Waxaa jira xaddi aad u badan oo macluumaad ah oo ku saabsan internetka oo ku saabsan abuurista dhibcaha marinka Wi-Fi ee ku saleysan Raspberry kombuyuutar hal sax ah. Sida caadiga ah, tani waxay ka dhigan tahay isticmaalka nidaamka hawlgalka Raspbian ee u dhashay Raspberry.

Anigoo raacaya nidaamyada ku saleysan RPM, ma dhaafi karin mucjisadan yar mana isku dayi karin CentOS gacaliyahayga.

Maqaalku wuxuu bixiyaa tilmaamo lagu samaynayo 5GHz/AC Wi-Fi router ka Raspberry Pi 3 Model B+ oo ku salaysan nidaamka hawlgalka CentOS. Waxaa jiri doona dhowr farsamooyin heersare ah laakiin aan la aqoon, iyo gunno ahaan - sawir lagu xirayo qalab dheeri ah oo Wi-Fi ah Raspberry, taasoo u oggolaaneysa inay isku mar ku shaqeyso dhowr nooc (2,4 + 5GHz).

(isku dhafan sawirro si xor ah loo heli karo)

Aynu isla markiiba ogaano in qaar ka mid ah xawliyada cosmic aysan shaqayn doonin. Waxaan ku tuujiyaa ugu badnaan 100 Mbps ee Raspberry-ka hawada, tanina waxay dabooshaa xawaaraha bixiyahayga internetka. Maxaad ugu baahan tahay AC caajis ah, haddii aragti ahaan aad ku heli karto gigabit nus xitaa N? Haddii aad is weydiisay su'aashan, ka dibna u tag dukaanka si aad u iibsato router dhab ah oo leh siddeed anteeno dibadda ah.

0. Waxaad u baahan doontaa

• Dhab ahaantii, "alaabta raspberry" lafteedu waa caliber: Pi 3 Model B+ (si loo gaaro xawaaraha 5GHz ee la jecel yahay iyo kanaalada);
• microSD wanaagsan>= 4GB;
• Goobta shaqada ee Linux iyo microSD akhristaha/qoraa;
• Helitaanka xirfado ku filan Linux, maqaalku waa Geek tababbaran;
• Isku xirka shabakada (eth0) ee ka dhexeeya Raspberry iyo Linux, ku shaqeeya serverka DHCP ee shabakada maxaliga ah iyo helitaanka internetka ee labada qalab.

Faallo yar oo ku saabsan qodobka u dambeeya. "Kee baa hor yimid, ukunta ama..." sida loo sameeyo router Wi-Fi ah iyada oo aysan jirin wax qalab ah oo internetka ah? Aynu ka tagno layligan madadaalada leh meel ka baxsan baaxadda maqaalka oo aynu si fudud u qaadanno in Raspberryku uu ku xidhan yahay shabakadda maxaliga ah silig oo uu galo internetka. Xaaladdan oo kale, uma baahnaan doono TV dheeraad ah iyo manipulator si loo dejiyo "raspberry".

1. Ku rakib CentOS

Mashruuca bogga guriga

Waqtiga qorista maqaalkan, nooca ku shaqeeya ee CentOS ee aaladda waa 32-bit. Meel ka mid ah Shabakadda Caalamiga ah ee Shabakadda Waxaan la kulmay fikrado ah in waxqabadka OS-yada noocan oo kale ah ee 64-bit ARM naqshadeynta la dhimay ilaa 20%. Waxaan ka tagi doonaa xilligan oo aan faallo.

Linux, kala soo bax sawirka ugu yar kernel-ka"-RaspberryPI-"oo u qor microSD:

# xzcat CentOS-Userland-7-armv7hl-RaspberryPI-Minimal-1810-sda.raw.xz | 
  dd of=/dev/mmcblk0 bs=4M
# sync

Kahor intaadan bilaabin isticmaalka sawirka, waxaan ka saari doonaa qaybta SWAP, waxaan ku ballaarin doonaa xididka dhammaan mugga la heli karo oo ka takhalusi doona SELinux. Algorithm waa mid fudud: ka samee nuqul ka mid ah xididka Linux, ka tirtir dhammaan qaybaha microSD marka laga reebo kan ugu horreeya (/boot), samee xidid cusub oo ka soo celi waxa ku jira nuqulka.

