Caricamento contenuto pagina

È possibile caricare il contenuto per la pagina indicata sotto. Se viene cambiato il nome della pagina, è possibile caricare il contenuto per un'altra pagina. Se il nome della pagina è lasciato vuoto, il nome della pagina viene ipotizzato dal nome del file.

File da cui caricare il contenuto della pagina
Nome pagina
Commento
Tanto va la gatta al lardo che ci lascia lo?

Italiano English
Modifica History Actions

Tutorial_Fonera_Script_Repeater

Le sedi di Ninux sono:

a Roma presso il FusoLab

  • Fusolab

a Pisa all'EigenLab

  • Eingelab

a Cosenza presso la sede dell'Hacklab Cosenza

  • HLCS

a Catanzaro presso la sede dell'Hacklab Catanzaro

  • HLCZ

a Firenze presso l'exfila

  • exfila

a Bologna presso il makerspace di RaspiBO

  • NinuxBO

Ninux.org partecipa al World IPv6 day

  • WorldIpv6Day

La Fonera come repeater


a cura di Emix

Ultimo aggiornamento: 02/03/2007 01:15

Per utilizzare la fonera come repeater è necessario accederci via ssh per modificare alcuni file, perciò bisogna avviare il demone DropBear seguendo il tutorial La Fonera: dalla scatola a OpenWrt - Tutorial fino al punto 4.

I file necessari al nostro scopo sono: lo script ponte2 e il suo relativo file di configurazione ponte2.conf editati da Antonio Anselmi. http://www.blogin.it/fonera4.php

Attraverso i comandi 

scp /tmp/ponte2 root@IP-FONERA:/etc/ponte2
scp /tmp/ponte2.conf root@IP-FONERA:/etc/ponte2.conf

copiamo i due file dal nostro pc nella cartella /etc della Fonera, a questo punto editiamo il file di configurazione con le informazioni che ci interessano e diamo un 

chmod 755 /etc/ponte2

per renderlo eseguibile.

Eseguiamo lo script con 

sh ponte2

e controlliamo che non ci siano errori.

Teniamo presente che La fonera dispone di tre interfacce una ethernet e due wireless

  • ath0 - che farà da hot spot del segnale ricevuto
  • ath1 - che farà da link all'access point che vogliamo agganciare
  • eth0 - disabilitata nel file di configurazione ma se attiva in routing con ath0

Per utilizzare il supporto alla autenticazione WPA-PSK occorre scaricare wpa_supplicant e libopenssl reperibili nel repository ed installarli tramite 

ipkg <nome file>

Se tutto è andato nel verso giusto la fonera dovrebbe avere un SSID <relay_APCOLLEGATO> che ci permetterà di collegarci alla rete dell'AP al quale ci siamo linkati.

Per avviare in automatico lo script creiamo con vi il file S70ponte in /etc/init.d 

vi /etc/init.d/S70ponte

ci scriviamo dentro 

/etc/ponte2
# the end

e diamo un 

chmod 755 /etc/init.d/S70ponte

per renderlo eseguibile, ora ad ogni riavvio avermo il nostro repeater attivo.

file ponte2 

# /etc/ponte2 - 20072802
#****************************************************************************
# beta-1 realease
# more about this script cab be found at: http://www.blogin.it/fonera4.php
# ansanto@interfree.it
#****************************************************************************

#----------------------------------------------------------------------------
# setup_env.  Function that setups environment 
setup_env () {
# Set the default values of all environment variables here
logDir=/var/log
tmpDir=/tmp
white_list=/etc/white_list.conf
myself=`basename $0`
logFile=$logDir/$myself.log
oggi=$(date)
IWCONFIG=/usr/sbin/iwconfig
IFCONFIG=/sbin/ifconfig
WLANCONFIG=/usr/sbin/wlanconfig
IWPRIV=/usr/sbin/iwpriv
NETFILTER=/usr/sbin/iptables
ROUTE=/sbin/route
rm -f /tmp/results
#
echo "$oggi: start" >> $logFile
if [ -f /etc/ponte2.conf ]; then
        . /etc/ponte2.conf
else
        echo "/etc/ponte2.conf not found"
        echo "/etc/ponte2.conf not found" >> $logFile
        echo "stop and exit" >> $logFile
        exit 1
fi

