Raspberry bir taxtali kompyuter asosida Wi-Fi ulanish nuqtalarini yaratish bo'yicha Internetda juda ko'p ma'lumotlar mavjud. Qoida tariqasida, bu Raspberry-ga xos bo'lgan Raspbian operatsion tizimidan foydalanishni anglatadi.
RPM-ga asoslangan tizimlarning tarafdori bo'lganim sababli, men bu kichik mo''jizadan o'tib ketolmadim va sevimli CentOS-ni sinab ko'rmadim.
Maqolada CentOS operatsion tizimiga asoslangan Raspberry Pi 5 Model B+ dan 3 gigagertsli/AC Wi-Fi routerini yaratish bo'yicha ko'rsatmalar keltirilgan. Bir nechta standart, ammo kam ma'lum bo'lgan fokuslar bo'ladi va bonus sifatida - Raspberry'ga bir vaqtning o'zida bir nechta rejimlarda (2,4+5GHz) ishlash imkonini beruvchi qo'shimcha Wi-Fi uskunasini ulash uchun chizma.
(erkin mavjud rasmlar aralashmasi)
Darhol ta'kidlaymizki, ba'zi kosmik tezliklar ishlamaydi. Men Raspberry-dan havoda maksimal 100 Mbit / s tezlikni siqib chiqaraman va bu mening Internet provayderimning tezligini qoplaydi. Nega sizga bunday sust AC kerak, agar nazariy jihatdan siz hatto N da yarim gigabit olishingiz mumkin bo'lsa? Agar siz o'zingizga bu savolni bergan bo'lsangiz, unda sakkizta tashqi antennaga ega haqiqiy router sotib olish uchun do'konga boring.
0. Sizga nima kerak bo'ladi
- Aslida, "malina mahsuloti" ning o'zi kalibrli: Pi 3 Model B+ (5 gigagertsli tezlik va kanallarga erishish uchun);
- Yaxshi microSD >= 4 GB;
- Linux va microSD o'quvchi/yozuvchi bilan ish stantsiyasi;
- Linuxda etarli ko'nikmalar mavjudligi, maqola o'qitilgan Geek uchun;
- Raspberry va Linux o'rtasidagi simli tarmoq (eth0) ulanishi, mahalliy tarmoqdagi DHCP serverini ishga tushirish va ikkala qurilmadan Internetga kirish.
Oxirgi nuqta bo'yicha kichik sharh. "Qaysi biri birinchi bo'lib keldi, tuxum yoki ..." Internetga kirish uchun hech qanday uskuna yo'qligida Wi-Fi routerni qanday qilish kerak? Keling, ushbu qiziqarli mashqni maqola doirasidan tashqarida qoldiraylik va oddiygina Raspberry mahalliy tarmoqqa sim orqali ulangan va Internetga kirish imkoniga ega deb faraz qilaylik. Bunday holda, bizga "malina" ni o'rnatish uchun qo'shimcha televizor va manipulyator kerak bo'lmaydi.
1. CentOS-ni o'rnating
Ushbu maqolani yozish paytida qurilmadagi CentOS-ning ishlayotgan versiyasi 32-bit. World Wide Web-ning biron bir joyida men 64-bitli ARM arxitekturasida bunday operatsion tizimlarning ishlashi 20% ga kamayganligi haqidagi fikrlarga duch keldim. Men bu lahzani izohsiz qoldiraman.
Linuxda yadro bilan minimal tasvirni yuklab oling "-RaspberryPI-"va uni microSD-ga yozing:
# xzcat CentOS-Userland-7-armv7hl-RaspberryPI-Minimal-1810-sda.raw.xz |
dd of=/dev/mmcblk0 bs=4M
# sync
Tasvirdan foydalanishni boshlashdan oldin, biz undan SWAP bo'limini olib tashlaymiz, ildizni barcha mavjud hajmgacha kengaytiramiz va SELinux-dan xalos bo'lamiz. Algoritm oddiy: Linuxda ildiz nusxasini yarating, microSD-dan birinchi (/boot) tashqari barcha bo'limlarni o'chiring, yangi ildiz yarating va uning mazmunini nusxadan qaytaring.
