Raspberry bir taxtali kompyuter asosida Wi-Fi ulanish nuqtalarini yaratish bo'yicha Internetda juda ko'p ma'lumotlar mavjud. Qoida tariqasida, bu Raspberry-ga xos bo'lgan Raspbian operatsion tizimidan foydalanishni anglatadi.

RPM-ga asoslangan tizimlarning tarafdori bo'lganim sababli, men bu kichik mo''jizadan o'tib ketolmadim va sevimli CentOS-ni sinab ko'rmadim.

Maqolada CentOS operatsion tizimiga asoslangan Raspberry Pi 5 Model B+ dan 3 gigagertsli/AC Wi-Fi routerini yaratish bo'yicha ko'rsatmalar keltirilgan. Bir nechta standart, ammo kam ma'lum bo'lgan fokuslar bo'ladi va bonus sifatida - Raspberry'ga bir vaqtning o'zida bir nechta rejimlarda (2,4+5GHz) ishlash imkonini beruvchi qo'shimcha Wi-Fi uskunasini ulash uchun chizma.

(erkin mavjud rasmlar aralashmasi)

Darhol ta'kidlaymizki, ba'zi kosmik tezliklar ishlamaydi. Men Raspberry-dan havoda maksimal 100 Mbit / s tezlikni siqib chiqaraman va bu mening Internet provayderimning tezligini qoplaydi. Nega sizga bunday sust AC kerak, agar nazariy jihatdan siz hatto N da yarim gigabit olishingiz mumkin bo'lsa? Agar siz o'zingizga bu savolni bergan bo'lsangiz, unda sakkizta tashqi antennaga ega haqiqiy router sotib olish uchun do'konga boring.

0. Sizga nima kerak bo'ladi

Aslida, "malina mahsuloti" ning o'zi kalibrli: Pi 3 Model B+ (5 gigagertsli tezlik va kanallarga erishish uchun);
Yaxshi microSD >= 4 GB;
Linux va microSD o'quvchi/yozuvchi bilan ish stantsiyasi;
Linuxda etarli ko'nikmalar mavjudligi, maqola o'qitilgan Geek uchun;
Raspberry va Linux o'rtasidagi simli tarmoq (eth0) ulanishi, mahalliy tarmoqdagi DHCP serverini ishga tushirish va ikkala qurilmadan Internetga kirish.

Oxirgi nuqta bo'yicha kichik sharh. "Qaysi biri birinchi bo'lib keldi, tuxum yoki ..." Internetga kirish uchun hech qanday uskuna yo'qligida Wi-Fi routerni qanday qilish kerak? Keling, ushbu qiziqarli mashqni maqola doirasidan tashqarida qoldiraylik va oddiygina Raspberry mahalliy tarmoqqa sim orqali ulangan va Internetga kirish imkoniga ega deb faraz qilaylik. Bunday holda, bizga "malina" ni o'rnatish uchun qo'shimcha televizor va manipulyator kerak bo'lmaydi.

1. CentOS-ni o'rnating

Loyihaning bosh sahifasi

Ushbu maqolani yozish paytida qurilmadagi CentOS-ning ishlayotgan versiyasi 32-bit. World Wide Web-ning biron bir joyida men 64-bitli ARM arxitekturasida bunday operatsion tizimlarning ishlashi 20% ga kamayganligi haqidagi fikrlarga duch keldim. Men bu lahzani izohsiz qoldiraman.

Linuxda yadro bilan minimal tasvirni yuklab oling "-RaspberryPI-"va uni microSD-ga yozing:

# xzcat CentOS-Userland-7-armv7hl-RaspberryPI-Minimal-1810-sda.raw.xz | 
  dd of=/dev/mmcblk0 bs=4M
# sync

Tasvirdan foydalanishni boshlashdan oldin, biz undan SWAP bo'limini olib tashlaymiz, ildizni barcha mavjud hajmgacha kengaytiramiz va SELinux-dan xalos bo'lamiz. Algoritm oddiy: Linuxda ildiz nusxasini yarating, microSD-dan birinchi (/boot) tashqari barcha bo'limlarni o'chiring, yangi ildiz yarating va uning mazmunini nusxadan qaytaring.