Tusaalaha ficilada loo baahan yahay (wax soo saarka console daran)

# mount /dev/mmcblk0p3 /mnt
# cd /mnt
# tar cfz ~/pi.tgz . --no-selinux
# cd
# umount /mnt

# parted /dev/mmcblk0

(parted) unit s
(parted) print free
Model: SD SC16G (sd/mmc)
Disk /dev/mmcblk0: 31116288s
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number  Start     End        Size       Type     File system     Flags
        63s       2047s      1985s               Free Space
 1      2048s     1370111s   1368064s   primary  fat32           boot, lba
 2      1370112s  2369535s   999424s    primary  linux-swap(v1)
 3      2369536s  5298175s   2928640s   primary  ext4
        5298176s  31116287s  25818112s           Free Space

(parted) rm 3
(parted) rm 2

(parted) print free
Model: SD SC16G (sd/mmc)
Disk /dev/mmcblk0: 31116288s
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number  Start     End        Size       Type     File system  Flags
        63s       2047s      1985s               Free Space
 1      2048s     1370111s   1368064s   primary  fat32        boot, lba
        1370112s  31116287s  29746176s           Free Space

(parted) mkpart
Partition type?  primary/extended? primary
File system type?  [ext2]? ext4
Start? 1370112s
End? 31116287s

(parted) set
Partition number? 2
Flag to Invert? lba
New state?  on/[off]? off

(parted) print free
Model: SD SC16G (sd/mmc)
Disk /dev/mmcblk0: 31116288s
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number  Start     End        Size       Type     File system  Flags
        63s       2047s      1985s               Free Space
 1      2048s     1370111s   1368064s   primary  fat32        boot, lba
 2      1370112s  31116287s  29746176s  primary  ext4

(parted) quit

# mkfs.ext4 /dev/mmcblk0p2 
mke2fs 1.44.6 (5-Mar-2019)
/dev/mmcblk0p2 contains a swap file system labelled '_swap'
Proceed anyway? (y,N) y
Discarding device blocks: done                            
Creating filesystem with 3718272 4k blocks and 930240 inodes
Filesystem UUID: 6a1a0694-8196-4724-a58d-edde1f189b31
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done   

# mount /dev/mmcblk0p2 /mnt
# tar xfz ~/pi.tgz -C /mnt --no-selinux

Ka dib markii la furayo waxa ku jira qaybta xididka, waa waqtigii isbedel lagu samayn lahaa.

Dami SELinux gudaha /mnt/etc/selinux/config:

SELINUX=disabled

Tafatirka /mnt/etc/fstab, iyada oo ku dhaafeysa laba qaybood oo keliya oo ku saabsan qaybaha: boot (/boot, wax isbeddel ah) iyo xidid (waxaan beddeleynaa qiimaha UUID, taas oo lagu ogaan karo iyada oo la baranayo wax soo saarka blkid ee Linux):

UUID=6a1a0694-8196-4724-a58d-edde1f189b31  /     ext4    defaults,noatime 0 0
UUID=6938-F4F2                             /boot vfat    defaults,noatime 0 0

Ugu dambeyntiina, waxaan beddeleynaa cabbirrada kabaha kernel-ka: waxaan u cayimnaa meel cusub oo loogu talagalay qaybta xididka, curyaaminta wax soo saarka macluumaadka cilladaha iyo (ikhtiyaar ahaan) waxaan ka mamnuucnay kernel-ka inuu u qoondeeyo cinwaannada IPv6 ee is-dhexgalka shabakada:

# cd
# umount /mnt
# mount /dev/mmcblk0p1 /mnt

Waa kan nuxurka /mnt/cmdline.txt qaabkan soo socda (hal xariiq oo aan lahayn xaraf-xidhaale):

root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait quiet ipv6.disable_ipv6=1

La sameeyay:

# cd
# umount /mnt
# sync

Waxaan dib u habeyn ku sameyneynaa microSD-ga "raspberry", bilow oo waxaan ka helnaa marin u helka shabakadda ssh (xidid/centos).

2. Dejinta CentOS

Saddexda dhaq-dhaqaaq ee ugu horreeya ee aan gariirin: passwd, cusboonaysiinta yum-yada, dib u bilow.

