name=eth0

[Network]
DHCP=ipv4

Nos "raspberry" reboot et iterum accessum ad retiaculum accipimus per ssh (inscriptio IP mutare potest). Attende ad quod adhibetur /etc/resolv.confantea a Network Procurator creatus. Ergo, in casu quaestionis cum proposito, contenta recensere. Usus systemd certus, Nos autem non in.

"Necessarium" removemus, reficimus et acceleramus oneratione OS:

# systemctl set-default multi-user.target
# yum remove GeoIP Network* aic* alsa* cloud-utils-growpart 
  cronie* dhc* firewal* initscripts iwl* kexec* logrotate 
  postfix rsyslog selinux-pol* teamd wpa_supplicant

Quis eget? cron et qui non concoquit, constructum-in systemd timersstatuere quod deest. / Var / iniuriarum- et perspice journalctl. Si historiae indice opus est (per defaltam, informationem tantum a momento incipit ratio reposita est);

# mkdir /var/log/journal
# systemd-tmpfiles --create --prefix /var/log/journal
# systemctl restart systemd-journald
# vi /etc/systemd/journald.conf

Disable usum IPv6 a basic officia (si opus fuerit)/ Etc / ssh / sshd_config:

AddressFamily inet

/etc/sysconfig/chronyd:

OPTIONS="-4"

Temporis momentum in "raspberry" magni momenti est. Cum extra pixidem nulla facultas ferramentorum ad servandum statum hodiernum horologii super reboot, opus est synchronisation. Valde bonus et celer daemon hoc est voco - iam inauguratus et statim incipit. Mutare potes NTP servientes in proximas.

/etc/chrony.conf:

server 0.ru.pool.ntp.org iburst
server 1.ru.pool.ntp.org iburst
server 2.ru.pool.ntp.org iburst
server 3.ru.pool.ntp.org iburst

Ut tempus utimur zona nos fraudem. Cum propositum nostrum sit iter itineris operantem in 5GHz frequentiis creare Wi-Fi, in antecessum improvisas parabimus moderator,:

# Yum info crda
Summarium: Regulatorium obsequium daemonis ad 802.11 wireless networking

Hoc malum consilium, etiam in zona temporis fundatum, "prohibet" usum frequentiorum 5GHz et canalium cum numeris "altis". Dolum est zona tempus constituere sine nominibus continentium/urbium, id est, loco:

# timedatectl set-timezone Europe/Moscow

urgemus:

# timedatectl set-timezone Etc/GMT-3

Ultimum autem tangit imperdiet systematis;

# hostnamectl set-hostname router

/root/.bash_profile:

. . .

# User specific environment and startup programs

export PROMPT_COMMAND="vcgencmd measure_temp"
export LANG=en_US.UTF-8
export PATH=$PATH:$HOME/bin

3. CentOS Add-ons

Omnia, quae supra dicta sunt, integra haberi possunt instructiones ad "vanillas" CentOS in Raspberry Pi inaugurari. Finire debes cum PC ut ocreis minus quam 10 secundis, minus quam 15 Megabytes RAM et 1.5 Gigabytes microSD (minus quam 1 Gigabyte ob incompletam / tabernus, sed honestam esse debet).

Ad accessum Wi-FI instituendum punctum programmatis huius systematis, necesse erit leviter ampliare capacitates vexillum CentOS distributionis. Imprimis, scriptor upgrade aurigam (firmware) constructi-in Wi-Fi adaptoris. Exertum paginam dicit:

WiFi in RUBUS IDAEUS 3B et 3B +

Fasciculi Raspberry PI 3B/3B+ firmware ab CentOS Project distribui non licet. Articulis sequentibus uti potes ad exitum cognoscendum, firmware habe et WiFi erige.

Quod ad CentOS proiectum prohibetur, usui personali nobis non prohibetur. Distributionem Wi-Fi firmware in CentOS restituimus cum e scopulis latis comitibus respondente (eisdem Blobs binariis odiosis...). Hoc imprimis permittet te AC in accessu puncto modo uti.

