wifi access point by hostapd on nano pi

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
Post Reply
hatahata
Posts: 26
Joined: Thu Jul 07, 2016 3:42 am

wifi access point by hostapd on nano pi

Post by hatahata »

i read http://dietpi.com/phpbb/viewtopic.php?f=11&t=1401 .

i follow it , then i make wifi access point easily . :lol:

i change a bit .

1) change name

/etc/hostapd/hostapd.conf 
interface=wlan0
driver=nl80211
ssid=RakudaAP
hw_mode=g
channel=3
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=111222333
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP


2) change address

 /etc/dhcp/dhcpd.conf  
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;
subnet 192.168.123.0 netmask 255.255.255.0 {
        range 192.168.123.10  192.168.123.50;
        option broadcast-address 192.168.123.255;
        option routers 192.168.123.1;
        option domain-name "local";
        option domain-name-servers 8.8.8.8, 8.8.4.4;
}


and
/etc/network/interfaces <--- but this may be unnessesary
auto lo
iface lo inet loopback
allow-hotplug eth0

iface eth0 inet dhcp
address 192.168.0.100
netmask 255.255.255.0
gateway 192.168.0.1

allow-hotplug wlan0
iface wlan0 inet static
address 192.168.123.1
netmask 255.255.255.0
wireless-power off
up iptables-restore < /etc/iptables.ipv4.nat


3) firewall rule

originally
iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination    
    




firewall.bat
  echo 1 > /proc/sys/net/ipv4/ip_forward
  internal_net='192.168.123.0/24'
    /sbin/iptables -F
    /sbin/iptables -t nat -F
    /sbin/iptables -X
    /sbin/iptables -P INPUT DROP
    /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    /sbin/iptables -P OUTPUT ACCEPT
    /sbin/iptables -P FORWARD DROP
    /sbin/iptables -A FORWARD -i wlan0 -o eth0  -s $internal_net -j ACCEPT
    /sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    /sbin/iptables -A INPUT -i lo -j ACCEPT
    /sbin/iptables -A INPUT -p TCP -s 0/0  --destination-port 22    -j ACCEPT
    /sbin/iptables -t nat -A POSTROUTING -o eth0 -s $internal_net -j MASQUERADE
    /sbin/iptables -N LOGGING
    /sbin/iptables -A LOGGING -j LOG --log-level warning --log-prefix "DROP:" -m limit
    /sbin/iptables -A LOGGING -j DROP
    /sbin/iptables -A INPUT -j LOGGING
    /sbin/iptables -A FORWARD -j LOGGING



do it , then
# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
LOGGING    all  --  anywhere             anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  192.168.123.0/24     anywhere            
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
LOGGING    all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain LOGGING (2 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 3/hour burst 5 LOG level warning prefix "DROP:"
DROP       all  --  anywhere             anywhere   

-----
regards
Post Reply