Archlinux+Router

https://kdaye.com/nas-htpc-router/
这篇是为了上面的设备,让设备变成路由器的流程..
参考了很多
https://wiki.archlinux.org/index.php/Router
https://wiki.archlinux.org/index.php/Network_bridge
也遇到了很多问题.
8265AC的无线网卡只能在2.4GHZ频道做AP,如果有5GHZ的需求,我建议用全通高通QAC988X系列
本篇主要实现了DHCP, WIFI AP模式。
让设备的4网口和WIFI都具有网络。
随后我还会添加ShaodowsocksR和dnsmasq结合实现智能翻墙,或许会另起一篇。

需要安装的

pacman -Sy
pacman -S ppp dnsmasq iw crda hostapd shorewall

拨号及网卡配置

cp /etc/netctl/example/bridge /etc/netctl/bridge  
cp /etc/netctl/example/pppoe /etc/netctl/

列出启动的网卡
ls /sys/class/net/

# 获得类似如下
  enp1s0    enp4s0f1  enp4s0f3  wlp2s0
  enp4s0f0  enp4s0f2  lo

vim /etc/netctl/bridge

Description="enp4"
Interface=br0
Connection=bridge
BindsToInterfaces=(enp4s0f1 enp4s0f3 enp4s0f0 enp4s0f2)
IP=static
Address='10.0.0.1/24'

## Ignore (R)STP and immediately activate the bridge
SkipForwardingDelay=yes

vim /etc/netctl/pppoe

Interface=enp1s0
User='账号'
Password=`密码`
netctl enable pppoe
netctl enable bridge
systemctl stop dhcpcd@br0
systemctl disable dhcpcd@br0

DHCP

vim /etc/dnsmasq.conf

interface=br0
bind-interfaces
## TOP Nameserver
no-resolv
server=114.114.114.114
server=8.8.8.8
## host domain
expand-hosts
domain=jia
## IP within 10.0.0.2 to 10.0.0.255
dhcp-range=10.0.0.2,10.0.0.255,255.255.255.0,12h
dhcp-option=option:router,10.0.0.1
dhcp-option=option:dns-server,10.0.0.1
##

echo "nameserver 127.0.0.1" > /etc/resolvconf.conf

systemctl enable dnsmasq.service

附加

查看租约
cat /var/lib/misc/dnsmasq.leases
绑定MAC和IP
echo 'dhcp-host=aa:bb:cc:dd:ee:ff,10.0.0.50' > /etc/dnsmasq.d/static.conf

应对错误时:
ip route del default
由于我的电信猫会DHCP发IP给我,所以出现拨号完成却ping不同的诡异路由
ip route add default dev ppp0

配置WIFI

https://kdaye.com/ap-5ghz-ath10k/
2017/06/11换了个网卡

iw reg set CN
获得符合国家标准的频率
iw reg get
获得网卡的支持频率
iw list
conf参考 http://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf
vim /etc/hostapd/hostapd.conf

interface=wlan0     
bridge=br0 
hw_mode=g            
channel=13           
ieee80211d=1          
country_code=CN   
ieee80211n=1 
ht_capab=[LDPC][HT40-][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][MAX-AMSDU-3839][DSSS_CCK-40]                
wmm_enabled=1         
省略
ssid=somename         
auth_algs=1           
wpa=2                
wpa_key_mgmt=WPA-PSK 
rsn_pairwise=CCMP
wpa_passphrase=somepassword


测试下能不能用

hostapd /etc/hostapd/hostapd.conf
运行
systemctl start hostapd.service
systemctl enable hostapd.service

NAT 防火墙

cp /usr/share/doc/shorewall/Samples/two-interfaces/* /etc/shorewall/
编辑网卡接口
vim /etc/shorewall/interfaces

#ZONE   INTERFACE       OPTIONS
net     ppp0            tcpflags,dhcp,nosmurfs,routefilter,logmartians,sourceroute=0
loc     br0              routeback,bridge,dhcp

vim /etc/shorewall/policy

#SOURCE DEST            POLICY          LOGLEVEL        RATE    CONNLIMIT
$FW     net             ACCEPT
loc     net             ACCEPT
net     all             DROP            $LOG_LEVEL
# THE FOLLOWING POLICY MUST BE LAST
all     all             REJECT          $LOG_LEVEL                                               

vim /etc/shorewall/rules
添加一条DNS(ACCEPT) $FW net
vim /etc/shorewall/snat

MASQUERADE              10.0.0.0/24          ppp0

vim /etc/shorewall/stoppedrules
替换eth0=ppp0 eth1=br0

开启防火墙
systemctl start shorewall.service

Show Comments