# ip_forward is set to 1 by default in fonera configuration
# echo 1 > /proc/sys/net/ipv4/ip_forward

# stop daemons
local web=httpd
local cron=crond
local dns=dnsmasq
#if [ ! -z "$( pidof $web )" ]; then
#  kill $(pidof $web) > /dev/null
#fi
if [ ! -z "$( pidof $cron )" ]; then
  kill $(pidof $cron) > /dev/null
fi
if [ ! -z "$( pidof $dns )" ]; then
  kill $(pidof $dns) >> /dev/null
fi
killall -9 udhcpc > /dev/null

# flush_netfilter tables
$NETFILTER -F
$NETFILTER -P INPUT ACCEPT
$NETFILTER -P OUTPUT ACCEPT
$NETFILTER -P FORWARD ACCEPT
$NETFILTER -t nat -F
echo "netfilter tables flushed" >> $logFile
} # setup_env


#-------------------------------------------------------------------------------
# hardening Function that sets some TCP/IP parameters
hardening () {
if [ $khard == 1 ]; then
  # Disable tcp_sack support
  echo "0" > /proc/sys/net/ipv4/tcp_sack
  # Disable TCP window_scaling
  echo "0" > /proc/sys/net/ipv4/tcp_window_scaling
  # Disable source routing
  echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
  echo "0" > /proc/sys/net/ipv4/conf/lo/accept_source_route
  echo "0" > /proc/sys/net/ipv4/conf/eth0/accept_source_route
  echo "0" > /proc/sys/net/ipv4/conf/ath0/accept_source_route
  echo "0" > /proc/sys/net/ipv4/conf/ath1/accept_source_route
  echo "0" > /proc/sys/net/ipv4/conf/default/accept_source_route
  # Enable TCP SYN Cookie potection
  echo "1" > /proc/sys/net/ipv4/tcp_syncookies
  # No ICMP Redirect
  echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects
  echo "0" > /proc/sys/net/ipv4/conf/lo/accept_redirects
  echo "0" > /proc/sys/net/ipv4/conf/eth0/accept_redirects
  echo "0" > /proc/sys/net/ipv4/conf/ath0/accept_redirects
  echo "0" > /proc/sys/net/ipv4/conf/ath1/accept_redirects
  echo "0" > /proc/sys/net/ipv4/conf/default/accept_redirects
  # Enable IP spoofing protection 
  echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
  echo "1" > /proc/sys/net/ipv4/conf/lo/rp_filter
  echo "1" > /proc/sys/net/ipv4/conf/eth0/rp_filter
  echo "1" > /proc/sys/net/ipv4/conf/ath0/rp_filter
  echo "1" > /proc/sys/net/ipv4/conf/ath1/rp_filter
  echo "1" > /proc/sys/net/ipv4/conf/default/rp_filter
  echo "fonera hardened" >> $logFile
fi  
} # hardening


#-------------------------------------------------------------------------------
# logging. Function that logs Spoofed, Source Routed and Redirect packets
logging () {
if [ $klog == 1 ]; then
  echo "1" > /proc/sys/net/ipv4/conf/all/log_martians = 1
  echo "1" > /proc/sys/net/ipv4/conf/lo/log_martians = 1
  echo "1" > /proc/sys/net/ipv4/conf/eth0/log_martians = 1
  echo "1" > /proc/sys/net/ipv4/conf/ath0/log_martians = 1
  echo "1" > /proc/sys/net/ipv4/conf/ath1/log_martians = 1
  echo "1" > /proc/sys/net/ipv4/conf/default/log_martians = 1
  echo "logging malicyous packests activated" >> $logFile
fi
} # logging


#-------------------------------------------------------------------------------
# setup_ath0. Function that setup ath0 as an Access Point
setup_ath0 () {
if [ $whiteList == 1 ]; then
  $IWPRIV ath0 maccmd 3
  $IWPRIV ath0 maccmd 1
  for i in $(cat $white_list); do
    $IWPRIV ath0 addmac $i
  done
fi
# catch external AP ESSID
$IWCONFIG ath1 | grep ESSID > /tmp/ponte_per
INI=32
FIN=$(cat /tmp/ponte_per | wc -c)
  : $((FIN = $FIN - 4))
AP=$(cut /tmp/ponte_per -c $INI-$FIN)