Wi-FI firmware upgradeInveni fabrica exemplar et vena firmware version:

# journalctl | grep $(basename $(readlink /sys/class/net/wlan0/device/driver))
Jan 01 04:00:03 router kernel: brcmfmac: F1 signature read @0x18000000=0x15264345
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_fw_map_chip_to_name: using brcm/brcmfmac43455-sdio.bin for chip 0x004345(17221) rev 0x000006
Jan 01 04:00:03 router kernel: usbcore: registered new interface driver brcmfmac
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_c_preinit_dcmds: Firmware version = wl0: Mar  1 2015 07:29:38 version 7.45.18 (r538002) FWID 01-6a2c8ad4
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_c_preinit_dcmds: CLM version = API: 12.2 Data: 7.14.8 Compiler: 1.24.9 ClmImport: 1.24.9 Creation: 2014-09-02 03:05:33 Inc Data: 7.17.1 Inc Compiler: 1.26.11 Inc ClmImport: 1.26.11 Creation: 2015-03-01 07:22:34 

Videmus versionem firmware esse 7.45.18 01.03.2015/XNUMX/XNUMX datas, ac memoriam sequentium numerorum rettulisse: 43455 (brcmfmac43455-sdio.bin).

Download hodiernam Raspbian imaginem. Ignavi homines imaginem microSD scribere possunt et tabellas cum firmware inde capere. Vel radicem in Linux imaginis partitionem conscendere potes et id inde excipe quod tibi opus est.

# wget https://downloads.raspberrypi.org/raspbian_lite_latest
# unzip -p raspbian_lite_latest > raspbian.img
# fdisk -l raspbian.img
Disk raspbian.img: 2 GiB, 2197815296 bytes, 4292608 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x17869b7d

Device        Boot  Start     End Sectors  Size Id Type
raspbian.img1        8192  532480  524289  256M  c W95 FAT32 (LBA)
raspbian.img2      540672 4292607 3751936  1.8G 83 Linux

# mount -t ext4 -o loop,offset=$((540672 * 512)) raspbian.img /mnt
# cp -fv /mnt/lib/firmware/brcm/*43455* ...
'/mnt/lib/firmware/brcm/brcmfmac43455-sdio.bin' -> ...
'/mnt/lib/firmware/brcm/brcmfmac43455-sdio.clm_blob' -> ...
'/mnt/lib/firmware/brcm/brcmfmac43455-sdio.txt' -> ...
# umount /mnt

Inde Wi-FI adaptor firmware files debet exscribi et reponi cum "raspberry" in indicem /usr/lib/firmware/brcm/

Futurum iter itineris nos reboot et aequo risu:

# journalctl | grep $(basename $(readlink /sys/class/net/wlan0/device/driver))
Jan 01 04:00:03 router kernel: brcmfmac: F1 signature read @0x18000000=0x15264345
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_fw_map_chip_to_name: using brcm/brcmfmac43455-sdio.bin for chip 0x004345(17221) rev 0x000006
Jan 01 04:00:03 router kernel: usbcore: registered new interface driver brcmfmac
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_c_preinit_dcmds: Firmware version = wl0: Feb 27 2018 03:15:32 version 7.45.154 (r684107 CY) FWID 01-4fbe0b04
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_c_preinit_dcmds: CLM version = API: 12.2 Data: 9.10.105 Compiler: 1.29.4 ClmImport: 1.36.3 Creation: 2018-03-09 18:56:28 

Versionem: 7.45.154 datas 27.02.2018/XNUMX/XNUMX.

Et sane EPEL;

# cat > /etc/yum.repos.d/epel.repo << EOF
[epel]
name=Epel rebuild for armhfp
baseurl=https://armv7.dev.centos.org/repodir/epel-pass-1/
enabled=1
gpgcheck=0
EOF

# yum clean all
# rm -rfv /var/cache/yum
# yum update

4. Network configuratione ac provocat praemisit

Ut supra constat, "filum" per "filum" coniungitur cum network locali. Demus quod provisor Internet accessum praebet eodem prorsus modo: oratio in retis publici dynamice proponitur a servo DHCP (fortasse cum MAC ligatione). In hoc casu, post finalem positionem raspberry, opus "plug" provisoris funem in eum es et factum. LICENTIA usura systemd-networkd — De argumento articuli separati et hic non disputatur.