Kerakli harakatlarga misol (qattiq konsol chiqishi)

# mount /dev/mmcblk0p3 /mnt
# cd /mnt
# tar cfz ~/pi.tgz . --no-selinux
# cd
# umount /mnt

# parted /dev/mmcblk0

(parted) unit s
(parted) print free
Model: SD SC16G (sd/mmc)
Disk /dev/mmcblk0: 31116288s
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number  Start     End        Size       Type     File system     Flags
        63s       2047s      1985s               Free Space
 1      2048s     1370111s   1368064s   primary  fat32           boot, lba
 2      1370112s  2369535s   999424s    primary  linux-swap(v1)
 3      2369536s  5298175s   2928640s   primary  ext4
        5298176s  31116287s  25818112s           Free Space

(parted) rm 3
(parted) rm 2

(parted) print free
Model: SD SC16G (sd/mmc)
Disk /dev/mmcblk0: 31116288s
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number  Start     End        Size       Type     File system  Flags
        63s       2047s      1985s               Free Space
 1      2048s     1370111s   1368064s   primary  fat32        boot, lba
        1370112s  31116287s  29746176s           Free Space

(parted) mkpart
Partition type?  primary/extended? primary
File system type?  [ext2]? ext4
Start? 1370112s
End? 31116287s

(parted) set
Partition number? 2
Flag to Invert? lba
New state?  on/[off]? off

(parted) print free
Model: SD SC16G (sd/mmc)
Disk /dev/mmcblk0: 31116288s
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number  Start     End        Size       Type     File system  Flags
        63s       2047s      1985s               Free Space
 1      2048s     1370111s   1368064s   primary  fat32        boot, lba
 2      1370112s  31116287s  29746176s  primary  ext4

(parted) quit

# mkfs.ext4 /dev/mmcblk0p2 
mke2fs 1.44.6 (5-Mar-2019)
/dev/mmcblk0p2 contains a swap file system labelled '_swap'
Proceed anyway? (y,N) y
Discarding device blocks: done                            
Creating filesystem with 3718272 4k blocks and 930240 inodes
Filesystem UUID: 6a1a0694-8196-4724-a58d-edde1f189b31
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done   

# mount /dev/mmcblk0p2 /mnt
# tar xfz ~/pi.tgz -C /mnt --no-selinux

Ildiz bo'limining tarkibini ochgandan so'ng, unga ba'zi o'zgarishlar kiritish vaqti keldi.

SELinux-ni o'chirib qo'ying /mnt/etc/selinux/config:

SELINUX=disabled

Tahrirlash /mnt/etc/fstab, unda bo'limlar haqida faqat ikkita yozuvni qoldirib: yuklash (/boot, o'zgarishlar yo'q) va root (biz UUID qiymatini o'zgartiramiz, buni Linuxda blkid buyrug'ining chiqishini o'rganish orqali bilib olish mumkin):

UUID=6a1a0694-8196-4724-a58d-edde1f189b31  /     ext4    defaults,noatime 0 0
UUID=6938-F4F2                             /boot vfat    defaults,noatime 0 0

Va nihoyat, yadro yuklash parametrlarini o'zgartiramiz: biz ildiz bo'limi uchun yangi joyni belgilaymiz, disk raskadrovka ma'lumotlarining chiqishini o'chirib qo'yamiz va (ixtiyoriy ravishda) yadroga tarmoq interfeyslarida IPv6 manzillarini belgilashni taqiqlaymiz:

# cd
# umount /mnt
# mount /dev/mmcblk0p1 /mnt

Mana tarkib /mnt/cmdline.txt quyidagi shaklga (defissiz bitta qator):

root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait quiet ipv6.disable_ipv6=1

Tugatilgan:

# cd
# umount /mnt
# sync

Biz microSD-ni "malina" ga qayta joylashtiramiz, uni ishga tushiramiz va unga ssh (root/centos) orqali tarmoqqa kirish imkoniyatiga ega bo'lamiz.

2. CentOS ni sozlash

Birinchi uchta harakatsiz harakat: passwd, yum -y yangilash, qayta ishga tushirish.

