Le seguenti 260 parole non sono state trovate nel dizionario di 1275 termini (includendo 1275 LocalSpellingWords) e sono evidenziate qui sotto:
accederci   accept   activated   addmac   agganciare   aggiornamento   alla   andato   Anselmi   Antonio   ap   Ascii   ath0   ath1   attiva   attivo   Attraverso   autenticazione   automatico   avere   avermo   avviare   awk   basename   Bear   bisogna   blogin   btorrent   by   cartella   case   cat   chmod   Cinigiano   clear   client   collegarci   conf   configuration   configured   conntrack   controlliamo   Cookie   copiamo   creiamo   cron   crond   cut   date   default   dell   demone   dentro   destroy   dev   dhcp   diamo   Dir   disabilitata   Disable   discover   dns   dnsmasq   done   dovrebbe   dport   Drop   dyanamic   echo   ed   editati   editiamo   else   Emix   Enable   env   errori   esac   Eseguiamo   eseguibile   essid   etc   eth0   ethernet   exit   external   farà   fi   file   File   filter   fino   flushed   Fonera   fonera   fonera4   for   found   giusto   grep   gw   hardened   hardening   Hex   hot   httpd   iath1   if   ifconfig   init   installarli   interessano   interfacce   interface   ip   ipkg   iptables   ipv4   iwconfig   iwpriv   kdhcp   keth0   Key   key   khard   kill   killall   kind   klog   libopenssl   linkati   list   List   lo   local   log   logging   Mac   maccmd   malicyous   managed   martians   max   mode   modificare   more   myself   nameserver   nat   necessari   necessario   net   netfilter   netmask   network   nosbeacon   nostro   null   oggi   ogni   ora   packests   pc   perciò   permetterà   php   pidof   point   pont2   ponte   ponte2   potection   presente   proc   protection   pt   R1   R2   Redirect   redirects   relay   renderlo   repeater   reperibili   repository   resolv   results   riavvio   ricevuto   rm   root   route   routing   rp   S70ponte   sack   satic   sbin   scaling   scaricare   Scatola   scatola   scp   scriviamo   segnale   seguendo   setup   sh   siamo   siano   simply   source   spoofing   spot   ssh   Ssid   sta   std   stop   strongest   supplicant   support   supporto   syncookies   sys   tables   Target   target   targeted   tcp   Teniamo   then   tmp   to   Tports   tutorial   Tutorial   udhcpc   udp   Ultimo   up   usr   var   vi   via   vogliamo   wc   Wep   what   white   wifi0   window   wireless   wlanconfig   wlandev   wlanmode   Wpa   wpa   Wrt   xmule  

Nascondi questo messaggio

Italiano English
Modifica History Actions

Tutorial_Fonera_Script_Repeater

Le sedi di Ninux sono:

a Roma presso il FusoLab

  • Fusolab

a Pisa all'EigenLab

  • Eingelab

a Cosenza presso la sede dell'Hacklab Cosenza

  • HLCS

a Catanzaro presso la sede dell'Hacklab Catanzaro

  • HLCZ

a Firenze presso l'exfila

  • exfila

a Bologna presso il makerspace di RaspiBO

  • NinuxBO

Ninux.org partecipa al World IPv6 day

  • WorldIpv6Day

La Fonera come repeater


a cura di Emix

Ultimo aggiornamento: 02/03/2007 01:15

Per utilizzare la fonera come repeater è necessario accederci via ssh per modificare alcuni file, perciò bisogna avviare il demone DropBear seguendo il tutorial La Fonera: dalla scatola a OpenWrt - Tutorial fino al punto 4.

I file necessari al nostro scopo sono: lo script ponte2 e il suo relativo file di configurazione ponte2.conf editati da Antonio Anselmi. http://www.blogin.it/fonera4.php

Attraverso i comandi 

scp /tmp/ponte2 root@IP-FONERA:/etc/ponte2
scp /tmp/ponte2.conf root@IP-FONERA:/etc/ponte2.conf

copiamo i due file dal nostro pc nella cartella /etc della Fonera, a questo punto editiamo il file di configurazione con le informazioni che ci interessano e diamo un 

chmod 755 /etc/ponte2

per renderlo eseguibile.

Eseguiamo lo script con 

sh ponte2

e controlliamo che non ci siano errori.

Teniamo presente che La fonera dispone di tre interfacce una ethernet e due wireless

  • ath0 - che farà da hot spot del segnale ricevuto
  • ath1 - che farà da link all'access point che vogliamo agganciare
  • eth0 - disabilitata nel file di configurazione ma se attiva in routing con ath0

Per utilizzare il supporto alla autenticazione WPA-PSK occorre scaricare wpa_supplicant e libopenssl reperibili nel repository ed installarli tramite 

ipkg <nome file>

Se tutto è andato nel verso giusto la fonera dovrebbe avere un SSID <relay_APCOLLEGATO> che ci permetterà di collegarci alla rete dell'AP al quale ci siamo linkati.