Raspberry Wi-FI interface(s) est retis localis, et adaptor Aethernet aedificatum (eth0) externum est. Numeras reticulum localem stataliter, exempli gratia: 192.168.0.0/24. Raspberry inscriptio: 192.168.0.1. A DHCP server in retiaculis externis operabitur (Internet).

Appellans Constantiam Problema и celebre Guatimalensis programmator - Duas molestias qui exspectant, quisquis interfaces et officia retis in distributionibus systematis conformat.

Parallel chaos (digressio lyrica)Lennart Pottering programma suum composuit systemd Optime. Hoc systemd alias programmata tam cito immittit ut, non habens tempus ad recipiendum ex ictu sibili referendaris, in initio ruat et cadat, quin etiam cursum suum impediat.

Sed serio, parallelisatio infestantium processuum deductarum in initio systemd OS est quaedam "pons asini" pro sequential LSB conditura. Fortunate ordinans ad hunc chaos parallelum simplex evadit, licet non semper evidens.

Duos pontes virtuales creamus assiduis nominibus intermixti: Lan и pallentes. "Coniungemus" adaptatorem primum Wi-Fi, et eth0 "rubicundus" ad secundum.

/etc/systemd/network/lan.netdev:

[NetDev]
Name=lan
Kind=bridge

/etc/systemd/network/lan.network:

[Match]
Name=lan

[Network]
Address=192.168.0.1/24
IPForward=yes

/etc/systemd/network/wan.netdev:

[NetDev]
Name=wan
Kind=bridge
#MACAddress=xx:xx:xx:xx:xx:xx

/etc/systemd/network/wan.network:

[Match]
Name=wan

[Network]
DHCP=ipv4
IPForward=yes

IPForward = sic eliminat necessitatem innendi ad nucleum via sysctl ad excitandam facultatem.
MACAddress = Incommodum et mutationem, si opus sit, celebremus.

Primum "iungo" eth0. Meminimus "quaestionis uniformitatis" et solum MAC inscriptione huius interfaciei utimur, quae inveniri potest, exempli gratia, hoc modo:

# cat /sys/class/net/eth0/address 

Nos creare /etc/systemd/network/eth.network:

[Match]
MACAddress=b8:27:eb:xx:xx:xx

[Network]
Bridge=wan

Priorem limam conformationem eth0 delemus, raspberry reboo et accessum ad retiaculum obtinebis (Inscriptionem IP fere mutabit);

# rm -fv /etc/systemd/network/eth0.network
# reboot

5.DNSMASQ

Ad accessum faciens Wi-FI puncta, nihil suave copulabis verberat dnsmasq + hostapd sed non instar illud. Mea quidem sententia.

Si quis oblitus, ergo...hostapd - Haec res est quae adaptatores Wi-FI moderatur (praesertim curabit eas connectendi cum virtuali; Lan "raspberries"), auctorizat ac registra clientium wireless.

dnsmasq - acervum retis clientium conformat: proventus IP inscriptiones, DNS servientes, portae default et similes delectationes.

Dnsmasq sit amet:

# yum install dnsmasq

Шаблон /etc/resolv.conf:

nameserver 1.1.1.1
nameserver 1.0.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 77.88.8.8
nameserver 77.88.8.1
domain router.local
search router.local

recensere placet.

minimalistic /etc/dnsmasq.conf:

domain-needed
bogus-priv
interface=lan
bind-dynamic
expand-hosts
domain=#
dhcp-range=192.168.0.100,192.168.0.199,255.255.255.0,24h
conf-dir=/etc/dnsmasq.d

"magicae" hic in parametro jacet ligare-dynamic, qui narrat dnsmasq daemonem expectare usque dum in systemate apparet interface = lannec deficiet post initium solitudinis superbae.

# systemctl enable dnsmasq
# systemctl start dnsmasq; journalctl -f

6. HOSTAPD

Ac denique magicae hostapd conformationes. Non dubito quin aliquem hunc articulum legerit ad praecise illas lineas conservandas quaerendas.