Biz tarmoq boshqaruvini beramiz tarmoqqa ulangan:

# yum install systemd-networkd
# systemctl enable systemd-networkd
# systemctl disable NetworkManager
# chkconfig network off

Fayl yarating (kataloglar bilan birga) /etc/systemd/network/eth0.network:

[Match]
Name=eth0

[Network]
DHCP=ipv4

Biz "malina" ni qayta ishga tushiramiz va yana ssh orqali tarmoqqa kirish imkoniyatiga ega bo'lamiz (IP-manzil o'zgarishi mumkin). Nima ishlatilganiga e'tibor bering /etc/resolv.conf, avval Tarmoq menejeri tomonidan yaratilgan. Shuning uchun, hal qilish bilan bog'liq muammolar bo'lsa, uning mazmunini tahrirlang. Foydalanish tizim hal qilindi qilmaymiz.

Biz "keraksiz" ni olib tashlaymiz, ta'mirlaymiz va OTni yuklashni tezlashtiramiz:

# systemctl set-default multi-user.target
# yum remove GeoIP Network* aic* alsa* cloud-utils-growpart 
  cronie* dhc* firewal* initscripts iwl* kexec* logrotate 
  postfix rsyslog selinux-pol* teamd wpa_supplicant

Kimga kerak cron va o'rnatilganni kim hazm qilmaydi tizimli taymerlar, etishmayotgan narsani aniqlay oladi. / var / log- va ko'rib chiqing Journalctl. Agar sizga jurnal tarixi kerak bo'lsa (sukut bo'yicha, ma'lumotlar faqat tizim ishga tushirilgan paytdan boshlab saqlanadi):

# mkdir /var/log/journal
# systemd-tmpfiles --create --prefix /var/log/journal
# systemctl restart systemd-journald
# vi /etc/systemd/journald.conf

Asosiy xizmatlar tomonidan IPv6 dan foydalanishni o'chirib qo'ying (agar kerak bo'lsa)/ etc / ssh / sshd_config:

AddressFamily inet

/etc/sysconfig/chronyd:

OPTIONS="-4"

"Malina" da vaqtning dolzarbligi muhim narsadir. Qayta ishga tushirilgandan so'ng soatning joriy holatini saqlab qo'yish uchun qo'shimcha qurilma mavjud emasligi sababli, sinxronizatsiya kerak. Buning uchun juda yaxshi va tezkor demon xroniya - allaqachon o'rnatilgan va avtomatik ravishda boshlanadi. NTP serverlarini eng yaqinlariga o'zgartirishingiz mumkin.

/etc/chrony.conf:

server 0.ru.pool.ntp.org iburst
server 1.ru.pool.ntp.org iburst
server 2.ru.pool.ntp.org iburst
server 3.ru.pool.ntp.org iburst

Vaqt mintaqasini belgilash uchun biz foydalanamiz hiyla. Bizning maqsadimiz 5 gigagertsli chastotalarda ishlaydigan Wi-Fi router yaratish bo'lganligi sababli, biz kutilmagan hodisalarga oldindan tayyorlanamiz. regulyator:

# yum info crda
Xulosa: 802.11 simsiz tarmoq uchun me'yoriy muvofiqlik demoni

Ushbu yovuz dizayn, shuningdek, vaqt mintaqasiga asoslangan holda, 5 gigagertsli chastotalar va "yuqori" raqamlarga ega kanallardan foydalanishni (Rossiyada) "taqiqlaydi". Hiyla-nayrang, vaqt mintaqasini qit'alar/shaharlar nomlaridan foydalanmasdan o'rnatish, ya'ni:

# timedatectl set-timezone Europe/Moscow

Biz bosamiz:

# timedatectl set-timezone Etc/GMT-3

Va tizimning soch turmagiga yakuniy teginishlar:

# hostnamectl set-hostname router

/root/.bash_profile:

. . .

# User specific environment and startup programs

export PROMPT_COMMAND="vcgencmd measure_temp"
export LANG=en_US.UTF-8
export PATH=$PATH:$HOME/bin

3. CentOS plaginlari

Yuqorida aytilganlarning barchasini Raspberry Pi-ga "vanilla" CentOS-ni o'rnatish bo'yicha to'liq ko'rsatmalar deb hisoblash mumkin. Siz 10 soniyadan kamroq vaqt ichida (qayta) ishga tushadigan, 15 megabaytdan kam operativ xotira va 1.5 gigabayt microSD ishlatadigan kompyuterga ega bo'lishingiz kerak (aslida to'liq bo'lmaganligi uchun 1 Gigabaytdan kam, lekin halol bo'lsin).