Kerakli harakatlarga misol (qattiq konsol chiqishi)
# mount /dev/mmcblk0p3 /mnt
# cd /mnt
# tar cfz ~/pi.tgz . --no-selinux
# cd
# umount /mnt
# parted /dev/mmcblk0
(parted) unit s
(parted) print free
Model: SD SC16G (sd/mmc)
Disk /dev/mmcblk0: 31116288s
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:
Number Start End Size Type File system Flags
63s 2047s 1985s Free Space
1 2048s 1370111s 1368064s primary fat32 boot, lba
2 1370112s 2369535s 999424s primary linux-swap(v1)
3 2369536s 5298175s 2928640s primary ext4
5298176s 31116287s 25818112s Free Space
(parted) rm 3
(parted) rm 2
(parted) print free
Model: SD SC16G (sd/mmc)
Disk /dev/mmcblk0: 31116288s
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:
Number Start End Size Type File system Flags
63s 2047s 1985s Free Space
1 2048s 1370111s 1368064s primary fat32 boot, lba
1370112s 31116287s 29746176s Free Space
(parted) mkpart
Partition type? primary/extended? primary
File system type? [ext2]? ext4
Start? 1370112s
End? 31116287s
(parted) set
Partition number? 2
Flag to Invert? lba
New state? on/[off]? off
(parted) print free
Model: SD SC16G (sd/mmc)
Disk /dev/mmcblk0: 31116288s
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:
Number Start End Size Type File system Flags
63s 2047s 1985s Free Space
1 2048s 1370111s 1368064s primary fat32 boot, lba
2 1370112s 31116287s 29746176s primary ext4
(parted) quit
# mkfs.ext4 /dev/mmcblk0p2
mke2fs 1.44.6 (5-Mar-2019)
/dev/mmcblk0p2 contains a swap file system labelled '_swap'
Proceed anyway? (y,N) y
Discarding device blocks: done
Creating filesystem with 3718272 4k blocks and 930240 inodes
Filesystem UUID: 6a1a0694-8196-4724-a58d-edde1f189b31
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208
Allocating group tables: done
Writing inode tables: done
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done
# mount /dev/mmcblk0p2 /mnt
# tar xfz ~/pi.tgz -C /mnt --no-selinux
Ildiz bo'limining tarkibini ochgandan so'ng, unga ba'zi o'zgarishlar kiritish vaqti keldi.
SELinux-ni o'chirib qo'ying /mnt/etc/selinux/config:
SELINUX=disabled
Tahrirlash /mnt/etc/fstab, unda bo'limlar haqida faqat ikkita yozuvni qoldirib: yuklash (/boot, o'zgarishlar yo'q) va root (biz UUID qiymatini o'zgartiramiz, buni Linuxda blkid buyrug'ining chiqishini o'rganish orqali bilib olish mumkin):
UUID=6a1a0694-8196-4724-a58d-edde1f189b31 / ext4 defaults,noatime 0 0
UUID=6938-F4F2 /boot vfat defaults,noatime 0 0
Va nihoyat, yadro yuklash parametrlarini o'zgartiramiz: biz ildiz bo'limi uchun yangi joyni belgilaymiz, disk raskadrovka ma'lumotlarining chiqishini o'chirib qo'yamiz va (ixtiyoriy ravishda) yadroga tarmoq interfeyslarida IPv6 manzillarini belgilashni taqiqlaymiz:
# cd
# umount /mnt
# mount /dev/mmcblk0p1 /mnt
Mana tarkib /mnt/cmdline.txt quyidagi shaklga (defissiz bitta qator):
root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait quiet ipv6.disable_ipv6=1
Tugatilgan:
# cd
# umount /mnt
# sync
Biz microSD-ni "malina" ga qayta joylashtiramiz, uni ishga tushiramiz va unga ssh (root/centos) orqali tarmoqqa kirish imkoniyatiga ega bo'lamiz.
2. CentOS ni sozlash
Birinchi uchta harakatsiz harakat: passwd, yum -y yangilash, qayta ishga tushirish.