Waxaan bixinaa maamulka shabakada isku xidhan:

# yum install systemd-networkd
# systemctl enable systemd-networkd
# systemctl disable NetworkManager
# chkconfig network off

Samee fayl (oo ay la socdaan hagaha) /etc/systemd/network/eth0.network:

[Match]
Name=eth0

[Network]
DHCP=ipv4

Waxaan dib u kicinay "raspberry" oo haddana waxaan helnaa marin u helka shabakada ssh (ciwaanka IP-ga ayaa laga yaabaa inuu isbedelo). U fiirso waxa la isticmaalo /etc/resolv.conf, oo uu hore u abuuray Maareeyaha Shabakadda. Sidaa darteed, haddii ay jiraan dhibaatooyin xagga xallinta, wax ka beddel waxa ku jira. Isticmaal nidaam lagu xaliyay ma yeeli doono.

Waxaan meesha ka saarnaa "aan loo baahnayn", hagaajinta iyo dardar gelinta OS:

# systemctl set-default multi-user.target
# yum remove GeoIP Network* aic* alsa* cloud-utils-growpart 
  cronie* dhc* firewal* initscripts iwl* kexec* logrotate 
  postfix rsyslog selinux-pol* teamd wpa_supplicant

Yaa u baahan text iyo yaa aan dheefshiidin waxa ku dhex jira waqtiyada habaysan, ayaa soo saari kara waxa maqan. / var / log- oo fiiri journalctl. Haddii aad u baahan tahay taariikhda log (sida caadiga ah, macluumaadka waxa la kaydiyaa oo kaliya laga bilaabo wakhtiga uu nidaamku bilaabmayo):

# mkdir /var/log/journal
# systemd-tmpfiles --create --prefix /var/log/journal
# systemctl restart systemd-journald
# vi /etc/systemd/journald.conf

Jooji isticmaalka IPV6 adeegyada aasaasiga ah (haddii loo baahdo)/ etc / ssh / sshd_config:

AddressFamily inet

/etc/sysconfig/chronyd:

OPTIONS="-4"

Ku habboonaanta waqtiga "raspberry" waa shay muhiim ah. Maadaama sanduuqa ka baxsan aysan jirin awood qalabeed si loo badbaadiyo xaaladda hadda ee saacadda marka dib loo bilaabo, isku-dubarid ayaa loo baahan yahay. Daemon aad u fiican oo degdeg ah tani waa taariikh dheer - mar hore la rakibay oo si toos ah u bilaabma. Waxaad u bedeli kartaa server-yada NTP kuwa kuugu dhow.

/etc/chrony.conf:

server 0.ru.pool.ntp.org iburst
server 1.ru.pool.ntp.org iburst
server 2.ru.pool.ntp.org iburst
server 3.ru.pool.ntp.org iburst

Si loo dejiyo aagga wakhtiga waxaan isticmaali doonaa khiyaano. Maadaama hadafkayagu yahay inaan abuurno router Wi-Fi ah oo ku shaqeeya 5GHz soo noqnoqda, waxaan horay u diyaarin doonaa waxyaabaha la yaabka leh nidaamiyaha:

# yum info crda
Soo koobid: Daemon u hoggaansanaanta sharciga ee 802.11 isku xirka wireless

Naqshaddan sharka leh, oo sidoo kale ku salaysan aagga wakhtiga, "waxay mamnuucday" isticmaalka (Ruushka) ee 5GHz iyo kanaalada leh nambarada "sare". Khiyaamada ayaa ah in la dejiyo aag wakhti iyada oo aan la isticmaalin magacyada qaaradaha/magaalooyinka, taas oo ah, halkii:

# timedatectl set-timezone Europe/Moscow

Waxaan riixeynaa:

# timedatectl set-timezone Etc/GMT-3

Iyo taabashooyinka ugu dambeeya ee timaha nidaamka:

# hostnamectl set-hostname router

/xidid/.bash_profile:

. . .

# User specific environment and startup programs

export PROMPT_COMMAND="vcgencmd measure_temp"
export LANG=en_US.UTF-8
export PATH=$PATH:$HOME/bin

3. Ku-darka CentOS

Wax kasta oo kor lagu sheegay waxaa loo tixgelin karaa tilmaamo dhammaystiran oo loogu rakibayo "vanilla" CentOS Raspberry Pi. Waa inaad ku dhammaataa PC-ga (dib u) kabaha wax ka yar 10 ilbiriqsi, isticmaalaya wax ka yar 15 Megabytes ee RAM iyo 1.5 Gigabyte oo microSD ah (dhab ahaantii wax ka yar 1 Gigabyte sababtoo ah aan dhamaystirnayn / kabaha, laakiin aan run sheegno).