Ushbu tizimda Wi-Fi kirish nuqtasi dasturini o'rnatish uchun siz standart CentOS tarqatish imkoniyatlarini biroz kengaytirishingiz kerak bo'ladi. Avvalo, o'rnatilgan Wi-Fi adapterining drayverini (proshivka) yangilaymiz. Loyihaning bosh sahifasida shunday deyilgan:

Raspberry 3B va 3B+ da Wi-Fi

Raspberry PI 3B/3B+ proshivka fayllari CentOS loyihasi tomonidan tarqatilishiga ruxsat etilmaydi. Muammoni tushunish, proshivkani olish va Wi-Fi-ni sozlash uchun quyidagi maqolalardan foydalanishingiz mumkin.

CentOS loyihasi uchun taqiqlangan narsa biz uchun shaxsiy foydalanish uchun taqiqlanmagan. Biz CentOS-dagi tarqatish Wi-Fi proshivkasini Broadcom dasturchilarining mos keladiganiga almashtiramiz (o'sha nafratlangan ikkilik bloklar...). Bu, xususan, kirish nuqtasi rejimida AC dan foydalanishga imkon beradi.

Wi-Fi mikrodasturini yangilashQurilma modeli va joriy dasturiy ta'minot versiyasini bilib oling:

# journalctl | grep $(basename $(readlink /sys/class/net/wlan0/device/driver))
Jan 01 04:00:03 router kernel: brcmfmac: F1 signature read @0x18000000=0x15264345
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_fw_map_chip_to_name: using brcm/brcmfmac43455-sdio.bin for chip 0x004345(17221) rev 0x000006
Jan 01 04:00:03 router kernel: usbcore: registered new interface driver brcmfmac
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_c_preinit_dcmds: Firmware version = wl0: Mar  1 2015 07:29:38 version 7.45.18 (r538002) FWID 01-6a2c8ad4
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_c_preinit_dcmds: CLM version = API: 12.2 Data: 7.14.8 Compiler: 1.24.9 ClmImport: 1.24.9 Creation: 2014-09-02 03:05:33 Inc Data: 7.17.1 Inc Compiler: 1.26.11 Inc ClmImport: 1.26.11 Creation: 2015-03-01 07:22:34

Biz proshivka versiyasi 7.45.18 yildagi 01.03.2015 ekanligini ko'ramiz va quyidagi raqamlar to'plamini eslaymiz: 43455 (brcmfmac43455-sdio.bin).

Joriy Raspbian tasvirini yuklab oling. Dangasa odamlar tasvirni microSD-ga yozishlari va u yerdan proshivka bilan fayllarni olishlari mumkin. Yoki siz Linuxda tasvirning ildiz qismini o'rnatishingiz va u yerdan kerakli narsani nusxalashingiz mumkin:

# wget https://downloads.raspberrypi.org/raspbian_lite_latest
# unzip -p raspbian_lite_latest > raspbian.img
# fdisk -l raspbian.img
Disk raspbian.img: 2 GiB, 2197815296 bytes, 4292608 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x17869b7d

Device        Boot  Start     End Sectors  Size Id Type
raspbian.img1        8192  532480  524289  256M  c W95 FAT32 (LBA)
raspbian.img2      540672 4292607 3751936  1.8G 83 Linux

# mount -t ext4 -o loop,offset=$((540672 * 512)) raspbian.img /mnt
# cp -fv /mnt/lib/firmware/brcm/*43455* ...
'/mnt/lib/firmware/brcm/brcmfmac43455-sdio.bin' -> ...
'/mnt/lib/firmware/brcm/brcmfmac43455-sdio.clm_blob' -> ...
'/mnt/lib/firmware/brcm/brcmfmac43455-sdio.txt' -> ...
# umount /mnt

Olingan Wi-Fi adapter proshivka fayllari ko'chirilishi va katalogga "malina" bilan almashtirilishi kerak /usr/lib/firmware/brcm/

Biz kelajakdagi routerni qayta ishga tushiramiz va mamnunlik bilan tabassum qilamiz:

# journalctl | grep $(basename $(readlink /sys/class/net/wlan0/device/driver))
Jan 01 04:00:03 router kernel: brcmfmac: F1 signature read @0x18000000=0x15264345
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_fw_map_chip_to_name: using brcm/brcmfmac43455-sdio.bin for chip 0x004345(17221) rev 0x000006
Jan 01 04:00:03 router kernel: usbcore: registered new interface driver brcmfmac
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_c_preinit_dcmds: Firmware version = wl0: Feb 27 2018 03:15:32 version 7.45.154 (r684107 CY) FWID 01-4fbe0b04
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_c_preinit_dcmds: CLM version = API: 12.2 Data: 9.10.105 Compiler: 1.29.4 ClmImport: 1.36.3 Creation: 2018-03-09 18:56:28

Versiya: 7.45.154 yildagi 27.02.2018.