Biz tarmoq boshqaruvini beramiz tarmoqqa ulangan:
# yum install systemd-networkd
# systemctl enable systemd-networkd
# systemctl disable NetworkManager
# chkconfig network off
Fayl yarating (kataloglar bilan birga) /etc/systemd/network/eth0.network:
[Match]
Name=eth0
[Network]
DHCP=ipv4
Biz "malina" ni qayta ishga tushiramiz va yana ssh orqali tarmoqqa kirish imkoniyatiga ega bo'lamiz (IP-manzil o'zgarishi mumkin). Nima ishlatilganiga e'tibor bering /etc/resolv.conf, avval Tarmoq menejeri tomonidan yaratilgan. Shuning uchun, hal qilish bilan bog'liq muammolar bo'lsa, uning mazmunini tahrirlang. Foydalanish tizim hal qilindi qilmaymiz.
Biz "keraksiz" ni olib tashlaymiz, ta'mirlaymiz va OTni yuklashni tezlashtiramiz:
# systemctl set-default multi-user.target
# yum remove GeoIP Network* aic* alsa* cloud-utils-growpart
cronie* dhc* firewal* initscripts iwl* kexec* logrotate
postfix rsyslog selinux-pol* teamd wpa_supplicant
Kimga kerak cron va o'rnatilganni kim hazm qilmaydi
# mkdir /var/log/journal
# systemd-tmpfiles --create --prefix /var/log/journal
# systemctl restart systemd-journald
# vi /etc/systemd/journald.conf
Asosiy xizmatlar tomonidan IPv6 dan foydalanishni o'chirib qo'ying (agar kerak bo'lsa)/ etc / ssh / sshd_config:
AddressFamily inet
/etc/sysconfig/chronyd:
OPTIONS="-4"
"Malina" da vaqtning dolzarbligi muhim narsadir. Qayta ishga tushirilgandan so'ng soatning joriy holatini saqlab qo'yish uchun qo'shimcha qurilma mavjud emasligi sababli, sinxronizatsiya kerak. Buning uchun juda yaxshi va tezkor demon xroniya - allaqachon o'rnatilgan va avtomatik ravishda boshlanadi. NTP serverlarini eng yaqinlariga o'zgartirishingiz mumkin.
/etc/chrony.conf:
server 0.ru.pool.ntp.org iburst
server 1.ru.pool.ntp.org iburst
server 2.ru.pool.ntp.org iburst
server 3.ru.pool.ntp.org iburst
Vaqt mintaqasini belgilash uchun biz foydalanamiz hiyla. Bizning maqsadimiz 5 gigagertsli chastotalarda ishlaydigan Wi-Fi router yaratish bo'lganligi sababli, biz kutilmagan hodisalarga oldindan tayyorlanamiz. regulyator:
# yum info crda
Xulosa: 802.11 simsiz tarmoq uchun me'yoriy muvofiqlik demoni
Ushbu yovuz dizayn, shuningdek, vaqt mintaqasiga asoslangan holda, 5 gigagertsli chastotalar va "yuqori" raqamlarga ega kanallardan foydalanishni (Rossiyada) "taqiqlaydi". Hiyla-nayrang, vaqt mintaqasini qit'alar/shaharlar nomlaridan foydalanmasdan o'rnatish, ya'ni:
# timedatectl set-timezone Europe/Moscow
Biz bosamiz:
# timedatectl set-timezone Etc/GMT-3
Va tizimning soch turmagiga yakuniy teginishlar:
# hostnamectl set-hostname router
/root/.bash_profile:
. . .
# User specific environment and startup programs
export PROMPT_COMMAND="vcgencmd measure_temp"
export LANG=en_US.UTF-8
export PATH=$PATH:$HOME/bin
3. CentOS plaginlari
Yuqorida aytilganlarning barchasini Raspberry Pi-ga "vanilla" CentOS-ni o'rnatish bo'yicha to'liq ko'rsatmalar deb hisoblash mumkin. Siz 10 soniyadan kamroq vaqt ichida (qayta) ishga tushadigan, 15 megabaytdan kam operativ xotira va 1.5 gigabayt microSD ishlatadigan kompyuterga ega bo'lishingiz kerak (aslida to'liq bo'lmaganligi uchun 1 Gigabaytdan kam, lekin halol bo'lsin).