Per avviare in automatico lo script creiamo con vi il file S70ponte in /etc/init.d 

vi /etc/init.d/S70ponte

ci scriviamo dentro 

/etc/ponte2
# the end

e diamo un 

chmod 755 /etc/init.d/S70ponte

per renderlo eseguibile, ora ad ogni riavvio avermo il nostro repeater attivo.

file ponte2 

# /etc/ponte2 - 20072802
#****************************************************************************
# beta-1 realease
# more about this script cab be found at: http://www.blogin.it/fonera4.php
# ansanto@interfree.it
#****************************************************************************

#----------------------------------------------------------------------------
# setup_env.  Function that setups environment 
setup_env () {
# Set the default values of all environment variables here
logDir=/var/log
tmpDir=/tmp
white_list=/etc/white_list.conf
myself=`basename $0`
logFile=$logDir/$myself.log
oggi=$(date)
IWCONFIG=/usr/sbin/iwconfig
IFCONFIG=/sbin/ifconfig
WLANCONFIG=/usr/sbin/wlanconfig
IWPRIV=/usr/sbin/iwpriv
NETFILTER=/usr/sbin/iptables
ROUTE=/sbin/route
rm -f /tmp/results
#
echo "$oggi: start" >> $logFile
if [ -f /etc/ponte2.conf ]; then
        . /etc/ponte2.conf
else
        echo "/etc/ponte2.conf not found"
        echo "/etc/ponte2.conf not found" >> $logFile
        echo "stop and exit" >> $logFile
        exit 1
fi

# ip_forward is set to 1 by default in fonera configuration
# echo 1 > /proc/sys/net/ipv4/ip_forward

# stop daemons
local web=httpd
local cron=crond
local dns=dnsmasq
#if [ ! -z "$( pidof $web )" ]; then
#  kill $(pidof $web) > /dev/null
#fi
if [ ! -z "$( pidof $cron )" ]; then
  kill $(pidof $cron) > /dev/null
fi
if [ ! -z "$( pidof $dns )" ]; then
  kill $(pidof $dns) >> /dev/null
fi
killall -9 udhcpc > /dev/null

# flush_netfilter tables
$NETFILTER -F
$NETFILTER -P INPUT ACCEPT
$NETFILTER -P OUTPUT ACCEPT
$NETFILTER -P FORWARD ACCEPT
$NETFILTER -t nat -F
echo "netfilter tables flushed" >> $logFile
} # setup_env


#-------------------------------------------------------------------------------
# hardening Function that sets some TCP/IP parameters
hardening () {
if [ $khard == 1 ]; then
  # Disable tcp_sack support
  echo "0" > /proc/sys/net/ipv4/tcp_sack
  # Disable TCP window_scaling
  echo "0" > /proc/sys/net/ipv4/tcp_window_scaling
  # Disable source routing
  echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
  echo "0" > /proc/sys/net/ipv4/conf/lo/accept_source_route
  echo "0" > /proc/sys/net/ipv4/conf/eth0/accept_source_route
  echo "0" > /proc/sys/net/ipv4/conf/ath0/accept_source_route
  echo "0" > /proc/sys/net/ipv4/conf/ath1/accept_source_route
  echo "0" > /proc/sys/net/ipv4/conf/default/accept_source_route
  # Enable TCP SYN Cookie potection
  echo "1" > /proc/sys/net/ipv4/tcp_syncookies
  # No ICMP Redirect
  echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects
  echo "0" > /proc/sys/net/ipv4/conf/lo/accept_redirects
  echo "0" > /proc/sys/net/ipv4/conf/eth0/accept_redirects
  echo "0" > /proc/sys/net/ipv4/conf/ath0/accept_redirects
  echo "0" > /proc/sys/net/ipv4/conf/ath1/accept_redirects
  echo "0" > /proc/sys/net/ipv4/conf/default/accept_redirects
  # Enable IP spoofing protection 
  echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
  echo "1" > /proc/sys/net/ipv4/conf/lo/rp_filter
  echo "1" > /proc/sys/net/ipv4/conf/eth0/rp_filter
  echo "1" > /proc/sys/net/ipv4/conf/ath0/rp_filter
  echo "1" > /proc/sys/net/ipv4/conf/ath1/rp_filter
  echo "1" > /proc/sys/net/ipv4/conf/default/rp_filter
  echo "fonera hardened" >> $logFile
fi  
} # hardening


