Inspirational guide to setup LAN and WIFI on Jessie

Discuss development on Bubba
Post Reply
lognok
Posts: 23
Joined: 30 Nov 2011, 11:23

Inspirational guide to setup LAN and WIFI on Jessie

Post by lognok » 06 Dec 2016, 17:45

These are my steps from flashing Debian Jessie to having a lan- and wifi router on the B3, including DHCP and firewall. I have tried countless times to follow a guide or an idea, but kept loosing the big picture and forgetting the steps to success and failure. So I started to write down the steps and finally ended up with this guide :D

Credits go out to: sakaki, MouettE and Gordon.
References: http://arstechnica.com/gadgets/2016/04/ ... m-scratch/ and many other websites I can't remember...
Please note that this is only an inspirational guide and not a complete walk-through.

B3 server setup with Debian 8
Install image on B3
1. Put Debian image on usb-stick.
2. Unplug power from B3.
3. Insert Debian usb-stick.
4. Plugin power while pressing the reset switch (release the switch after led lights up green).
5. Wait while Debian 8 is being installed on B3.
6. When the led turns blue, the install has finished and the B3 is running Debian 8 :-)

Setup the laptop to ssh into B3
Find inspiration here: http://askubuntu.com/questions/691986/network-manager-shared-connection-and-manual-settings-of-the-interface
1. Shell command: sudo apt-get install dnsmasq-base
2. Remove dnsmasq because it conflicts with NetworkManager’s ‘Shared Connection’.
Shell command: sudo apt-get remove dnsmasq
3. Open Networkmanager → Edit Connections → Add → Connection Type 'Ethernet' → Create → Give your new connection a name. We'll use the name 'Shared Connection' for this example → IPv4 tab → Shared to other computers (This is basically a dead-simple NAT (Network Address Translation), or Internet connection sharing, built right in to NetworkManager) → save
4. Select the connection Shared Connection in Networkmanager and let B3 connect to your laptop.
5. When a connection has been established, note the IP-address of B3 by looking into /var/log/syslog (or similar log file). This can take some time before the IP-address of B3 shows up in log ~ 5-10mins.
6. Open terminal and run ssh excito@x.x.x.x (x.x.x.x = IP-address from step 5). Password is excito
7. Run as root (su). Password is excito

Setup the WAN and LAN
1. Shell command: dpkg-reconfigure locales
2. Shell command: dpkg-reconfigure tzdata
3. Shell command: apt-get update
4. Shell command: apt-get upgrade
5. Edit /etc/network/interfaces to contain this:
# The loopback interface
auto lo
iface lo inet loopback

# The WAN interface
auto eth0
iface eth0 inet dhcp

# The LAN interface
auto eth1
iface eth1 inet static
address 192.168.10.1
netmask 255.255.255.0
broadcast 192.168.10.255

##The WIRELESS interface
#auto wlan0
#iface wlan0 inet static
# address 192.168.11.1
# netmask 255.255.255.0
# broadcast 192.168.11.255


Enable forwarding
6. Edit /etc/sysctl.conf and uncomment the line net.ipv4.ip_forward=1
7. Reboot the B3 (issue the reboot command in shell or press reset switch until led change color to purple).

Connect again
8. Re-open the Networkmanager on your laptop → Edit Connections → add a new connection and name it ‘Troubleshooting’.
9. Select the tab IPv4 Settings and chose method: Manual
10. Add the following:
Address = 192.168.10.2
Netmask = 255.255.255.0
Gateway = 192.168.10.1

11. In Networkmanager select the connection Troubleshooting and let it connect to B3.
12. Open terminal and ssh excito@192.168.10.1 with password excito
13. Run as root (su). Password is excito

Setting up dnsmasq
14. Shell command: apt-get install dnsmasq
15. Edit /etc/dnsmasq.conf and add this at the end of the file:
interface=eth1
dhcp-range=eth1,192.168.10.100,192.168.10.200,12h
#interface=wlan0
#dhcp-range=wlan0,192.168.11.100,192.168.11.200,12h

16. Edit /etc/resolv.conf and add this to the first line:
nameserver 127.0.0.1 (maybe this step should be removed?, when I reboot the B3 this line is gone...)
17. Shell command: /etc/init.d/dnsmasq restart
18. Reboot the B3 (issue the reboot command in shell or press reset switch until led change color to purple).