Ushbu tizimda Wi-Fi kirish nuqtasi dasturini o'rnatish uchun siz standart CentOS tarqatish imkoniyatlarini biroz kengaytirishingiz kerak bo'ladi. Avvalo, o'rnatilgan Wi-Fi adapterining drayverini (proshivka) yangilaymiz. Loyihaning bosh sahifasida shunday deyilgan:
Raspberry 3B va 3B+ da Wi-Fi
Raspberry PI 3B/3B+ proshivka fayllari CentOS loyihasi tomonidan tarqatilishiga ruxsat etilmaydi. Muammoni tushunish, proshivkani olish va Wi-Fi-ni sozlash uchun quyidagi maqolalardan foydalanishingiz mumkin.
CentOS loyihasi uchun taqiqlangan narsa biz uchun shaxsiy foydalanish uchun taqiqlanmagan. Biz CentOS-dagi tarqatish Wi-Fi proshivkasini Broadcom dasturchilarining mos keladiganiga almashtiramiz (o'sha nafratlangan ikkilik bloklar...). Bu, xususan, kirish nuqtasi rejimida AC dan foydalanishga imkon beradi.
Wi-Fi mikrodasturini yangilashQurilma modeli va joriy dasturiy ta'minot versiyasini bilib oling:
# journalctl | grep $(basename $(readlink /sys/class/net/wlan0/device/driver))
Jan 01 04:00:03 router kernel: brcmfmac: F1 signature read @0x18000000=0x15264345
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_fw_map_chip_to_name: using brcm/brcmfmac43455-sdio.bin for chip 0x004345(17221) rev 0x000006
Jan 01 04:00:03 router kernel: usbcore: registered new interface driver brcmfmac
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_c_preinit_dcmds: Firmware version = wl0: Mar 1 2015 07:29:38 version 7.45.18 (r538002) FWID 01-6a2c8ad4
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_c_preinit_dcmds: CLM version = API: 12.2 Data: 7.14.8 Compiler: 1.24.9 ClmImport: 1.24.9 Creation: 2014-09-02 03:05:33 Inc Data: 7.17.1 Inc Compiler: 1.26.11 Inc ClmImport: 1.26.11 Creation: 2015-03-01 07:22:34
Biz proshivka versiyasi 7.45.18 yildagi 01.03.2015 ekanligini ko'ramiz va quyidagi raqamlar to'plamini eslaymiz: 43455 (brcmfmac43455-sdio.bin).
# wget https://downloads.raspberrypi.org/raspbian_lite_latest
# unzip -p raspbian_lite_latest > raspbian.img
# fdisk -l raspbian.img
Disk raspbian.img: 2 GiB, 2197815296 bytes, 4292608 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x17869b7d
Device Boot Start End Sectors Size Id Type
raspbian.img1 8192 532480 524289 256M c W95 FAT32 (LBA)
raspbian.img2 540672 4292607 3751936 1.8G 83 Linux
# mount -t ext4 -o loop,offset=$((540672 * 512)) raspbian.img /mnt
# cp -fv /mnt/lib/firmware/brcm/*43455* ...
'/mnt/lib/firmware/brcm/brcmfmac43455-sdio.bin' -> ...
'/mnt/lib/firmware/brcm/brcmfmac43455-sdio.clm_blob' -> ...
'/mnt/lib/firmware/brcm/brcmfmac43455-sdio.txt' -> ...