Priusquam inaugurarimus hostapd, necesse est "nostrum uniformitatem vincere". Constructum-in Wi-FI adaptatorem wlan0 facile nomen suum in wlan1 mutare potest cum apparatu addito USB Wi-FI coniungens. Ideo nomina interfaciendi hoc modo figemus: nominibus singularibus ad adaptatores (wireless) ascendemus eosque ad inscriptiones MAC ligabimus.

Nam constructum-in Wi-Fi adaptor, quod adhuc wlan0 est;

# cat /sys/class/net/wlan0/address 
b8:27:eb:xx:xx:xx

Nos creare /etc/systemd/network/wl0.link:

[Match]
MACAddress=b8:27:eb:xx:xx:xx

[Link]
Name=wl0

Nunc certus quod erimus wl0 - Haec aedificata est in Wi-FI. Nos RUBUS IDAEUS reboot hoc fac.

Inaugurare:

# yum install hostapd wireless-tools

Configurationis file /etc/hostapd/hostapd.conf:

ssid=rpi
wpa_passphrase=1234567890

channel=36

country_code=US

interface=wl0
bridge=lan

driver=nl80211

auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP

macaddr_acl=0

hw_mode=a
wmm_enabled=1

# N
ieee80211n=1
require_ht=1
ht_capab=[MAX-AMSDU-3839][HT40+][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]

# AC
ieee80211ac=1
require_vht=1
ieee80211d=0
ieee80211h=0
vht_capab=[MAX-AMSDU-3839][SHORT-GI-80]
vht_oper_chwidth=1
vht_oper_centr_freq_seg0_idx=42

Sine immemores parumper subitis Committee, parametris quae nobis necessaria sunt ac manuale ceptum functionis;

# hostapd /etc/hostapd/hostapd.conf

hostapd incipiet in modo interactive, diffundens statum suum ad consolatorium. Si errores non sunt, clientes qui AC modum sustinentes ad punctum accessum coniungere poterunt. Desinere hostapd — Ctrl-c.

Reliquum est ut hostapd in systemate startup efficere possit. Si rem vexillum (systemctl da hostapd feceris), deinde post reboot sequentem daemonem "volutum in sanguine" cum diagnosi accipere potes.interface wl0 non inveni». Ex "parallelis chaos" hostapd citius surrexit quam acinum invenit adaptorem wireless.

Interretus plenus remediis est: ante tempus violentum antequam daemon (multa minuta), ad alium daemonem qui monitores speciem interfaciendi et (re) hostpad inceperit. Solutiones sunt satis operabiles, sed valde foedae. Magnum auxilium invocamus systemd cum suis "metis" et "officiis" et "dependentiis".

Effingo distributionis officium file to /etc/systemd/system/hostapd.service:

# cp -fv /usr/lib/systemd/system/hostapd.service /etc/systemd/system

et contenta reducere in formam sequentem;

[Unit]
Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
After=sys-subsystem-net-devices-wl0.device
BindsTo=sys-subsystem-net-devices-wl0.device

[Service]
Type=forking
PIDFile=/run/hostapd.pid
ExecStart=/usr/sbin/hostapd /etc/hostapd/hostapd.conf -P /run/hostapd.pid -B

[Install]
WantedBy=sys-subsystem-net-devices-wl0.device

Magica documenti updated servitii in dynamica ligatione hostapd ad novum scopum - wl0 interfaciei iacet. Apparente instrumento, daemon incipit: cum evanescit, subsistit. Atque haec omnia online - sine systemate reboting. Haec ars maxime utilis erit cum USB Wi-FI coniungens cum Raspberry adaptor.

Nunc potes;

# systemctl enable hostapd
# reboot

7. IPTABLES

"Wha???" © Etiam, est! Nullus systemd. Non novum componit (per formam firewalld) quae idem inciderint.

Utere bonum vetus unum iptables, cuius officia, postquam incipiant, regulas retis onerabunt in nucleum et quiete inclusos, sine manentes et sine usibus facultatibus remanentes. systemd elegantem habet IPMasquerade=sed tamen inscriptionis (NAT) et murum iptables trademus.