Create and start ruleset
1. Create /etc/network/if-pre-up.d/iptables and write:
#!/bin/sh
/sbin/iptables-restore < /etc/network/iptables

2. Shell command: chown root /etc/network/if-pre-up.d/iptables
3. Shell command: chmod 755 /etc/network/if-pre-up.d/iptables

Setup /etc/network/iptables
19. Create /etc/network/iptables and write:
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]

# eth0 is WAN interface, #eth1 is LAN interface
-A POSTROUTING -o eth0 -j MASQUERADE

COMMIT

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

# Service rules
# basic global accept rules - ICMP, loopback, traceroute, established all accepted
-A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -m state --state ESTABLISHED -j ACCEPT

# enable traceroute rejections to get sent out
-A INPUT -p udp -m udp --dport 33434:33523 -j REJECT --reject-with icmp-port-unreachable

# DNS - accept from LAN
-A INPUT -i eth1 -p tcp --dport 53 -j ACCEPT
-A INPUT -i eth1 -p udp --dport 53 -j ACCEPT
## DNS - accept from WIFI
#-A INPUT -i wlan0 -p tcp --dport 53 -j ACCEPT
#-A INPUT -i wlan0 -p udp --dport 53 -j ACCEPT

# SSH - accept from LAN
-A INPUT -i eth1 -p tcp --dport 22 -j ACCEPT

# DHCP client requests - accept from LAN
-A INPUT -i eth1 -p udp --dport 67:68 -j ACCEPT
## DHCP client requests - accept from WIFI
#-A INPUT -i wlan0 -p udp --dport 67:68 -j ACCEPT

# drop all other inbound traffic
-A INPUT -j DROP

# Forwarding rules (for all eth0, eth1 and wifi?)
# forward packets along established/related connections
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

# forward from LAN (eth1) to WAN (eth0)
-A FORWARD -i eth1 -o eth0 -j ACCEPT
## forward from WIFI (wlan0) to WAN (eth0)
#-A FORWARD -i wlan0 -o eth0 -j ACCEPT

## forward from WIFI (wlan0) to LAN (eth1)
#-A FORWARD -i wlan0 -o eth1 -j ACCEPT

## forward from LAN (eth1) to WIFI (wlan0)
#-A FORWARD -i eth1 -o wlan0 -j ACCEPT

# drop all other forwarded traffic
-A FORWARD -j DROP

COMMIT


You shoud now be able to connect to the internet through B3 with dhcp via the LAN port.


Setup the wifi
Setting up hostapd

1. Shell command: apt-get install hostapd
2. Edit /etc/default/hostapd
Make sure that the following line is uncommented and looks like this
DAEMON_CONF="/etc/hostapd/hostapd.conf"
3. Create /etc/hostapd/hostapd.conf and paste:
interface=wlan0
driver=nl80211
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=b3
ieee80211d=1
ieee80211n=1
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
own_ip_addr=127.0.0.1
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
country_code=SE
wpa=3
wpa_passphrase=ExcitoSweden!

wmm_enabled=1
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0

tx_queue_data3_aifs=7
tx_queue_data3_cwmin=15
tx_queue_data3_cwmax=1023
tx_queue_data3_burst=0
tx_queue_data2_aifs=3
tx_queue_data2_cwmin=15
tx_queue_data2_cwmax=63
tx_queue_data2_burst=0
tx_queue_data1_aifs=1
tx_queue_data1_cwmin=7
tx_queue_data1_cwmax=15
tx_queue_data1_burst=3.0
tx_queue_data0_aifs=1
tx_queue_data0_cwmin=3
tx_queue_data0_cwmax=7
tx_queue_data0_burst=1.5


20. Uncomment all the blue sections from the files in the previous chapters.
21. Reboot the B3 (issue the reboot command in shell or press reset switch until led change color to purple).

You should now be able to connect to the internet through B3 with dhcp via WIFI.
Last edited by lognok on 07 Dec 2016, 16:53, edited 4 times in total.

ahoff
Posts: 85
Joined: 01 Apr 2008, 20:50
Location: Swe

Re: Inspirational guide to setup LAN and WIFI on Jessie

Post by ahoff » 07 Dec 2016, 04:51

Åke Hoff
Örskogen
Sweden

lognok
Posts: 23
Joined: 30 Nov 2011, 11:23

Re: Inspirational guide to setup LAN and WIFI on Jessie

Post by lognok » 07 Dec 2016, 16:32

I'll take that as a compliment ahoff, thank you.

However, I think my guide is a little rough to be in a wiki, especially the part in the beginning about setting up the host computer for sharing connection to ssh into the B3. Also the guide has not been tested thoroughly (only two times...).

Post Reply