$IWCONFIG ath0 essid "relay_$AP"
echo "ath0 is relay for "$AP >> $logFile
#
if [ $WepKeyAscii_ath0 ]; then
  $IWCONFIG ath0 key s:$WepKeyAscii_ath0
  echo "ath0 WEP key: "$WepKeyAscii_ath0 >> $logFile
fi
$IFCONFIG ath0 $IP_ath0 netmask $MASK_ath0 up
} # setup_ath0


#-------------------------------------------------------------------------------
# setup_ath1. Function that setup ath1 as repeater
setup_ath1 () {
  case $ath1_mode in
  
  2) #targeted external AP by SSID
  $IWCONFIG ath1 mode managed essid $TargetSsid
  echo "ath1 via SSID: "$TargetSsid >> $logFile
  ;;
  
  3) #targeted external AP by MAC
  $IWCONFIG ath1 mode managed ap $TargetMac
  echo "ath1 via MAC: "$TargetMac >> $logFile
  ;;
  
  4) #targeted external AP via WPA-PSK
  $IWCONFIG ath1 mode managed essid $TargetWpa
  $IFCONFIG ath1 $IP_ath1 netmask $MASK_ath1 up
  wpa_supplicant -iath1 -c/etc/wpa_supplicant.conf -d 
  echo "ath1 interface via WPA PSK" >> $logFile  
  ;;
  
  5) #targeted external AP via WEP
  # what kind of key
  if [ $WepKeyHex_ath1 ]; then 
    $IWCONFIG ath1 key $WepKeyHex_ath1
    else 
    if [ $WepKeyAscii_ath1 ]; then
      $IWCONFIG ath1 key "s:$WepKeyAscii_ath1"
      else
      echo "error: WEP key not configured" >> $logFile  
      exit 1
    fi
  fi
# target we look for
  if [ $TargetWepSsid ]; then
    $IWCONFIG ath1 mode managed essid $TargetWepSsid
    else
    if [ $TargetWepMac ]; then
      $IWCONFIG ath1 mode managed ap $TargetWepMac
      else
      echo "error: no target AP for WEP" >> $logFile  
      exit 1
    fi      
  fi
  echo "ath1 interface via WEP" >> $logFile  
  ;;
  
esac

# IP config for ath1
if [ $ath1_mode == 1 ]; then 
  #simply discover strongest external AP + dyanamic IP configuration
  /sbin/udhcpc -i ath1 >> $logFile
  $IWCONFIG ath1 | grep ESSID | awk '"external AP " {print $4}' >> $logFile
  echo "ath1 interface via external dhcp" >> $logFile  
  else 
  # satic IP configuration
  $IFCONFIG ath1 $IP_ath1 netmask $MASK_ath1 up
  $ROUTE del default 
  $ROUTE add default gw $DFGW
  echo "nameserver " $NAMESERVER1  > /etc/resolv.conf
  echo "nameserver " $NAMESERVER2 >> /etc/resolv.conf
fi
} # setup_ath1


#-------------------------------------------------------------------------------
# setup_eth0. Function that setup eth0 (wired lan)
setup_eth0 () {
if [ $keth0 == 1 ]; then
  $IFCONFIG eth0 $IP_eth0 netmask $MASK_eth0 up
  $NETFILTER -t nat -A POSTROUTING -o eth0 -j MASQUERADE
  echo "eth0 interface: "$IP_eth0/$MASK_eth0 >> $logFile
fi
} # setup_eth0