Va, albatta, EPEL:

# cat > /etc/yum.repos.d/epel.repo << EOF
[epel]
name=Epel rebuild for armhfp
baseurl=https://armv7.dev.centos.org/repodir/epel-pass-1/
enabled=1
gpgcheck=0
EOF

# yum clean all
# rm -rfv /var/cache/yum
# yum update

4. Tarmoq konfiguratsiyasi va oldinda turgan muammolar

Yuqorida kelishib olganimizdek, "malina" mahalliy tarmoqqa "sim" orqali ulangan. Aytaylik, provayder Internetga kirishni xuddi shunday tarzda ta'minlaydi: umumiy tarmoqdagi manzil DHCP serveri tomonidan dinamik ravishda chiqariladi (ehtimol MAC ulanishi bilan). Bunday holda, malinaning yakuniy o'rnatilishidan so'ng, provayderning kabelini unga "ulashingiz" kerak va siz tugatasiz. Avtorizatsiya yordamida systemd-tarmoqd - alohida maqolaning mavzusi va bu erda muhokama qilinmaydi.

Raspberry-ning Wi-Fi interfeys(lar)i mahalliy tarmoq bo'lib, o'rnatilgan Ethernet adapteri (eth0) tashqidir. Mahalliy tarmoqni statik raqamlaymiz, masalan: 192.168.0.0/24. Malina manzili: 192.168.0.1. DHCP serveri tashqi tarmoqda (Internet) ishlaydi.

Nomlash izchilligi muammosi и mashhur gvatemalalik dasturchi - tizimli tarqatishda tarmoq interfeyslari va xizmatlarini sozlagan har bir kishini kutayotgan ikkita muammo.

Parallel xaos (lirik chekinish)Lennart Pottering o'z dasturini tuzdi tizimd juda yaxshi. Bu tizimd boshqa dasturlarni shu qadar tez ishga tushiradiki, ular hakamning hushtak chalganidan keyin o'zini tutishga ulgurmay, to'siqlar yo'nalishini boshlamasdan ham boshida qoqilib, yiqilib ketishadi.

Ammo jiddiy tarzda, tizimli operatsion tizimning boshlanishida boshlangan jarayonlarning agressiv parallellashuvi tajribali ketma-ket LSB mutaxassislari uchun o'ziga xos "eshak ko'prigi" dir. Yaxshiyamki, bu "parallel betartiblik" ni tartibga solish har doim ham aniq bo'lmasa ham, oddiy bo'lib chiqadi.

Biz doimiy nomlar bilan ikkita virtual ko'prik interfeysini yaratamiz: LAN и wan. Birinchisiga Wi-Fi adapter(lar)ini, ikkinchisiga esa eth0 “malina” ni “ulaymiz”.

/etc/systemd/network/lan.netdev:

[NetDev]
Name=lan
Kind=bridge

/etc/systemd/network/lan.network:

[Match]
Name=lan

[Network]
Address=192.168.0.1/24
IPForward=yes

/etc/systemd/network/wan.netdev:

[NetDev]
Name=wan
Kind=bridge
#MACAddress=xx:xx:xx:xx:xx:xx

/etc/systemd/network/wan.network:

[Match]
Name=wan

[Network]
DHCP=ipv4
IPForward=yes

IPForward=ha marshrutlashni yoqish uchun sysctl orqali yadroga ishora qilish zaruratini yo'q qiladi.
MACAadres= Sharhni bekor qilamiz va kerak bo'lsa o'zgartiramiz.

Avval biz eth0 ni "ulaymiz". Biz "bir xillik muammosi" ni eslaymiz va faqat ushbu interfeysning MAC manzilidan foydalanamiz, siz buni bilib olishingiz mumkin, masalan:

# cat /sys/class/net/eth0/address

Biz yaratamiz /etc/systemd/network/eth.network:

[Match]
MACAddress=b8:27:eb:xx:xx:xx

[Network]
Bridge=wan

Biz oldingi eth0 konfiguratsiya faylini o'chirib tashlaymiz, Raspberry-ni qayta ishga tushiramiz va unga tarmoqqa kirish huquqiga ega bo'lamiz (IP-manzil o'zgarishi mumkin):

# rm -fv /etc/systemd/network/eth0.network
# reboot

5.DNSMASQ

Wi-Fi ulanish nuqtalarini yaratish uchun hech narsa shirin juftlikdan o'tib ketmaydi dnsmasq + hostapd buni hali aniqlaganim yo'q. Mening fikrimcha.

Agar kimdir unutgan bo'lsa, unda ...hostapd - bu Wi-Fi adapterlarini boshqaradigan narsa (xususan, ularni virtualga ulash haqida g'amxo'rlik qiladi. LAN "malina"), simsiz mijozlarga ruxsat beradi va ro'yxatdan o'tkazadi.

dnsmasq — mijozlarning tarmoq to'plamini sozlaydi: IP manzillar, DNS serverlar, standart shlyuz va shunga o'xshash zavqlarni chiqaradi.

dnsmasq bilan boshlaylik:

# yum install dnsmasq

Andoza /etc/resolv.conf:

nameserver 1.1.1.1
nameserver 1.0.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 77.88.8.8
nameserver 77.88.8.1
domain router.local
search router.local

uni o'zingizning xohishingizga ko'ra tahrirlang.

minimalist /etc/dnsmasq.conf:

domain-needed
bogus-priv
interface=lan
bind-dynamic
expand-hosts
domain=#
dhcp-range=192.168.0.100,192.168.0.199,255.255.255.0,24h
conf-dir=/etc/dnsmasq.d

Bu erda "sehr" parametrda yotadi bog'lovchi-dinamik, bu dnsmasq demoniga tizimda paydo bo'lguncha kutishni aytadi interfeys = lan, va boshlangandan keyin mag'rur yolg'izlik fitnasidan hushidan ketmaydi.

# systemctl enable dnsmasq
# systemctl start dnsmasq; journalctl -f

6. HOSTAPD

Va nihoyat, sehrli hostapd konfiguratsiyasi. Kimdir ushbu maqolani aynan shu qimmatbaho satrlarni izlab o'qiyotganiga shubha qilmayman.

Hostapd-ni o'rnatishdan oldin siz "bir xillik muammosini" engishingiz kerak. O'rnatilgan Wi-Fi adapteri wlan0 qo'shimcha USB Wi-Fi uskunasini ulashda o'z nomini osongina wlan1 ga o'zgartirishi mumkin. Shuning uchun biz interfeys nomlarini quyidagi tarzda tuzatamiz: biz (simsiz) adapterlar uchun noyob nomlarni topamiz va ularni MAC manzillariga bog'laymiz.

Hali ham wlan0 bo'lgan o'rnatilgan Wi-Fi adapteri uchun:

# cat /sys/class/net/wlan0/address 
b8:27:eb:xx:xx:xx

Biz yaratamiz /etc/systemd/network/wl0.link:

[Match]
MACAddress=b8:27:eb:xx:xx:xx

[Link]
Name=wl0

Endi biz bunga ishonch hosil qilamiz wl0 - Bu o'rnatilgan Wi-Fi. Bunga ishonch hosil qilish uchun Raspberry-ni qayta ishga tushiramiz.

O'rnatish:

# yum install hostapd wireless-tools

Konfiguratsiya fayli /etc/hostapd/hostapd.conf:

ssid=rpi
wpa_passphrase=1234567890

channel=36

country_code=US

interface=wl0
bridge=lan

driver=nl80211

auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP

macaddr_acl=0

hw_mode=a
wmm_enabled=1

# N
ieee80211n=1
require_ht=1
ht_capab=[MAX-AMSDU-3839][HT40+][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]

# AC
ieee80211ac=1
require_vht=1
ieee80211d=0
ieee80211h=0
vht_capab=[MAX-AMSDU-3839][SHORT-GI-80]
vht_oper_chwidth=1
vht_oper_centr_freq_seg0_idx=42

Bir lahza ham unutmasdan Davlat favqulodda qo'mitasi, bizga kerakli parametrlarni o'zgartiring va funksionallikni qo'lda tekshiring:

# hostapd /etc/hostapd/hostapd.conf

hostapd interaktiv rejimda ishga tushadi va o'z holatini konsolga uzatadi. Hech qanday xato bo'lmasa, AC rejimini qo'llab-quvvatlaydigan mijozlar kirish nuqtasiga ulanishi mumkin. Hostapd-ni to'xtatish uchun - Ctrl-C.