Inaugurare:

# yum install iptables-services
# systemctl enable iptables ip6tables

Malo repone iptables configurationem pro scripto (exempli gratia);

#!/bin/bash

#
# Disable IPv6
#
ip6tables --flush
ip6tables --delete-chain

ip6tables --policy INPUT   DROP
ip6tables --policy FORWARD DROP
ip6tables --policy OUTPUT  DROP

ip6tables-save > /etc/sysconfig/ip6tables
systemctl restart ip6tables

#
# Cleaning
#
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

#
# Loopback, lan
#
iptables -A INPUT -i lo  -j ACCEPT
iptables -A INPUT -i lan -j ACCEPT

#
# Ping, Established
#
iptables -A INPUT -p icmp  --icmp-type echo-request    -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#
# NAT
#
iptables -t nat -A POSTROUTING -o wan -j MASQUERADE

#
# Saving
#
iptables-save > /etc/sysconfig/iptables
systemctl restart iptables

Exsecuimus superius scriptum et facultatem amittimus novas coniunctiones cum Raspberry wired SSH condendi. Ius est iter itineris Wi-Fi fecimus, cui accessus "per Internet" per defaltam prohibetur - nunc tantum "per aerem". Provisoris Aer funem coniungimus et superficies committitur!

8. Bonus: +2,4GHz

Cum primum iter itineris Raspberry per extractionem supra descriptum convocavi, complura gadgetum in familia mea inveni quod, ob limitationes designationis Wi-Fi, omnino "raspberry" videre non potuit. Reconfigurans iter itineris ad operandum anno 802.11b/g/n asportabat, quia maxima celeritas "per aerem" hoc casu 40 Mbit non excessit, et meus provisor meus 100 (per funem) mihi praebet.

Re quidem vera solutio quaestionis iam inventa est: altera Wi-Fi operans interfaciem in frequentia 2,4 GHz, et punctum alterum accessum. In stabulo prope me non primum, sed secundum USB Wi-Fi "sibilus" transivi. Venditor torquebatur per interrogationes circa corpulpam, convenientiam cum ARM Linux nucleis et possibilitatem operandi in AP modo (primus committitur).

"sibilus" per analogiam cum constructo-in Wi-Fi adaptore configuramus.

Primum in secunda nomine eamus wl1:

# cat /sys/class/net/wlan0/address 
b0:6e:bf:xx:xx:xx

/etc/systemd/network/wl1.link:

[Match]
MACAddress=b0:6e:bf:xx:xx:xx

[Link]
Name=wl1

Novi Wi-FI administrationem interfaciei committemus separato hostapd daemone, quod incipiet et desinet secundum praesentiam stricte definitae "sibili" in systematis: wl1.

Configurationis file /etc/hostapd/hostapd2.conf:

ssid=rpi2
wpa_passphrase=1234567890

#channel=1
#channel=6
channel=11

interface=wl1
bridge=lan

driver=nl80211

auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP

macaddr_acl=0

hw_mode=g
wmm_enabled=1

# N
ieee80211n=1
require_ht=1
ht_capab=[HT40][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]

Contenta huius fasciculi directe pendent ad exemplar adaptoris USB Wi-Fi, ut exemplum vulgare/crustulum tibi desit.

Effingo distributionis officium file to /etc/systemd/system/hostapd2.service:

# cp -fv /usr/lib/systemd/system/hostapd.service /etc/systemd/system/hostapd2.service

et contenta reducere in formam sequentem;

[Unit]
Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
After=sys-subsystem-net-devices-wl1.device
BindsTo=sys-subsystem-net-devices-wl1.device

[Service]
Type=forking
PIDFile=/run/hostapd2.pid
ExecStart=/usr/sbin/hostapd /etc/hostapd/hostapd2.conf -P /run/hostapd2.pid -B

[Install]
WantedBy=sys-subsystem-net-devices-wl1.device

Reliquum est ut novam instantiam hostapd efficere possit:

# systemctl enable hostapd2

Ita est! Phasellus sit amet ipsum et ipsum viverra, at in tellus dapibus.

Denique monere te volo de qualitate USB Wi-Fi adaptor et potentia copia Raspberry. Coniuncta "sibilus calidus" interdum potest causare "rubicundus congelatio" propter breve tempus molestias electricas.

Source: www.habr.com