#-------------------------------------------------------------------------------
# logging. Function that logs Spoofed, Source Routed and Redirect packets
logging () {
if [ $klog == 1 ]; then
  echo "1" > /proc/sys/net/ipv4/conf/all/log_martians = 1
  echo "1" > /proc/sys/net/ipv4/conf/lo/log_martians = 1
  echo "1" > /proc/sys/net/ipv4/conf/eth0/log_martians = 1
  echo "1" > /proc/sys/net/ipv4/conf/ath0/log_martians = 1
  echo "1" > /proc/sys/net/ipv4/conf/ath1/log_martians = 1
  echo "1" > /proc/sys/net/ipv4/conf/default/log_martians = 1
  echo "logging malicyous packests activated" >> $logFile
fi
} # logging


#-------------------------------------------------------------------------------
# setup_ath0. Function that setup ath0 as an Access Point
setup_ath0 () {
if [ $whiteList == 1 ]; then
  $IWPRIV ath0 maccmd 3
  $IWPRIV ath0 maccmd 1
  for i in $(cat $white_list); do
    $IWPRIV ath0 addmac $i
  done
fi
# catch external AP ESSID
$IWCONFIG ath1 | grep ESSID > /tmp/ponte_per
INI=32
FIN=$(cat /tmp/ponte_per | wc -c)
  : $((FIN = $FIN - 4))
AP=$(cut /tmp/ponte_per -c $INI-$FIN)

$IWCONFIG ath0 essid "relay_$AP"
echo "ath0 is relay for "$AP >> $logFile
#
if [ $WepKeyAscii_ath0 ]; then
  $IWCONFIG ath0 key s:$WepKeyAscii_ath0
  echo "ath0 WEP key: "$WepKeyAscii_ath0 >> $logFile
fi
$IFCONFIG ath0 $IP_ath0 netmask $MASK_ath0 up
} # setup_ath0


#-------------------------------------------------------------------------------
# setup_ath1. Function that setup ath1 as repeater
setup_ath1 () {
  case $ath1_mode in
  
  2) #targeted external AP by SSID
  $IWCONFIG ath1 mode managed essid $TargetSsid
  echo "ath1 via SSID: "$TargetSsid >> $logFile
  ;;
  
  3) #targeted external AP by MAC
  $IWCONFIG ath1 mode managed ap $TargetMac
  echo "ath1 via MAC: "$TargetMac >> $logFile
  ;;
  
  4) #targeted external AP via WPA-PSK
  $IWCONFIG ath1 mode managed essid $TargetWpa
  $IFCONFIG ath1 $IP_ath1 netmask $MASK_ath1 up
  wpa_supplicant -iath1 -c/etc/wpa_supplicant.conf -d 
  echo "ath1 interface via WPA PSK" >> $logFile  
  ;;
  
  5) #targeted external AP via WEP
  # what kind of key
  if [ $WepKeyHex_ath1 ]; then 
    $IWCONFIG ath1 key $WepKeyHex_ath1
    else 
    if [ $WepKeyAscii_ath1 ]; then
      $IWCONFIG ath1 key "s:$WepKeyAscii_ath1"
      else
      echo "error: WEP key not configured" >> $logFile  
      exit 1
    fi
  fi
# target we look for
  if [ $TargetWepSsid ]; then
    $IWCONFIG ath1 mode managed essid $TargetWepSsid
    else
    if [ $TargetWepMac ]; then
      $IWCONFIG ath1 mode managed ap $TargetWepMac
      else
      echo "error: no target AP for WEP" >> $logFile  
      exit 1
    fi      
  fi
  echo "ath1 interface via WEP" >> $logFile  
  ;;
  
esac

# IP config for ath1
if [ $ath1_mode == 1 ]; then 
  #simply discover strongest external AP + dyanamic IP configuration
  /sbin/udhcpc -i ath1 >> $logFile
  $IWCONFIG ath1 | grep ESSID | awk '"external AP " {print $4}' >> $logFile
  echo "ath1 interface via external dhcp" >> $logFile  
  else 
  # satic IP configuration
  $IFCONFIG ath1 $IP_ath1 netmask $MASK_ath1 up
  $ROUTE del default 
  $ROUTE add default gw $DFGW
  echo "nameserver " $NAMESERVER1  > /etc/resolv.conf
  echo "nameserver " $NAMESERVER2 >> /etc/resolv.conf
fi
} # setup_ath1


#-------------------------------------------------------------------------------
# setup_eth0. Function that setup eth0 (wired lan)
setup_eth0 () {
if [ $keth0 == 1 ]; then
  $IFCONFIG eth0 $IP_eth0 netmask $MASK_eth0 up
  $NETFILTER -t nat -A POSTROUTING -o eth0 -j MASQUERADE
  echo "eth0 interface: "$IP_eth0/$MASK_eth0 >> $logFile
fi
} # setup_eth0


#-------------------------------------------------------------------------------
# std_routing. Standard routing
std_routing () {
# forwarding between the subnets
if [ $btorrent == 1 ]; then
  BTports="6890 6891 6892 6893 6894 6895 6896 6897 6898 6899"
  for pt in $BTports; do
    $NETFILTER -t nat -A PREROUTING -i ath1 -p tcp --dport $pt -j DNAT --to $IP_client_btorrent:$pt
  done
fi
if [ $xmule == 1 ]; then
  echo "32752" > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
  $NETFILTER -t nat -A PREROUTING -i ath1 -p tcp --dport 4662 -j DNAT --to $IP_client_xmule:4662
  $NETFILTER -t nat -A PREROUTING -i ath1 -p udp --dport 4672 -j DNAT --to $IP_client_xmule:4672
fi
$NETFILTER -t nat -A POSTROUTING -o ath1 -j MASQUERADE
} # std_routing


# main
#-------------------------------------------------------------------------------
clear
setup_env
hardening
logging
# destroy VAPs devices
$WLANCONFIG ath0 destroy
$WLANCONFIG ath1 destroy

# bring up first (!) VAP ath0 as Access Point
$WLANCONFIG ath0 create wlandev wifi0 wlanmode ap
# bring up VAP ath1 as station managed (no hardware beacon timers)
$WLANCONFIG ath1 create wlandev wifi0 wlanmode sta nosbeacon

# setup Wireless Lans
setup_ath1
setup_ath0

# basic netfilter rules 
std_routing

# setup Ethernet Lan
setup_eth0

# bring up DHCP
if [ $kdhcp == 1 ]; then
  /usr/sbin/dnsmasq
fi

# show results
clear
$IWCONFIG > /tmp/results
$IFCONFIG >> /tmp/results
clear
more /tmp/results
exit 0

# have fun!

file pont2.conf 

# /etc/ponte2.conf 20072802
# NO SPACE BETWEEN = AND VALUE
# parameter = value <---- WRONG way
# parameter=value   <---- RIGHT way
#
#---------------------------------
# hardening some TCP/IP parameters
#---------------------------------
#khard=1
khard=0
#
#----------------------------------
# logging malicyous TCP/IP packests
#----------------------------------
#klog=1
klog=0
#
# ------------
# DHCP service
# ------------
# If you want a dynamic IP configuration for WiFi/wired 
# ifaces of your pc, use dnsmasq as DHCPD on ath0 and/or eth0
# Remember: you must edit /etc/dnsmasq.conf 
#kdhcp=1
kdhcp=0
#
#--------------------------------
# configuring ath0 interface (AP)
#--------------------------------
# white_list
# you must create the file /etc/white_list.conf with
# ONLY one mac address allowed per line
#whiteList=1
whiteList=0
# 
# if you want WEP auth on ath0 insert ASCII key
#WepKeyAscii_ath0=
#
# IP configuration for ath0
# wifi iface of your pc must be in this subnet
IP_ath0=192.168.10.1
MASK_ath0=255.255.255.0
#
#-------------------------------------
# configuring ath1 interface (station)
#-------------------------------------
# discovering stronger external AP and his dhcpd 
#ath1_mode=1 
#
# targeted external AP by SSID
ath1_mode=2
#TargetSsid=outdoor-net
TargetSsid=Cinigiano-wireless-network
#
# targeted external AP by MAC
#ath1_mode=3
#TargetMac=aa:bb:cc:dd:ee:ff
#
# targeted external AP via WPA-PSK (WPA personal)
# need /etc/wpa_supplicant.conf !
#ath1_mode=4
#TargetWpa=reteprotetta 
#
# targeted external AP via WEP
#ath1_mode=5 
# key hex or ASCII
#WepKeyHex_ath1=
#WepKeyAscii_ath1=
# target SSID or MAC
#TargetWepSsid=
#TargetWepMac=
#
#--------------------------
# static IP config for ath1
#--------------------------
IP_ath1=192.168.1.10
MASK_ath1=255.255.255.0
# default gateway
DFGW=192.168.1.1
# name servers
NAMESERVER1=151.99.125.2
NAMESERVER2=159.213.32.232
#
#---------------------------------------
# configuring eth0 interface (wired lan)
#---------------------------------------
#keth0=0
keth0=1
IP_eth0=192.168.10.2
MASK_eth0=255.255.255.0
#
#--------------------------
# port forwarding for xMule
#--------------------------
#xmule=1
#IP_client_xmule=192.168.10.20
xmule=0
#
#btorrent=1
#IP_client_btorrent=192.168.10.20
btorrent=0
#
# the end
l'ultima modifica è del 2014-05-19 19:15:09, fatta da BornAgain