Qolgan narsa tizimni ishga tushirishda hostapd-ni yoqishdir. Agar siz standart ishni qilsangiz (systemctl hostapd-ni yoqish), keyingi qayta ishga tushirilgandan so'ng siz "qonga aylanayotgan" jinni "tashhisi bilan" olishingiz mumkin.wl0 interfeysi topilmadi". "Paralel betartiblik" natijasida hostapd simsiz adapter topilgan yadrodan tezroq ishga tushdi.

Internet muolajalar bilan to'la: demonni ishga tushirishdan oldin majburiy vaqt tugashidan (bir necha daqiqa), interfeys ko'rinishini kuzatuvchi va xost panelini (qayta) ishga tushiradigan boshqa demongacha. Yechimlar juda samarali, ammo juda xunuk. Biz buyuk zotni yordamga chaqiramiz tizimd uning "maqsadlari" va "vazifalari" va "bog'liqlari" bilan.

Tarqatish xizmati faylidan nusxa oling /etc/systemd/system/hostapd.service:

# cp -fv /usr/lib/systemd/system/hostapd.service /etc/systemd/system

va uning mazmunini quyidagi shaklga qisqartiring:

[Unit]
Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
After=sys-subsystem-net-devices-wl0.device
BindsTo=sys-subsystem-net-devices-wl0.device

[Service]
Type=forking
PIDFile=/run/hostapd.pid
ExecStart=/usr/sbin/hostapd /etc/hostapd/hostapd.conf -P /run/hostapd.pid -B

[Install]
WantedBy=sys-subsystem-net-devices-wl0.device

Yangilangan xizmat faylining sehri hostapd-ni yangi maqsad - wl0 interfeysi bilan dinamik bog'lashda yotadi. Interfeys paydo bo'lganda, demon ishga tushadi; u yo'qolganda, u to'xtaydi. Va bularning barchasi onlayn - tizimni qayta ishga tushirmasdan. Ushbu usul, ayniqsa, USB Wi-Fi adapterini Raspberry-ga ulashda foydali bo'ladi.

Endi siz:

# systemctl enable hostapd
# reboot

7. IPTABLLAR

"Nima???" © Ha, ha! Yo'q tizimd. Yangi kombaynlar yo'q (shaklda xavfsizlik devori), oxir-oqibat xuddi shu narsani qiladi.

Keling, yaxshi eskisini ishlataylik iptables, uning xizmatlari ishga tushirilgandan so'ng, tarmoq qoidalarini yadroga yuklaydi va rezident bo'lmasdan va resurslarni iste'mol qilmasdan jimgina o'chiriladi. systemd nafis xususiyatga ega IPMasquerade=, lekin biz baribir manzil tarjimasi (NAT) va xavfsizlik devorini iptables-ga ishonib topshiramiz.

O'rnatish:

# yum install iptables-services
# systemctl enable iptables ip6tables

Men iptables konfiguratsiyasini skript sifatida saqlashni afzal ko'raman (misol):

#!/bin/bash

#
# Disable IPv6
#
ip6tables --flush
ip6tables --delete-chain

ip6tables --policy INPUT   DROP
ip6tables --policy FORWARD DROP
ip6tables --policy OUTPUT  DROP

ip6tables-save > /etc/sysconfig/ip6tables
systemctl restart ip6tables

#
# Cleaning
#
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

#
# Loopback, lan
#
iptables -A INPUT -i lo  -j ACCEPT
iptables -A INPUT -i lan -j ACCEPT

#
# Ping, Established
#
iptables -A INPUT -p icmp  --icmp-type echo-request    -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#
# NAT
#
iptables -t nat -A POSTROUTING -o wan -j MASQUERADE

#
# Saving
#
iptables-save > /etc/sysconfig/iptables
systemctl restart iptables

Biz yuqoridagi skriptni bajaramiz va Raspberry bilan yangi simli SSH ulanishlarini o'rnatish imkoniyatini yo'qotamiz. To'g'ri, biz Wi-Fi router yaratdik, unga kirish sukut bo'yicha "Internet orqali" taqiqlangan - endi faqat "havo orqali". Biz provayderning Ethernet kabelini ulaymiz va sörf qilishni boshlaymiz!

8. Bonus: +2,4GHz

Yuqorida tavsiflangan chizma yordamida birinchi Raspberry routerini yig'ganimda, men uyimdagi Wi-Fi dizayn cheklovlari tufayli "malina" ni umuman ko'ra olmaydigan bir qancha gadjetlarni topdim. Routerni 802.11b/g/n da ishlash uchun qayta sozlash sportga mos kelmaydi, chunki bu holda "havo orqali" maksimal tezlik 40 Mbit dan oshmadi va mening sevimli Internet-provayderim menga 100 (kabel orqali) taklif qiladi.

Aslida, muammoni hal qilish allaqachon ixtiro qilingan: 2,4 gigagertsli chastotada ishlaydigan ikkinchi Wi-Fi interfeysi va ikkinchi kirish nuqtasi. Yaqin atrofdagi do'konda men birinchi emas, balki ikkinchi USB Wi-Fi "hushtak"ini sotib oldim. Sotuvchini chipset, ARM Linux yadrolari bilan mosligi va AP rejimida ishlash imkoniyati (u birinchi bo'lib boshlagan) haqidagi savollar qiynadi.

Biz "hushtak" ni o'rnatilgan Wi-Fi adapteriga o'xshash tarzda sozlaymiz.

Birinchidan, uning nomini o'zgartiramiz wl1:

# cat /sys/class/net/wlan0/address 
b0:6e:bf:xx:xx:xx

/etc/systemd/network/wl1.link:

[Match]
MACAddress=b0:6e:bf:xx:xx:xx

[Link]
Name=wl1

Biz yangi Wi-Fi interfeysini boshqarishni alohida hostapd demoniga ishonib topshiramiz, u tizimda qat'iy belgilangan "hushtak" mavjudligiga qarab boshlanadi va to'xtaydi: wl1.

Konfiguratsiya fayli /etc/hostapd/hostapd2.conf:

ssid=rpi2
wpa_passphrase=1234567890

#channel=1
#channel=6
channel=11

interface=wl1
bridge=lan

driver=nl80211

auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP

macaddr_acl=0

hw_mode=g
wmm_enabled=1

# N
ieee80211n=1
require_ht=1
ht_capab=[HT40][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]

Ushbu faylning mazmuni to'g'ridan-to'g'ri USB Wi-Fi adapterining modeliga bog'liq, shuning uchun banal nusxa ko'chirish/joylashtirish sizga muvaffaqiyatsiz bo'lishi mumkin.

Tarqatish xizmati faylidan nusxa oling /etc/systemd/system/hostapd2.service:

# cp -fv /usr/lib/systemd/system/hostapd.service /etc/systemd/system/hostapd2.service

va uning mazmunini quyidagi shaklga qisqartiring:

[Unit]
Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
After=sys-subsystem-net-devices-wl1.device
BindsTo=sys-subsystem-net-devices-wl1.device

[Service]
Type=forking
PIDFile=/run/hostapd2.pid
ExecStart=/usr/sbin/hostapd /etc/hostapd/hostapd2.conf -P /run/hostapd2.pid -B

[Install]
WantedBy=sys-subsystem-net-devices-wl1.device

Qolgan narsa yangi hostapd nusxasini yoqishdir:

# systemctl enable hostapd2

Ana xolos! "Hushtak" va "malina" ning o'zini torting, atrofingizdagi simsiz tarmoqlarga qarang.

Va nihoyat, men sizni USB Wi-Fi adapterining sifati va Raspberry-ning quvvat manbai haqida ogohlantirmoqchiman. Bog'langan "issiq hushtak" ba'zan qisqa muddatli elektr muammolari tufayli "malinaning muzlashiga" olib kelishi mumkin.

Manba: www.habr.com

Raspberry Pi + CentOS = Wi-Fi Hotspot (yoki qizil shlyapali malina router)