How to set up Alpine as a wireless router: Difference between revisions
| Rickyrockrat (talk | contribs) No edit summary | Rickyrockrat (talk | contribs)  No edit summary | ||
| Line 45: | Line 45: | ||
| GatewayPorts yes<br> | GatewayPorts yes<br> | ||
| X11Forwarding no<br> | X11Forwarding no<br> | ||
| ===== dnsmasq.conf ===== | ===== dnsmasq.conf ===== | ||
| /etc/dnsmasq.conf<br> | /etc/dnsmasq.conf<br> | ||
| This has two subnets. One for normal dhcp, the other for pseudo static - dhcp provided by MAC. One example here.<br> | |||
| interface=br0<br> | interface=br0<br> | ||
| except-interface=eth0<br> | except-interface=eth0<br> | ||
| dhcp-range=192.168.0.10,192.168.0.100,255.255.255.0,24h<br> | dhcp-range=subnet0,192.168.0.10,192.168.0.100,255.255.255.0,24h<br> | ||
| dhcp-range=subnet1,192.168.0.4,192.168.0.6,255.255.255.0,24h<br> | |||
| bind-interfaces<br> | bind-interfaces<br> | ||
| #log-queries<br> | #log-queries<br> | ||
| #log-dhcp<br> | #log-dhcp<br> | ||
| dhcp-host=70:85:66:c4:48:55,192.168.0.4,nas<br> | |||
| ===== /etc/hosts ===== | |||
| dnsmasq provides DNS answers from the hosts file. Nice. <br> | |||
| 127.0.0.1	localhost localhost.localdomain<br> | |||
| ::1		localhost localhost.localdomain<br> | |||
| 192.168.0.3     wireless<br> | |||
| 192.168.0.4     nas<br> | |||
| 192.168.0.5     mpd<br> | |||
| ===== hostapd.conf ===== | ===== hostapd.conf ===== | ||
Revision as of 13:46, 3 January 2021
Pi Zero W Wireless Router
This is a page to describe building a Wireless Access Point with two wired ethernet ports for building a home router that connects to the internet with one wired port, and internal Lan with the second wired port and the on-board WiFi.
The intent is to provide this:
                                    |<-->eth1 <-->| 
Internet <--> eth0 <-->FireWall<-->br0           Internal<--> ssh,bind,dhcp, with ssh reverse ssh connections.
                                    |<-->wlan0<-->|
Overview
I generally run Debian and  when forced by Red Hot Irons, Red Hat. This is my first foray into Alpine. So far I am very impressed. I mirrored the 3.12 armhf repos so I had things local when I needed them. Word to the wise. That is 13G of apk files.
One *really* nice feature of Alpine is apk, the yum/apt replacement:
- It is simple, short, and to the point.
- The same tool provides *repo* level dependency reporting!
- Install of single packages without repo signing (I never did get the signing correct, but I can install).
Install
- Find a microsd (or HDD) you can wipe. We will assume it is /dev/sdc.
- make a 256M fat16 partition (sudo mkfs.vfat -n ALPBOOT /dev/sdc1)
- the rest of the device can be ext2 (ext3/4 on HDD) (sudo mke2fs -m1 -L alext3 /dev/sdc2).
- untar the alpine-rpi-3.12.3-armhf.tar.gz and copy all files to the fat16 partition which is good for up to 2G.
- make sure you have all the packages from the package list below installed on the SD card. This will save you lots of time.
- install openssh, openssh-server, openssh-client, openssh-server-common,
- install dnsmasq, ethtool, hostapd*, busybox extras, iptables*, iw,net-tools, tree, wireless-tools.
ssh config
The allowed users are not normal names since I want the names to be a little obfuscated. Not that it really matters, since this is a key driven setup
AddressFamily inet
ListenAddress 0.0.0.0
HostKey /etc/ssh/ssh_host_rsa_key
LogLevel INFO
LoginGraceTime 30
PermitRootLogin no
StrictModes yes
AllowUsers Som123X Extern4524User
PubkeyAuthentication yes
AuthorizedKeysFile	/etc/ssh/authorized_keys
HostbasedAuthentication yes
IgnoreUserKnownHosts yes
IgnoreRhosts yes
PasswordAuthentication no
ChallengeResponseAuthentication no
AllowTcpForwarding yes
GatewayPorts yes
X11Forwarding no
dnsmasq.conf
/etc/dnsmasq.conf
This has two subnets. One for normal dhcp, the other for pseudo static - dhcp provided by MAC. One example here.
interface=br0
except-interface=eth0
dhcp-range=subnet0,192.168.0.10,192.168.0.100,255.255.255.0,24h
dhcp-range=subnet1,192.168.0.4,192.168.0.6,255.255.255.0,24h
bind-interfaces
- log-queries
- log-dhcp
dhcp-host=70:85:66:c4:48:55,192.168.0.4,nas
/etc/hosts
dnsmasq provides DNS answers from the hosts file. Nice. 
127.0.0.1	localhost localhost.localdomain
- 1		localhost localhost.localdomain
 
- 1		localhost localhost.localdomain
192.168.0.3     wireless
192.168.0.4     nas
192.168.0.5     mpd
hostapd.conf
/etc/hostapd/hostapd.conf
interface=wlan0
bridge=br0
hw_mode=g
channel=7
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
ssid=Whatever
wpa_passphrase=YouMakeItUp
interfaces
/etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
hostname ANYNAME
hwaddress ether FE:ED:BE:EF:33:DD
iface eth1 inet manual
iface wlan0 inet manual
auto br0
iface br0 inet static
pre-up ifconfig eth1 up
bridge-ports eth1 wlan0
bridge-stp off
address 192.168.0.3
broadcaset 192.168.1.255
netmask 255.255.255.0
Permissive iptables
Do NOT use this connected to the internet! This has no protection.
This is my stopopen in my replacement iptables
iptables -P INPUT ACCEPT
<
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD ACCEPT
iptables -F FORWARD
iptables -F -t nat
iptables -F
References
apk notes:
- Create and index and check dependencies on a list of apk files: apk index -o APKINDEX.unsigned.tar.gz *.apk
- Install a package: apk add iw OR apk add /path/to/iw-5.4-r0.apk
- remove a package: apk del iw
- repository lists are in: /etc/apk/repositories
* Local URL: /media/mmcblk0p1/apks * Remote URL: http://dl-cdn.alpinelinux.org/alpine/v3.12/main
FAT16/32 limits
udhcpc
ez-ipupdate
Dynamic_DNS
Alpine Linux Bridge
Connect to wireless AP
dnsmasq listen restrictions
Disable IPV6
dnsmasq Docs
HostApd Docs
[rsync://rsync.alpinelinux.org/alpine Alpine Repos]
Set Static DNS names
Reverse SSH tunnel
Pi Specific
Pi Wifi Repeater
WiFi Bridge
Alpine Install
PiZeroW Install
Classic Sys Install on Pi
Not Related, but Interesting
AP and Managed Mode
AP and MQTT
Package List
Put these in the apks/armhf directory on the 256M Fat partition:
iptables-1.8.4-r2.apk openssh-8.3_p1-r1.apk iptables-openrc-1.8.4-r2.apk openssh-client-8.3_p1-r1.apk abuild-3.6.0-r1.apk iw-5.4-r0.apk openssh-keygen-8.3_p1-r1.apk alpine-base-3.12.3-r0.apk kbd-bkeymaps-2.2.0-r2.apk openssh-server-8.3_p1-r1.apk alpine-baselayout-3.2.0-r7.apk libacl-2.2.53-r0.apk openssh-server-common-8.3_p1-r1.apk alpine-conf-3.9.0-r1.apk libattr-2.4.48-r0.apk openssh-sftp-server-8.3_p1-r1.apk alpine-keys-2.2-r0.apk libblkid-2.35.2-r0.apk openssl-1.1.1i-r0.apk alpine-mirrors-3.5.10-r0.apk libc-utils-0.7.2-r3.apk patch-2.7.6-r6.apk apk-tools-2.10.5-r1.apk libcap-2.27-r0.apk pcsc-lite-libs-1.8.26-r0.apk attr-2.4.48-r0.apk libcom_err-1.45.6-r0.apk pkgconf-1.7.2-r0.apk bash-5.0.17-r0.apk libcrypto1.1-1.1.1i-r0.apk ppp-atm-2.4.8-r2.apk bash-completion-2.10-r0.apk libcurl-7.69.1-r3.apk ppp-chat-2.4.8-r2.apk bonding-2.6-r4.apk libedit-20191231.3.1-r0.apk ppp-daemon-2.4.8-r2.apk bridge-1.5-r4.apk libev-4.33-r0.apk ppp-l2tp-2.4.8-r2.apk bridge-utils-1.6-r0.apk libgcc-9.3.0-r2.apk ppp-minconn-2.4.8-r2.apk busybox-1.31.1-r19.apk libmnl-1.0.4-r0.apk ppp-passprompt-2.4.8-r2.apk busybox-extras-1.31.1-r19.apk libnftnl-1.1.6-r0.apk ppp-passwordfd-2.4.8-r2.apk busybox-initscripts-3.2-r2.apk libnftnl-libs-1.1.6-r0.apk ppp-pppoe-2.4.8-r2.apk busybox-suid-1.31.1-r19.apk libnl3-3.5.0-r0.apk ppp-radius-2.4.8-r2.apk c-ares-1.16.1-r0.apk libpcap-1.9.1-r2.apk ppp-winbind-2.4.8-r2.apk ca-certificates-20191127-r4.apk libssl1.1-1.1.1i-r0.apk readline-8.0.4-r0.apk ca-certificates-bundle-20191127-r4.apk libstdc++-9.3.0-r2.apk scanelf-1.2.6-r0.apk chrony-3.5.1-r0.apk libtls-standalone-2.9.1-r1.apk signature.tar.gz chrony-openrc-3.5.1-r0.apk libusb-1.0.23-r0.apk ssl_client-1.31.1-r19.apk curl-7.69.1-r3.apk libuuid-2.35.2-r0.apk tar-1.32-r1.apk dbus-libs-1.12.18-r0.apk lzip-1.21-r0.apk tcpdump-4.9.3-r2.apk dnsmasq-2.81-r0.apk mii-tool-1.60_git20140218-r2.apk tree-1.8.0-r0.apk e2fsprogs-1.45.6-r0.apk musl-1.1.24-r10.apk tzdata-2020c-r1.apk e2fsprogs-libs-1.45.6-r0.apk musl-utils-1.1.24-r10.apk usb-modeswitch-2.6.0-r1.apk ethtool-5.6-r0.apk ncurses-libs-6.2_p20200523-r0.apk vlan-2.2-r0.apk ez-ipupdate-3.0.10-r9.apk ncurses-terminfo-base-6.2_p20200523-r0.apk wireless-tools-30_pre9-r1.apk fakeroot-1.24-r0.apk net-tools-1.60_git20140218-r2.apk wpa_supplicant-2.9-r5.apk haveged-1.9.8-r1.apk network-extras-1.2-r0.apk wpa_supplicant-openrc-2.9-r5.apk haveged-openrc-1.9.8-r1.apk nghttp2-1.41.0-r0.apk zlib-1.2.11-r3.apk hostapd-2.9-r2.apk nghttp2-libs-1.41.0-r0.apk hostapd-openrc-2.9-r2.apk openrc-0.42.1-r11.apk