#-------------------------------------------------------------------------------
# std_routing. Standard routing
std_routing () {
# forwarding between the subnets
if [ $btorrent == 1 ]; then
  BTports="6890 6891 6892 6893 6894 6895 6896 6897 6898 6899"
  for pt in $BTports; do
    $NETFILTER -t nat -A PREROUTING -i ath1 -p tcp --dport $pt -j DNAT --to $IP_client_btorrent:$pt
  done
fi
if [ $xmule == 1 ]; then
  echo "32752" > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
  $NETFILTER -t nat -A PREROUTING -i ath1 -p tcp --dport 4662 -j DNAT --to $IP_client_xmule:4662
  $NETFILTER -t nat -A PREROUTING -i ath1 -p udp --dport 4672 -j DNAT --to $IP_client_xmule:4672
fi
$NETFILTER -t nat -A POSTROUTING -o ath1 -j MASQUERADE
} # std_routing


# main
#-------------------------------------------------------------------------------
clear
setup_env
hardening
logging
# destroy VAPs devices
$WLANCONFIG ath0 destroy
$WLANCONFIG ath1 destroy

# bring up first (!) VAP ath0 as Access Point
$WLANCONFIG ath0 create wlandev wifi0 wlanmode ap
# bring up VAP ath1 as station managed (no hardware beacon timers)
$WLANCONFIG ath1 create wlandev wifi0 wlanmode sta nosbeacon

# setup Wireless Lans
setup_ath1
setup_ath0

# basic netfilter rules 
std_routing

# setup Ethernet Lan
setup_eth0

# bring up DHCP
if [ $kdhcp == 1 ]; then
  /usr/sbin/dnsmasq
fi

# show results
clear
$IWCONFIG > /tmp/results
$IFCONFIG >> /tmp/results
clear
more /tmp/results
exit 0

# have fun!

file pont2.conf 

# /etc/ponte2.conf 20072802
# NO SPACE BETWEEN = AND VALUE
# parameter = value <---- WRONG way
# parameter=value   <---- RIGHT way
#
#---------------------------------
# hardening some TCP/IP parameters
#---------------------------------
#khard=1
khard=0
#
#----------------------------------
# logging malicyous TCP/IP packests
#----------------------------------
#klog=1
klog=0
#
# ------------
# DHCP service
# ------------
# If you want a dynamic IP configuration for WiFi/wired 
# ifaces of your pc, use dnsmasq as DHCPD on ath0 and/or eth0
# Remember: you must edit /etc/dnsmasq.conf 
#kdhcp=1
kdhcp=0
#
#--------------------------------
# configuring ath0 interface (AP)
#--------------------------------
# white_list
# you must create the file /etc/white_list.conf with
# ONLY one mac address allowed per line
#whiteList=1
whiteList=0
# 
# if you want WEP auth on ath0 insert ASCII key
#WepKeyAscii_ath0=
#
# IP configuration for ath0
# wifi iface of your pc must be in this subnet
IP_ath0=192.168.10.1
MASK_ath0=255.255.255.0
#
#-------------------------------------
# configuring ath1 interface (station)
#-------------------------------------
# discovering stronger external AP and his dhcpd 
#ath1_mode=1 
#
# targeted external AP by SSID
ath1_mode=2
#TargetSsid=outdoor-net
TargetSsid=Cinigiano-wireless-network
#
# targeted external AP by MAC
#ath1_mode=3
#TargetMac=aa:bb:cc:dd:ee:ff
#
# targeted external AP via WPA-PSK (WPA personal)
# need /etc/wpa_supplicant.conf !
#ath1_mode=4
#TargetWpa=reteprotetta 
#
# targeted external AP via WEP
#ath1_mode=5 
# key hex or ASCII
#WepKeyHex_ath1=
#WepKeyAscii_ath1=
# target SSID or MAC
#TargetWepSsid=
#TargetWepMac=
#
#--------------------------
# static IP config for ath1
#--------------------------
IP_ath1=192.168.1.10
MASK_ath1=255.255.255.0
# default gateway
DFGW=192.168.1.1
# name servers
NAMESERVER1=151.99.125.2
NAMESERVER2=159.213.32.232
#
#---------------------------------------
# configuring eth0 interface (wired lan)
#---------------------------------------
#keth0=0
keth0=1
IP_eth0=192.168.10.2
MASK_eth0=255.255.255.0
#
#--------------------------
# port forwarding for xMule
#--------------------------
#xmule=1
#IP_client_xmule=192.168.10.20
xmule=0
#
#btorrent=1
#IP_client_btorrent=192.168.10.20
btorrent=0
#
# the end