Si aad ugu rakibto software-ka marinka Wi-Fi ee nidaamkan, waxaad u baahan doontaa inaad xoogaa kordhiso awoodaha qaybinta heerka CentOS. Ugu horeyn, aan cusboonaysiinno darawalka (firmware) ee ku dhex-jira Wi-Fi adabtarada. Bogga guriga mashruuca wuxuu leeyahay:

Wifi ku yaal Raspberry 3B iyo 3B+

Raspberry PI 3B/3B+ faylasha firmware looma oggola inay qaybiyaan Mashruuca CentOS. Waxaad isticmaali kartaa maqaallada soo socda si aad u fahamto arrinta, u hesho firmware oo aad u dejiso wifi-ga.

Waxa mamnuuc ka ah mashruuca CentOS nagama mamnuucayo isticmaalka shakhsi ahaaneed. Waxaan ku bedelnaa qaybinta Wi-Fi firmware gudaha CentOS mid u dhiganta ka soosaarayaasha Broadcom (kuwa la neceb yahay binary blobs...). Tani, gaar ahaan, waxay kuu ogolaaneysaa inaad u isticmaasho AC habka marinka marinka.

cusboonaysiinta Wi-Fi firmwareSoo hel qaabka aaladda iyo nooca firmware-ka hadda:

# journalctl | grep $(basename $(readlink /sys/class/net/wlan0/device/driver))
Jan 01 04:00:03 router kernel: brcmfmac: F1 signature read @0x18000000=0x15264345
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_fw_map_chip_to_name: using brcm/brcmfmac43455-sdio.bin for chip 0x004345(17221) rev 0x000006
Jan 01 04:00:03 router kernel: usbcore: registered new interface driver brcmfmac
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_c_preinit_dcmds: Firmware version = wl0: Mar  1 2015 07:29:38 version 7.45.18 (r538002) FWID 01-6a2c8ad4
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_c_preinit_dcmds: CLM version = API: 12.2 Data: 7.14.8 Compiler: 1.24.9 ClmImport: 1.24.9 Creation: 2014-09-02 03:05:33 Inc Data: 7.17.1 Inc Compiler: 1.26.11 Inc ClmImport: 1.26.11 Creation: 2015-03-01 07:22:34 

Waxaan aragnaa in nooca firmware-ka uu yahay 7.45.18 ee ku taariikhaysan 01.03.2015/XNUMX/XNUMX, oo xasuuso tirooyinka soo socda: 43455 (brcmfmac43455-sdio.bin).

Soo deji sawirka Raspbian ee hadda jira. Dadka caajiska ahi waxay sawirka u qori karaan microSD oo ay halkaas ka qaadan karaan faylalka firmware-ka. Ama waxaad ku dhejin kartaa qaybta asalka ah ee sawirka Linux oo waxaad ka koobi kartaa waxa aad uga baahan tahay halkaas:

# wget https://downloads.raspberrypi.org/raspbian_lite_latest
# unzip -p raspbian_lite_latest > raspbian.img
# fdisk -l raspbian.img
Disk raspbian.img: 2 GiB, 2197815296 bytes, 4292608 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x17869b7d

Device        Boot  Start     End Sectors  Size Id Type
raspbian.img1        8192  532480  524289  256M  c W95 FAT32 (LBA)
raspbian.img2      540672 4292607 3751936  1.8G 83 Linux

# mount -t ext4 -o loop,offset=$((540672 * 512)) raspbian.img /mnt
# cp -fv /mnt/lib/firmware/brcm/*43455* ...
'/mnt/lib/firmware/brcm/brcmfmac43455-sdio.bin' -> ...
'/mnt/lib/firmware/brcm/brcmfmac43455-sdio.clm_blob' -> ...
'/mnt/lib/firmware/brcm/brcmfmac43455-sdio.txt' -> ...
# umount /mnt

Faylasha firmware-ka adabtarada Wi-Fi ee soo baxay waa in la koobiyay oo lagu beddelaa "raspberry" tusaha. /usr/lib/firmware/brcm/

Waxaan dib u kicinay routerka mustaqbalka waxaanan dhoola cadeyneynaa:

# journalctl | grep $(basename $(readlink /sys/class/net/wlan0/device/driver))
Jan 01 04:00:03 router kernel: brcmfmac: F1 signature read @0x18000000=0x15264345
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_fw_map_chip_to_name: using brcm/brcmfmac43455-sdio.bin for chip 0x004345(17221) rev 0x000006
Jan 01 04:00:03 router kernel: usbcore: registered new interface driver brcmfmac
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_c_preinit_dcmds: Firmware version = wl0: Feb 27 2018 03:15:32 version 7.45.154 (r684107 CY) FWID 01-4fbe0b04
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_c_preinit_dcmds: CLM version = API: 12.2 Data: 9.10.105 Compiler: 1.29.4 ClmImport: 1.36.3 Creation: 2018-03-09 18:56:28 

Version: 7.45.154 ee 27.02.2018/XNUMX/XNUMX.

Iyo dabcan EPEL:

# cat > /etc/yum.repos.d/epel.repo << EOF
[epel]
name=Epel rebuild for armhfp
baseurl=https://armv7.dev.centos.org/repodir/epel-pass-1/
enabled=1
gpgcheck=0
EOF

# yum clean all
# rm -rfv /var/cache/yum
# yum update

4. Habaynta shabakada iyo caqabadaha soo socda

Sida aan kor ku heshiinay, "raspberry" waxay ku xiran tahay "silig" shabakada degaanka. Aynu ka soo qaadno in bixiyaha uu si isku mid ah u bixiyo gelitaanka Internetka: ciwaanka shabkada dadwaynaha waxa si firfircoon u soo saaray serverka DHCP Xaaladdan oo kale, ka dib dejinta ugu dambeysa ee raspberry, kaliya waxaad u baahan tahay inaad "ku xirto" fiilada bixiyaha oo aad dhammayso. Oggolaanshaha la isticmaalayo systemd-networked - mawduuca maqaal gaar ah oo aan halkan lagaga hadlin.

Interface(yada) Raspberry's Wi-Fi waa shabakad maxalli ah, iyo adabtarada ku dhex dhisan Ethernet (eth0) waa dibadda. Aynu tiro ahaan u tirinno shabakada maxaliga ah, tusaale ahaan: 192.168.0.0/24. Ciwaanka raspberry: 192.168.0.1. Adeegga DHCP wuxuu ka shaqayn doonaa shabakadda dibadda (Internet).

Dhibaatada Joogtada Magacaabista и Barmaamijiyaha caanka ah ee Guatemala - laba dhibaato oo sugaya qof kasta oo habeeya is-dhexgalka shabakadaha iyo adeegyada qaybinta habaysan.

Qalalaasaha is-barbar socdaLennart Pottering ayaa soo diyaarisay barnaamijkeeda systemd Aad u wanaagsan. Tani systemd waxa uu si degdeg ah u bilaabaa barnaamijyo kale oo iyaga oo aan wakhti u helin in ay ka soo kabtaan dharbaaxadii garsooraha ee seeriga, ay ku turunturoodaan oo ay dhacaan bilowga iyaga oo aan xitaa bilaabin koorsadooda caqabadda ah.

Laakin si dhab ah, isbarbardhigga gardarada leh ee hababka la bilaabay bilawga nidaamka OS-gu waa nooc ka mid ah "buundada dameeraha" ee khubarada xilliyada leh ee LSB. Nasiib wanaag, keenista nidaamkan "qalalaasaha isbarbar socda" waxay noqotaa mid fudud, in kasta oo aan had iyo jeer muuqan.

Waxaan abuurnaa laba isdhexgal buundada casriga ah oo leh magacyo joogto ah: Lan и wan. Waxa aanu “ku xidhi doonaa” adabtarada Wi-Fi ka hore, iyo eth0 “raspberry” ka labaad.

/etc/systemd/network/lan.netdev:

[NetDev]
Name=lan
Kind=bridge

/etc/systemd/network/lan.network:

[Match]
Name=lan

[Network]
Address=192.168.0.1/24
IPForward=yes

/etc/systemd/network/wan.netdev:

[NetDev]
Name=wan
Kind=bridge
#MACAddress=xx:xx:xx:xx:xx:xx

/etc/systemd/network/wan.network:

[Match]
Name=wan

[Network]
DHCP=ipv4
IPForward=yes

IPForward=haa waxay meesha ka saaraysaa baahida loo qabo in lagu tilmaamo kernel-ka iyada oo loo marayo sysctl si ay awood ugu yeelato dajinta.
MACAdresse= Aynu ka faalloonno oo beddelno haddii loo baahdo.

Marka hore waxaan "isku xireynaa" eth0. Waxaan xasuusannahay "dhibaatada labbiska" waxaana isticmaalnaa kaliya cinwaanka MAC ee interface-kan, kaas oo laga heli karo, tusaale ahaan, sidan oo kale:

# cat /sys/class/net/eth0/address 

Waxaan abuurnaa /etc/systemd/network/eth.network:

[Match]
MACAddress=b8:27:eb:xx:xx:xx

[Network]
Bridge=wan

Waxaan tirtirnaa qaabeyntii hore ee eth0, dib-u-bilow Raspberry-ka oo aan helnaa shabakadeeda (cinwaanka IP-gu waxay u badan tahay inuu isbedeli doono):

# rm -fv /etc/systemd/network/eth0.network
# reboot

5.DNSMASQ

Samaynta dhibcaha gelitaanka Wi-Fi, waxba kama garaaco lamaane macaan DNSmasq + la haysto weli ma garan. Fikradeyda.

Haddii qof uu ilaawo, markaas...la haysto - Tani waa shay maamusha adabtarada Wi-Fi (gaar ahaan, waxay daryeeli doontaa in lagu xidho kuwa casriga ah Lan "raspberries"), ogolaada oo diiwaan gelisa macaamiisha wirelesska.

DNSmasq - wuxuu dejiyaa isku xirka macaamiisha: arrimaha cinwaannada IP, server-yada DNS, albaabka caadiga ah iyo waxyaabaha la midka ah.

Aan ku bilowno dnsmasq:

# yum install dnsmasq

Tusaale /etc/resolv.conf:

nameserver 1.1.1.1
nameserver 1.0.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 77.88.8.8
nameserver 77.88.8.1
domain router.local
search router.local

u tafatir si aad jeceshahay.

ugu yar /etc/dnsmasq.conf:

domain-needed
bogus-priv
interface=lan
bind-dynamic
expand-hosts
domain=#
dhcp-range=192.168.0.100,192.168.0.199,255.255.255.0,24h
conf-dir=/etc/dnsmasq.d

"Sixirka" halkan waxa uu ku yaalaa xadka xidhid-dhaqaale, kaas oo u sheegaya dnsmasq daemon inuu sugo ilaa uu ka soo muuqdo nidaamka interface=lan, oo aanad ka daalin kalinnimada kibirka ee bilawga ka dib.

# systemctl enable dnsmasq
# systemctl start dnsmasq; journalctl -f

6. HOSTAPD

Ugu dambayntiina, qaabaynta sixirka hostapd. Shaki iigama jiro in qof akhrinayo maqaalkan isagoo raadinaya si sax ah khadadkan qaaliga ah.

Kahor intaadan rakibin hostapd, waxaad u baahan tahay inaad ka gudubto "dhibaatada labbiska". Adabtarka Wi-Fi ee ku dhex jira wlan0 wuxuu si fudud u bedeli karaa magaciisa wlan1 marka la isku xidho qalab dheeri ah oo USB Wi-Fi ah. Sidaa darteed, waxaan u hagaajin doonaa magacyada interface ee habka soo socda: waxaan la imaan doonaa magacyo gaar ah oo loogu talagalay adapters-ka (wireless) oo ku xidhi doona cinwaannada MAC.

Ku-dhismay adabtarada Wi-Fi, kaas oo wali wlan0:

# cat /sys/class/net/wlan0/address 
b8:27:eb:xx:xx:xx

Waxaan abuurnaa /etc/systemd/network/wl0.link:

[Match]
MACAddress=b8:27:eb:xx:xx:xx

[Link]
Name=wl0

Hadda waan hubin doonnaa taas wl0 - Kani waa Wi-Fi ku dhex-dhisan. Waxaan dib u kicinay Raspberry-ka si aan taas u hubinno.

Ku rakib:

# yum install hostapd wireless-tools

Faylka qaabaynta /etc/hostapd/hostapd.conf:

ssid=rpi
wpa_passphrase=1234567890

channel=36

country_code=US

interface=wl0
bridge=lan

driver=nl80211

auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP

macaddr_acl=0

hw_mode=a
wmm_enabled=1

# N
ieee80211n=1
require_ht=1
ht_capab=[MAX-AMSDU-3839][HT40+][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]

# AC
ieee80211ac=1
require_vht=1
ieee80211d=0
ieee80211h=0
vht_capab=[MAX-AMSDU-3839][SHORT-GI-80]
vht_oper_chwidth=1
vht_oper_centr_freq_seg0_idx=42

Adiga oo aan ilaawin cabbaar Guddiga Gurmadka Gobolka, Beddel xuduudaha aan u baahanahay oo gacanta ku hubi shaqeynta:

# hostapd /etc/hostapd/hostapd.conf

hostapd wuxuu ku bilaaban doonaa qaab is dhexgal ah, isagoo u baahin doona xaaladiisa console-ka. Haddii aysan jirin khaladaad, markaa macaamiisha taageera qaabka AC waxay awoodi doonaan inay ku xirmaan barta gelitaanka. Si loo joojiyo hostapd - Ctrl-C.

Waxa hadhay oo dhan waa in la awood siiyo hostapd bilowga nidaamka. Haddii aad sameyso shayga caadiga ah (systemctl karti hostapd), ka dib dib-u-kicinta soo socota waxaad heli kartaa jinni "dhiig ku soo qulqulaya" oo leh ogaanshaha "interface wl0 lama helin" Natiijadii "qalalaasaha isbarbar-dhigga," hostapd wuxuu ku bilowday si ka dhaqso badan marka loo eego kernel-ka uu helay adabtarada wireless-ka.

Internetku waxa ka buuxa dawooyin: laga bilaabo wakhtiga khasabka ah ka hor inta aanad bilaabin daemon (dhowr daqiiqo), ilaa daemon kale oo kormeeraya muuqaalka interface-ka oo (dib u) bilaabaya hostpad-ka. Xalalka waa kuwo la shaqayn karo, laakiin aad u fool xun. Waxaan ugu yeereynaa midka weyn caawimaad systemd oo leh "Himilooyin" iyo "hawlaha" iyo "ku-tiirsanaanta".

Ku koobbi faylka adeegga qaybinta /etc/systemd/system/hostapd.service:

# cp -fv /usr/lib/systemd/system/hostapd.service /etc/systemd/system

kuna dhimo waxa ku jira qaabkan soo socda:

[Unit]
Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
After=sys-subsystem-net-devices-wl0.device
BindsTo=sys-subsystem-net-devices-wl0.device

[Service]
Type=forking
PIDFile=/run/hostapd.pid
ExecStart=/usr/sbin/hostapd /etc/hostapd/hostapd.conf -P /run/hostapd.pid -B

[Install]
WantedBy=sys-subsystem-net-devices-wl0.device

Sixirka faylka adeegga ee la cusboonaysiiyay wuxuu ku jiraa ku-xidhka firfircoon ee hostapd bartilmaameedka cusub - wl0 interface. Marka interface-ku soo baxo, daemon-ku wuu bilaabmaa; markuu baaba'o, wuu joogsadaa. Oo tan oo dhan waa online - iyada oo aan dib loo bilaabin nidaamka. Farsamadan waxay si gaar ah faa'iido u yeelan doontaa marka la isku xidho adabtarada USB Wi-Fi iyo Raspberry.

Hadda waxaad awoodaa:

# systemctl enable hostapd
# reboot

7. IPTABLES

"Waa maxay???" © Haa, haa! Midna systemd. Ma jiraan wax cusub oo la isku daray (qaabka dab-damis), kaas oo ku dhameeya samaynta wax la mid ah.

Aan isticmaalno kii hore ee wanaagsan Iptables, kuwaas oo adeegyadoodu, ka dib bilawga, ay ku shubi doonaan xeerarka shabakada kernel-ka oo si aamusnaan ah u xidhi doona iyada oo aan deganayn oo aan isticmaalin agabka. systemd waxa uu leeyahay xarrago leh IPMasquerade=, laakiin waxaan wali ku aamini doonaa turjumaada cinwaanka (NAT) iyo firewall iptables.

Ku rakib:

# yum install iptables-services
# systemctl enable iptables ip6tables

Waxaan doorbidayaa inaan u kaydiyo qaabaynta iptables qoraal ahaan (tusaale):

#!/bin/bash

#
# Disable IPv6
#
ip6tables --flush
ip6tables --delete-chain

ip6tables --policy INPUT   DROP
ip6tables --policy FORWARD DROP
ip6tables --policy OUTPUT  DROP

ip6tables-save > /etc/sysconfig/ip6tables
systemctl restart ip6tables

#
# Cleaning
#
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

#
# Loopback, lan
#
iptables -A INPUT -i lo  -j ACCEPT
iptables -A INPUT -i lan -j ACCEPT

#
# Ping, Established
#
iptables -A INPUT -p icmp  --icmp-type echo-request    -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#
# NAT
#
iptables -t nat -A POSTROUTING -o wan -j MASQUERADE

#
# Saving
#
iptables-save > /etc/sysconfig/iptables
systemctl restart iptables

Waxaan fulinaa qoraalka sare waxaanan luminaa awooda aan ku samaynayno xidhidhyo SSH cusub oo fiilsan Raspberry-ka. Taasi waa sax, waxaanu samaynay Wi-Fi router, marin u helka kaas oo "internetka" laga mamnuucay asal ahaan - hadda kaliya "hawada". Waxaan isku xireynaa fiilo bixiyaha bixiyaha waxaanan bilownay surfing!

8. Bonus: +2,4GHz

Markii aan ururiyay router-kii ugu horreeyay ee Raspberry-ka aniga oo isticmaalaya sawirka kore ee lagu sharraxay, waxaan gurigayga ka helay tiro qalabyo ah oo, xaddidaaddooda naqshadeynta Wi-Fi awgeed, aysan arki karin "raspberry" gabi ahaanba. Dib-u-habaynta router-ka si uu ugu shaqeeyo 802.11b/g/n wuxuu ahaa mid aan isboorti ahayn, maadaama xawaaraha ugu badan ee "hawada" kiiskani aanu ka badnayn 40 Mbit, iyo bixiyaha internetka ee aan jeclahay ayaa i siiya 100 (oo loo sii marayo fiilada).

Dhab ahaantii, xalinta dhibaatada ayaa mar hore la hindisay: Wi-Fi interface labaad oo ku shaqeeya inta jeer ee 2,4 GHz, iyo barta gelitaanka labaad. Meel u dhow ma aanan iibsan kii ugu horreeyay, laakiin USB-ga labaad ee Wi-Fi “firiri” ayaan la kulmay. Iibiyaha ayaa lagu dhibay su'aalo ku saabsan Chipset-ka, ku habboonaanta ARM Linux kernels iyo suurtagalnimada in uu ku shaqeeyo qaabka AP (wuxuu ahaa kii ugu horreeyay ee bilaabay).

Waxaan u habaynaynaa "firiri" anagoo isbarbar dhig ku samaynayna adabtarada Wi-Fi ee ku dhex dhisan.

Marka hore aan u magacowno wl1:

# cat /sys/class/net/wlan0/address 
b0:6e:bf:xx:xx:xx

/etc/systemd/network/wl1.link:

[Match]
MACAddress=b0:6e:bf:xx:xx:xx

[Link]
Name=wl1

Waxaan ku aamini doonaa maamulka Wi-Fi-ga cusub ee daemon hostapd gaar ah, kaas oo bilaabi doona oo joojin doona iyadoo ku xiran jiritaanka "firiri" si adag loo qeexay ee nidaamka: wl1.

Faylka qaabaynta /etc/hostapd/hostapd2.conf:

ssid=rpi2
wpa_passphrase=1234567890

#channel=1
#channel=6
channel=11

interface=wl1
bridge=lan

driver=nl80211

auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP

macaddr_acl=0

hw_mode=g
wmm_enabled=1

# N
ieee80211n=1
require_ht=1
ht_capab=[HT40][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]

Waxa ku jira faylkani waxay si toos ah ugu xidhan yihiin qaabka adabtarada USB Wi-Fi, markaa waxa laga yaabaa in koobiga banalku kugu dhaco.

Ku koobbi faylka adeegga qaybinta /etc/systemd/system/hostapd2.service:

# cp -fv /usr/lib/systemd/system/hostapd.service /etc/systemd/system/hostapd2.service

kuna dhimo waxa ku jira qaabkan soo socda:

[Unit]
Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
After=sys-subsystem-net-devices-wl1.device
BindsTo=sys-subsystem-net-devices-wl1.device

[Service]
Type=forking
PIDFile=/run/hostapd2.pid
ExecStart=/usr/sbin/hostapd /etc/hostapd/hostapd2.conf -P /run/hostapd2.pid -B

[Install]
WantedBy=sys-subsystem-net-devices-wl1.device

Waxa hadhay oo dhan waa in la suurtogeliyo tusaale cusub oo hostapd:

# systemctl enable hostapd2

Waa intaas! Soo jiid "firiri" iyo "raspberry" laftiisa, fiiri shabakadaha wirelesska ee kugu wareegsan.

Ugu dambeyntiina, waxaan rabaa inaan kaaga digo tayada USB Wi-Fi adabtarada iyo korontada Raspberry. "Feriri kulul" oo ku xiran waxay mararka qaarkood keeni kartaa "raspberry baraf" sababtoo ah dhibaatooyinka korantada ee muddada gaaban.

Source: www.habr.com