# umount /mnt
Olingan Wi-Fi adapter proshivka fayllari ko'chirilishi va katalogga "malina" bilan almashtirilishi kerak /usr/lib/firmware/brcm/
Biz kelajakdagi routerni qayta ishga tushiramiz va mamnunlik bilan tabassum qilamiz:
# journalctl | grep $(basename $(readlink /sys/class/net/wlan0/device/driver))
Jan 01 04:00:03 router kernel: brcmfmac: F1 signature read @0x18000000=0x15264345
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_fw_map_chip_to_name: using brcm/brcmfmac43455-sdio.bin for chip 0x004345(17221) rev 0x000006
Jan 01 04:00:03 router kernel: usbcore: registered new interface driver brcmfmac
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_c_preinit_dcmds: Firmware version = wl0: Feb 27 2018 03:15:32 version 7.45.154 (r684107 CY) FWID 01-4fbe0b04
Jan 01 04:00:03 router kernel: brcmfmac: brcmf_c_preinit_dcmds: CLM version = API: 12.2 Data: 9.10.105 Compiler: 1.29.4 ClmImport: 1.36.3 Creation: 2018-03-09 18:56:28
Versiya: 7.45.154 yildagi 27.02.2018.
Va, albatta, EPEL:
# cat > /etc/yum.repos.d/epel.repo << EOF
[epel]
name=Epel rebuild for armhfp
baseurl=https://armv7.dev.centos.org/repodir/epel-pass-1/
enabled=1
gpgcheck=0
EOF
# yum clean all
# rm -rfv /var/cache/yum
# yum update
4. Tarmoq konfiguratsiyasi va oldinda turgan muammolar
Yuqorida kelishib olganimizdek, "malina" mahalliy tarmoqqa "sim" orqali ulangan. Aytaylik, provayder Internetga kirishni xuddi shunday tarzda ta'minlaydi: umumiy tarmoqdagi manzil DHCP serveri tomonidan dinamik ravishda chiqariladi (ehtimol MAC ulanishi bilan). Bunday holda, malinaning yakuniy o'rnatilishidan so'ng, provayderning kabelini unga "ulashingiz" kerak va siz tugatasiz. Avtorizatsiya yordamida systemd-tarmoqd - alohida maqolaning mavzusi va bu erda muhokama qilinmaydi.
Raspberry-ning Wi-Fi interfeys(lar)i mahalliy tarmoq bo'lib, o'rnatilgan Ethernet adapteri (eth0) tashqidir. Mahalliy tarmoqni statik raqamlaymiz, masalan: 192.168.0.0/24. Malina manzili: 192.168.0.1. DHCP serveri tashqi tarmoqda (Internet) ishlaydi.
Parallel xaos (lirik chekinish)Lennart Pottering o'z dasturini tuzdi tizimd juda yaxshi. Bu tizimd boshqa dasturlarni shu qadar tez ishga tushiradiki, ular hakamning hushtak chalganidan keyin o'zini tutishga ulgurmay, to'siqlar yo'nalishini boshlamasdan ham boshida qoqilib, yiqilib ketishadi.
Ammo jiddiy tarzda, tizimli operatsion tizimning boshlanishida boshlangan jarayonlarning agressiv parallellashuvi tajribali ketma-ket LSB mutaxassislari uchun o'ziga xos "eshak ko'prigi" dir. Yaxshiyamki, bu "parallel betartiblik" ni tartibga solish har doim ham aniq bo'lmasa ham, oddiy bo'lib chiqadi.
Biz doimiy nomlar bilan ikkita virtual ko'prik interfeysini yaratamiz: LAN ΠΈ wan. Birinchisiga Wi-Fi adapter(lar)ini, ikkinchisiga esa eth0 βmalinaβ ni βulaymizβ.
/etc/systemd/network/lan.netdev:
[NetDev]
Name=lan
Kind=bridge
/etc/systemd/network/lan.network:
[Match]
Name=lan
[Network]
Address=192.168.0.1/24
IPForward=yes
/etc/systemd/network/wan.netdev:
[NetDev]
Name=wan
Kind=bridge
#MACAddress=xx:xx:xx:xx:xx:xx
/etc/systemd/network/wan.network:
[Match]
Name=wan
[Network]
DHCP=ipv4
IPForward=yes
IPForward=ha marshrutlashni yoqish uchun sysctl orqali yadroga ishora qilish zaruratini yo'q qiladi.
MACAadres= Sharhni bekor qilamiz va kerak bo'lsa o'zgartiramiz.
Avval biz eth0 ni "ulaymiz". Biz "bir xillik muammosi" ni eslaymiz va faqat ushbu interfeysning MAC manzilidan foydalanamiz, siz buni bilib olishingiz mumkin, masalan:
# cat /sys/class/net/eth0/address
Biz yaratamiz /etc/systemd/network/eth.network:
[Match]
MACAddress=b8:27:eb:xx:xx:xx
[Network]
Bridge=wan
Biz oldingi eth0 konfiguratsiya faylini o'chirib tashlaymiz, Raspberry-ni qayta ishga tushiramiz va unga tarmoqqa kirish huquqiga ega bo'lamiz (IP-manzil o'zgarishi mumkin):
# rm -fv /etc/systemd/network/eth0.network
# reboot
5.DNSMASQ
Wi-Fi ulanish nuqtalarini yaratish uchun hech narsa shirin juftlikdan o'tib ketmaydi dnsmasq + hostapd buni hali aniqlaganim yo'q. Mening fikrimcha.
Agar kimdir unutgan bo'lsa, unda ...
dnsmasq bilan boshlaylik:
# yum install dnsmasq
Andoza /etc/resolv.conf:
nameserver 1.1.1.1
nameserver 1.0.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 77.88.8.8
nameserver 77.88.8.1
domain router.local
search router.local
uni o'zingizning xohishingizga ko'ra tahrirlang.
minimalist /etc/dnsmasq.conf:
domain-needed
bogus-priv
interface=lan
bind-dynamic
expand-hosts
domain=#
dhcp-range=192.168.0.100,192.168.0.199,255.255.255.0,24h
conf-dir=/etc/dnsmasq.d
Bu erda "sehr" parametrda yotadi bog'lovchi-dinamik, bu dnsmasq demoniga tizimda paydo bo'lguncha kutishni aytadi interfeys = lan, va boshlangandan keyin mag'rur yolg'izlik fitnasidan hushidan ketmaydi.
# systemctl enable dnsmasq
# systemctl start dnsmasq; journalctl -f
6. HOSTAPD
Va nihoyat, sehrli hostapd konfiguratsiyasi. Kimdir ushbu maqolani aynan shu qimmatbaho satrlarni izlab o'qiyotganiga shubha qilmayman.
Hostapd-ni o'rnatishdan oldin siz "bir xillik muammosini" engishingiz kerak. O'rnatilgan Wi-Fi adapteri wlan0 qo'shimcha USB Wi-Fi uskunasini ulashda o'z nomini osongina wlan1 ga o'zgartirishi mumkin. Shuning uchun biz interfeys nomlarini quyidagi tarzda tuzatamiz: biz (simsiz) adapterlar uchun noyob nomlarni topamiz va ularni MAC manzillariga bog'laymiz.
Hali ham wlan0 bo'lgan o'rnatilgan Wi-Fi adapteri uchun:
# cat /sys/class/net/wlan0/address
b8:27:eb:xx:xx:xx
Biz yaratamiz /etc/systemd/network/wl0.link:
[Match]
MACAddress=b8:27:eb:xx:xx:xx
[Link]
Name=wl0
Endi biz bunga ishonch hosil qilamiz wl0 - Bu o'rnatilgan Wi-Fi. Bunga ishonch hosil qilish uchun Raspberry-ni qayta ishga tushiramiz.
O'rnatish:
# yum install hostapd wireless-tools
Konfiguratsiya fayli /etc/hostapd/hostapd.conf:
ssid=rpi
wpa_passphrase=1234567890
channel=36
country_code=US
interface=wl0
bridge=lan
driver=nl80211
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
macaddr_acl=0
hw_mode=a
wmm_enabled=1
# N
ieee80211n=1
require_ht=1
ht_capab=[MAX-AMSDU-3839][HT40+][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]
# AC
ieee80211ac=1
require_vht=1
ieee80211d=0
ieee80211h=0
vht_capab=[MAX-AMSDU-3839][SHORT-GI-80]
vht_oper_chwidth=1
vht_oper_centr_freq_seg0_idx=42
Bir lahza ham unutmasdan
# hostapd /etc/hostapd/hostapd.conf
hostapd interaktiv rejimda ishga tushadi va o'z holatini konsolga uzatadi. Hech qanday xato bo'lmasa, AC rejimini qo'llab-quvvatlaydigan mijozlar kirish nuqtasiga ulanishi mumkin. Hostapd-ni to'xtatish uchun - Ctrl-C.
