Last active
June 6, 2016 03:31
-
-
Save paliwodar/d7fcd5aa7f6f0ac7eb3321403f0f8be5 to your computer and use it in GitHub Desktop.
Setting up my Raspberry Pi 3 (Edimax EW-7811Un) access point that is facing the Internet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| INTERFACES="wlan0" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| #option domain-name "example.org"; | |
| #option domain-name-servers ns1.example.org, ns2.example.org; | |
| ... | |
| authoritative; | |
| ... | |
| subnet 192.168.42.0 netmask 255.255.255.0 { | |
| range 192.168.42.10 192.168.42.50; | |
| option broadcast-address 192.168.42.255; | |
| option routers 192.168.42.1; | |
| default-lease-time 600; | |
| max-lease-time 7200; | |
| option domain-name "local"; | |
| option domain-name-servers 8.8.8.8, 8.8.4.4; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| interface=wlan0 | |
| driver=rtl871xdrv | |
| hw_mode=g | |
| ssid=<SSID> | |
| channel=1 | |
| macaddr_acl=0 | |
| auth_algs=1 | |
| ignore_broadcast_ssid=0 | |
| wpa=2 | |
| wpa_passphrase=<PASSPHRASE> | |
| wpa_key_mgmt=WPA-PSK | |
| wpa_pairwise=TKIP | |
| rsn_pairwise=CCMP |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #disable power management | |
| options 8192cu rtw_power_mgnt=0 rtw_enusbss=0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Include files from /etc/network/interfaces.d: | |
| source-directory /etc/network/interfaces.d | |
| auto lo | |
| iface lo inet loopback | |
| iface eth0 inet dhcp | |
| allow-hotplug wlan0 | |
| iface wlan0 inet static | |
| address 192.168.42.1 | |
| netmask 255.255.255.0 | |
| up iptables-restore < /etc/iptables.ipv4.nat |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| net.ipv4.ip_forward=1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # remove existing rules and set defaults | |
| iptables -F | |
| iptables -X | |
| iptables -t nat -F | |
| iptables -t nat -X | |
| iptables -t mangle -F | |
| iptables -t mangle -X | |
| iptables -P INPUT DROP | |
| iptables -P FORWARD ACCEPT | |
| iptables -P OUTPUT ACCEPT | |
| #nat | |
| iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | |
| #filter | |
| iptables -A INPUT -i lo -j ACCEPT | |
| iptables -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT | |
| iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| iptables -A INPUT -i wlan0 -m state --state NEW -j ACCEPT | |
| iptables -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP | |
| iptables -A INPUT -f -j DROP | |
| iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP | |
| iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP | |
| iptables -A INPUT -i wlan0 -p udp -m udp --sport 53 -j ACCEPT | |
| iptables -A INPUT -j LOG --log-prefix "IPTABLES Dropped: " --log-level 7 | |
| iptables -A INPUT -j DROP |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #enable wifi in case of no mouse/keyboard | |
| cd /path/to/your/sd/card/ | |
| sudo nano etc/wpa_supplicant/wpa_supplicant.conf | |
| and add the following to the bottom of the file: | |
| network={ | |
| ssid="your-network-ssid-name" | |
| psk="your-network-password" | |
| } | |
| #install and run hostapd and dhcpd | |
| sudo apt-get update | |
| sudo apt-get install hostapd isc-dhcp-server | |
| #edit scripts and configs | |
| ... | |
| #starting services | |
| sudo service hostapd start | |
| sudo service isc-dhcp-server start | |
| sudo service hostapd status | |
| sudo service isc-dhcp-server status | |
| sudo update-rc.d hostapd enable | |
| sudo update-rc.d isc-dhcp-server enable | |
| #failban | |
| sudo apt-get install fail2ban | |
| sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local | |
| sudo service fail2ban restart | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment