Bonjour à tous .
Après moultes essais , et disons le , à bout de souffle dans mes reboot et mes re-essais , je me retourne vers vous pour , disons le , m'éviter quelques séances de psychothérapie ....
Le matériel : dans le titre Orange Pi Zero .
http://linux-sunxi.org/Xunlong_Orange_Pi_ZeroCe que je veux faire : Avoir un point d'accès wifi me permettant de connecter des périphériques (si si !!) ayant un accès internet MAIS n'étant pas sur le broadcast de ma box (hum hum)
Ce que j'ai essayé : tout ce qui tourne autour de hostapd , network interface ...
Ce qui fonctionne :
Ce script
#!/bin/bash
#
# hotspot2014.sh
#
# Wireless Access Point (SoftAP)
#
# by AgentSteel for Debian-fr.org
# 24/Apr/2014
#
# USE AT YOUR OWN RISK!
#
# Tested on Debian Wheezy (7.0)
#
# Two modes of operation :
# - with a network bridge (see BRIDGE variable) for transparent connection sharing (no DNS logging...)
# or
# - with dnsmasq and iptables for packet forwarding between network interfaces (DNS logging)
#
# Run this script as root.
# This script will likely stop currently running network connections.
# You may also need to disable your local firewall.
#
# Required : dhclient, hostapd, firmware-realtek (non-free)
# Optional : bridge-utils, dnsmasq
# Adjust your settings here
WLAN="wlan0"
systemctl stop wpa_supplicant # Rajouté
systemctl disable wpa_supplicant # Rajouté
nmcli radio wifi off # Rajouté
rfkill unblock wlan # Rajouté
# the IP address of your SoftAP interface (if using dnsmasq)
# and the corresponding IP range for your SoftAP clients (if using dnsmasq)
WLAN_IP="192.168.9.1"
DHCP_RANGE="192.168.9.2,192.168.9.254"
# your SoftAP SSID, channel and passphrase
SSID="ODHF-Serveur-1" # bidon
CHANNEL=3
PASSPHRASE="6DS4FfdVSèDS" # pareil bidon
# Set your desired bridge interface name here
MY_BRIDGE="ap-br0"
# and the other network interface for bridge
IF_BRIDGE="eth0"
# Uncomment to use bridging, or comment to use dnsmasq/iptables
#BRIDGE="bridge=$MY_BRIDGE"
# (input) network interface when using dnsmasq/iptables
IF_IN="eth0"
# Set to "-d" for hostapd debugging output
# or "-B" (background mode) for default operation
HOSTAPD_OPT="-B"
# global exit code for script (0 = no error)
ret=0
# function : check for required software
function checklist()
{
local ret=0
# check if running as root
[[ $EUID -ne 0 ]] && { echo "You must be root to run this script!"; ret=1; }
if [[ -n "$BRIDGE" ]]; then
# when using a bridge, ensure brctl is found
hash brctl >/dev/null 2>&1 || { echo "brctl not found, please install bridge-utils package."; ret=1; }
else
# not using a bridge, we need dnsmasq and iptables
hash dnsmasq >/dev/null 2>&1 || { echo "dnsmasq not found, please install dnsmasq package."; ret=1; }
hash iptables >/dev/null 2>&1 || { echo "iptables not found, please install iptables package."; ret=1; }
fi
hash hostapd >/dev/null 2>&1 || { echo "hostapd not found, please install hostapd package."; ret=1; }
return $ret
}
# function : cleanup the mess when exiting
function cleanup()
{
# clean up a bit (the dirty way!)
sysctl net.ipv4.ip_forward=0
iptables-restore <iptables.save && echo "iptables rules restored."
killall hostapd >/dev/null 2>&1 && echo "hostapd killed."
[[ -f "$TMP_CONF" ]] && rm "$TMP_CONF"
killall dnsmasq >/dev/null 2>&1 && echo "dnsmasq killed."
killall dhclient >/dev/null 2>&1 && echo "dhclient killed."
ifconfig "$MY_BRIDGE" down >/dev/null 2>&1
sleep 2
brctl delif "$MY_BRIDGE" "$IF_BRIDGE" >/dev/null 2>&1
brctl delif "$MY_BRIDGE" "$WLAN" >/dev/null 2>&1
brctl delbr "$MY_BRIDGE" >/dev/null 2>&1 && echo "bridge $MY_BRIDGE destroyed."
}
# Main program
# check for requirements, abort eventually
checklist || exit 1
# trap for cleanup
trap cleanup SIGINT SIGTERM
# First, disable any network management software
echo -n ">>> Trying to disable any network management software... "
service network-manager stop >/dev/null 2>&1
service wicd stop >/dev/null 2>&1
echo "OK."
# If not using a bridge, start dnsmasq (dns and dhcp) server
if [[ -z "$BRIDGE" ]]; then
killall dnsmasq >/dev/null 2>&1
# TODO : additional hosts file
dnsmasq --interface "$WLAN" --dhcp-range="$DHCP_RANGE" --log-queries || { echo "dnsmasq failed to start!"; exit 1; }
# assign IP to the wireless interface
ifconfig "$WLAN" "$WLAN_IP"
# now you could start a webserver to share some files (eg. gatling lightweight www server)
# and allow your SoftAP clients to go to http://$WLAN_IP/
# save current firewall rules
iptables-save >iptables.save && echo ">>> Current firewall configuration saved."