Qolgan narsa tizimni ishga tushirishda hostapd-ni yoqishdir. Agar siz standart ishni qilsangiz (systemctl hostapd-ni yoqish), keyingi qayta ishga tushirilgandan so'ng siz "qonga aylanayotgan" jinni "tashhisi bilan" olishingiz mumkin.wl0 interfeysi topilmadi". "Paralel betartiblik" natijasida hostapd simsiz adapter topilgan yadrodan tezroq ishga tushdi.
Internet muolajalar bilan to'la: demonni ishga tushirishdan oldin majburiy vaqt tugashidan (bir necha daqiqa), interfeys ko'rinishini kuzatuvchi va xost panelini (qayta) ishga tushiradigan boshqa demongacha. Yechimlar juda samarali, ammo juda xunuk. Biz buyuk zotni yordamga chaqiramiz tizimd uning "maqsadlari" va "vazifalari" va "bog'liqlari" bilan.
Tarqatish xizmati faylidan nusxa oling /etc/systemd/system/hostapd.service:
# cp -fv /usr/lib/systemd/system/hostapd.service /etc/systemd/system
va uning mazmunini quyidagi shaklga qisqartiring:
[Unit]
Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
After=sys-subsystem-net-devices-wl0.device
BindsTo=sys-subsystem-net-devices-wl0.device
[Service]
Type=forking
PIDFile=/run/hostapd.pid
ExecStart=/usr/sbin/hostapd /etc/hostapd/hostapd.conf -P /run/hostapd.pid -B
[Install]
WantedBy=sys-subsystem-net-devices-wl0.device
Yangilangan xizmat faylining sehri hostapd-ni yangi maqsad - wl0 interfeysi bilan dinamik bog'lashda yotadi. Interfeys paydo bo'lganda, demon ishga tushadi; u yo'qolganda, u to'xtaydi. Va bularning barchasi onlayn - tizimni qayta ishga tushirmasdan. Ushbu usul, ayniqsa, USB Wi-Fi adapterini Raspberry-ga ulashda foydali bo'ladi.
Endi siz:
# systemctl enable hostapd
# reboot
7. IPTABLLAR
"Nima???" Β© Ha, ha! Yo'q tizimd. Yangi kombaynlar yo'q (shaklda xavfsizlik devori), oxir-oqibat xuddi shu narsani qiladi.
Keling, yaxshi eskisini ishlataylik iptables, uning xizmatlari ishga tushirilgandan so'ng, tarmoq qoidalarini yadroga yuklaydi va rezident bo'lmasdan va resurslarni iste'mol qilmasdan jimgina o'chiriladi. systemd nafis xususiyatga ega IPMasquerade=, lekin biz baribir manzil tarjimasi (NAT) va xavfsizlik devorini iptables-ga ishonib topshiramiz.
O'rnatish:
# yum install iptables-services
# systemctl enable iptables ip6tables
Men iptables konfiguratsiyasini skript sifatida saqlashni afzal ko'raman (misol):
#!/bin/bash
#
# Disable IPv6
#
ip6tables --flush
ip6tables --delete-chain
ip6tables --policy INPUT DROP
ip6tables --policy FORWARD DROP
ip6tables --policy OUTPUT DROP
ip6tables-save > /etc/sysconfig/ip6tables
systemctl restart ip6tables
#
# Cleaning
#
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
#
# Loopback, lan
#
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i lan -j ACCEPT
#
# Ping, Established
#
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#
# NAT
#
iptables -t nat -A POSTROUTING -o wan -j MASQUERADE
#
# Saving
#
iptables-save > /etc/sysconfig/iptables
systemctl restart iptables
Biz yuqoridagi skriptni bajaramiz va Raspberry bilan yangi simli SSH ulanishlarini o'rnatish imkoniyatini yo'qotamiz. To'g'ri, biz Wi-Fi router yaratdik, unga kirish sukut bo'yicha "Internet orqali" taqiqlangan - endi faqat "havo orqali". Biz provayderning Ethernet kabelini ulaymiz va sΓΆrf qilishni boshlaymiz!
