Debian based home wifi router

From campisano.org
Jump to navigation Jump to search

Optional

Install etckeeper and sshd

Setup connection from linux router to internet

apt-get install pppoeconf
pppoeconf

Enable wireless access point for internal network

apt-get install hostapd
# note that it is in a maksked status, it needs to be configured
systemctl status hostapd.service
# define the config file
sed -i 's|#DAEMON_CONF=""|DAEMON_CONF="/etc/hostapd/hostapd.conf"|g' /etc/default/hostapd
# configure, please change YOUR_INTERFACE, YOUR_COUNTRY, YOUR_SSID and YOUR_PASSWORD!
cat > /etc/hostapd/hostapd.conf << EOF
# from https://wiki.gentoo.org/wiki/Hostapd#802.11b.2Fg.2Fn_with_WPA2-PSK_and_CCMP

# the interface used by the AP
interface=YOUR_INTERFACE

# "g" simply means 2.4GHz band
hw_mode=g

# the channel to use
channel=11

# limit the frequencies used to those allowed in the country
ieee80211d=1

# the country code
country_code=YOUR_COUNTRY

# 802.11n support
ieee80211n=1

# QoS support, also required for full speed on 802.11n/ac/ax
wmm_enabled=1

# the name of the AP
ssid=YOUR_SSID

# 1=wpa, 2=wep, 3=both
auth_algs=1

# WPA2 only
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
rsn_pairwise=CCMP
wpa_passphrase=YOUR_PASSWORD

# HT capabilities (enabling support for 40MHz)
ht_capab=[SHORT-GI-40][HT40+][HT40-][DSSS_CCK-40]
EOF
systemctl stop hostapd.service
systemctl unmask hostapd.service
systemctl enable hostapd.service
systemctl start hostapd.service
journalctl --unit=hostapd.service --follow

Enable IP forwarding and masquerading

# configure, please change YOUR_INTERFACE!
cat > /etc/network/if-pre-up.d/forward-masq-YOUR_INTERFACE-ppp0 << EOF
#!/bin/sh

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i ppp0 -j DROP
iptables -A FORWARD -i YOUR_INTERFACE -o ppp0 -j ACCEPT
iptables -A FORWARD -i ppp0 -o YOUR_INTERFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
EOF
chmod 755 /etc/network/if-pre-up.d/forward-masq-YOUR_INTERFACE-ppp0
systemctl restart networking
journalctl --unit=networking.service --follow

Configure a dhcp and dns server

apt-get install dnsmasq
# configure, please change YOUR_INTERFACE and YOUR_NET_PREFIX!
cat > /etc/dnsmasq.conf << EOF
# use standard port for dns server
port=53

# never forward plain names (without a dot or domain part)
domain-needed

# never forward addresses in the non-routed address spaces.
bogus-priv

# do not use /etc/resolv.conf or any other file to resolv
no-resolv

# add other name servers
server=8.8.8.8
server=8.8.4.4

# listen for DHCP and DNS requests only on specified interfaces
# repeat the line for more than one interface
interface=lo
interface=YOUR_INTERFACE

# provide only DNS service on specified interface
no-dhcp-interface=lo

# enable the integrated DHCP server
# you need to supply the range of addresses available
dhcp-range=YOUR_NET_PREFIX.100,YOUR_NET_PREFIX.200,255.255.255.0,12h
EOF
systemctl restart dnsmasq.service
journalctl --unit=dnsmasq.service --follow
Retrieved from "https://www.campisano.org/mediawiki/index.php?title=Debian_based_home_wifi_router&oldid=2762"