# reset firewall rules
iptables -F; iptables -X; iptables -P INPUT DROP; iptables -P OUTPUT ACCEPT; iptables -P FORWARD DROP
# allow loopback
iptables -A INPUT -i lo -j ACCEPT; iptables -A OUTPUT -o lo -j ACCEPT
# allow already established connections on eth0 (useful for SSH)
iptables -A INPUT -i $IF_IN -m state --state RELATED,ESTABLISHED -j ACCEPT
# Allow ping on $IF_IN
iptables -A INPUT -i $IF_IN -p icmp -m icmp --icmp-type 8 -j ACCEPT
# allow SSH in, on $IF_IN only
#iptables -A INPUT -i $IF_IN -p tcp -m tcp --dport 22 -j ACCEPT
# allow HTTP in, on $IF_IN only (hotspot's web server)
#iptables -A INPUT -i $IF_IN -p tcp -m tcp --dport 80 -j ACCEPT
# allow DNS in, on $WLAN
iptables -A INPUT -i $WLAN -p udp -m udp --dport 53 -j ACCEPT
# allow DHCP in, on $WLAN
iptables -A INPUT -i $WLAN -p udp -m udp --dport 67 -j ACCEPT
# packet forwarding
sysctl net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -o $IF_IN -j MASQUERADE
iptables -A FORWARD -i $IF_IN -o $WLAN -m state --state RELATED,ESTABLISHED -j ACCEPT
# allow HTTP and HTTPS to be forwarded
iptables -A FORWARD -i $WLAN -o $IF_IN -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A FORWARD -i $WLAN -o $IF_IN -p tcp -m tcp --dport 443 -j ACCEPT
#iptables -A FORWARD -i $WLAN -o $IF_IN -p tcp -m tcp --dport 8080 -j ACCEPT
# uncomment below to allow SSH to be forwarded
#iptables -A FORWARD -i $WLAN -o $IF_IN -p tcp -m tcp --dport 22 -j ACCEPT
# (everything else will be forbidden)
else
# we create a new network bridge to share network (and internet) access
brctl addbr "$MY_BRIDGE"
brctl addif "$MY_BRIDGE" "$IF_BRIDGE"
# $WLAN interface will be added later to the bridge
fi
# create a temporary file with our hostapd conf
# (adapted from Realtek's examples)
# (see proprietary driver package from Realtek's website)
TMP_CONF=$(mktemp)
if [[ -z "$TMP_CONF" ]]; then
echo "Error creating hostapd temporary configuration file!"
ret=1
else
# read-only for root
chmod 600 "$TMP_CONF"
cat >"$TMP_CONF" <<EOF
# hostapd configuration starts here
#ctrl_interface=/usr/sbin/hostapd
#ctrl_interface_group=0
interface=$WLAN
$BRIDGE
ssid=$SSID
channel=$CHANNEL
beacon_int=100
# (hardware limit for some wireless chipsets)
max_num_sta=250
hw_mode=g
# we use 802.11n (wifi N)
ieee80211n=1
wme_enabled=1
#ht_capab=[SHORT-GI-20][SHORT-GI-40][HT40+]
# We use WPA2 of course
wpa=2
wpa_passphrase=$PASSPHRASE
wpa_key_mgmt=WPA-PSK
wpa_key_mgmt=WPA-PSK
# Note: TKIP not supported with RTL8188RU chip!
wpa_pairwise=CCMP
wpa_group_rekey=86400
# other settings
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
#dump_file=/tmp/hostapd.dump
dtim_period=2
rts_threshold=2347
fragm_threshold=2346
macaddr_acl=0
auth_algs=3
ignore_broadcast_ssid=0
wmm_enabled=1
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0
eapol_key_index_workaround=0
eap_server=0
own_ip_addr=127.0.0.1
EOF
echo ">>> Starting hostapd."
# start hostapd
if ! hostapd $HOSTAPD_OPT "$TMP_CONF"; then
echo "hostapd failed to start."
ret=1
else
# finally get an IP address for the bridge, only when using a bridge (assume we have a dhcp server in our LAN)
[[ -n "$BRIDGE" ]] && dhclient "$MY_BRIDGE" && echo ">>> Network bridge $MY_BRIDGE is up."
# TODO : handle dhclient failure
[[ -z "$BRIDGE" ]] && echo ">>> Using dnsmasq and iptables."
iwconfig $WLAN
echo ">>> SoftAP is up and running! SSID = $SSID"
echo ">>> Hit ctrl-c to stop."
# display syslog to see what happens
tail -ff /var/log/syslog
fi
fi
cleanup
echo -e "\n>>> SoftAP terminated!"
exit $ret
J'y ai rejouté ces 4 ligne :
systemctl stop wpa_supplicant # Rajouté
systemctl disable wpa_supplicant # Rajouté
nmcli radio wifi off # Rajouté
rfkill unblock wlan # Rajouté
Et bien, vous me direz, "Ben alors ça fonctionne ! c'est quoi qu'il veux le monsieur ?"
Et bien, c'est bien ça le problème :
1 - C'est un script
2 - ça démarre pas au boot.
3 - Quand je reboot sans quitter le shell .... je rame pour refaire démarrer le truc (ça redémarre mais plus d'IP)
Je suis obligé de démonter la carte sd, la montée sur un ubuntu, et de modifier tous les paramètres pour y avoir accès en ssh , la galère.
je joue dans /etc/rc.local pour l'instant ,
sysctl net.ipv4.ip_forward=0
iptables-restore </home/user/iptables.save
killall hostapd
killall dnsmasq
killall dhclient
ifconfig ap-br0 down
brctl delif ap-br0 eth0
brctl delif ap-br0 wlan0
brctl delbr ap-br0
Pouvez vous me filer un coup de main pour savoir avec certitude ou intervenir pour tout désactiver au démarrage ... svp ( ben si quand même )
Bisous à vous tous et merci.
Dernière modification par Stevanovich (26-02-2017 18:14:32)
PC de dev : Xubuntu 16.04 -
Domotique : Raspberry 3b / Orange Pi Zero / Arduino
Serveur : Synology DS209+