8. Bonus: +2,4GHz
Yuqorida tavsiflangan chizma yordamida birinchi Raspberry routerini yig'ganimda, men uyimdagi Wi-Fi dizayn cheklovlari tufayli "malina" ni umuman ko'ra olmaydigan bir qancha gadjetlarni topdim. Routerni 802.11b/g/n da ishlash uchun qayta sozlash sportga mos kelmaydi, chunki bu holda "havo orqali" maksimal tezlik 40 Mbit dan oshmadi va mening sevimli Internet-provayderim menga 100 (kabel orqali) taklif qiladi.
Aslida, muammoni hal qilish allaqachon ixtiro qilingan: 2,4 gigagertsli chastotada ishlaydigan ikkinchi Wi-Fi interfeysi va ikkinchi kirish nuqtasi. Yaqin atrofdagi do'konda men birinchi emas, balki ikkinchi USB Wi-Fi "hushtak"ini sotib oldim. Sotuvchini chipset, ARM Linux yadrolari bilan mosligi va AP rejimida ishlash imkoniyati (u birinchi bo'lib boshlagan) haqidagi savollar qiynadi.
Biz "hushtak" ni o'rnatilgan Wi-Fi adapteriga o'xshash tarzda sozlaymiz.
Birinchidan, uning nomini o'zgartiramiz wl1:
# cat /sys/class/net/wlan0/address
b0:6e:bf:xx:xx:xx
/etc/systemd/network/wl1.link:
[Match]
MACAddress=b0:6e:bf:xx:xx:xx
[Link]
Name=wl1
Biz yangi Wi-Fi interfeysini boshqarishni alohida hostapd demoniga ishonib topshiramiz, u tizimda qat'iy belgilangan "hushtak" mavjudligiga qarab boshlanadi va to'xtaydi: wl1.
Konfiguratsiya fayli /etc/hostapd/hostapd2.conf:
ssid=rpi2
wpa_passphrase=1234567890
#channel=1
#channel=6
channel=11
interface=wl1
bridge=lan
driver=nl80211
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
macaddr_acl=0
hw_mode=g
wmm_enabled=1
# N
ieee80211n=1
require_ht=1
ht_capab=[HT40][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]
Ushbu faylning mazmuni to'g'ridan-to'g'ri USB Wi-Fi adapterining modeliga bog'liq, shuning uchun banal nusxa ko'chirish/joylashtirish sizga muvaffaqiyatsiz bo'lishi mumkin.
Tarqatish xizmati faylidan nusxa oling /etc/systemd/system/hostapd2.service:
# cp -fv /usr/lib/systemd/system/hostapd.service /etc/systemd/system/hostapd2.service
va uning mazmunini quyidagi shaklga qisqartiring:
[Unit]
Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
After=sys-subsystem-net-devices-wl1.device
BindsTo=sys-subsystem-net-devices-wl1.device
[Service]
Type=forking
PIDFile=/run/hostapd2.pid
ExecStart=/usr/sbin/hostapd /etc/hostapd/hostapd2.conf -P /run/hostapd2.pid -B
[Install]
WantedBy=sys-subsystem-net-devices-wl1.device
Qolgan narsa yangi hostapd nusxasini yoqishdir:
# systemctl enable hostapd2
Ana xolos! "Hushtak" va "malina" ning o'zini torting, atrofingizdagi simsiz tarmoqlarga qarang.
Va nihoyat, men sizni USB Wi-Fi adapterining sifati va Raspberry-ning quvvat manbai haqida ogohlantirmoqchiman. Bog'langan "issiq hushtak" ba'zan qisqa muddatli elektr muammolari tufayli "malinaning muzlashiga" olib kelishi mumkin.
Manba: www.habr.com