訓練家的快寫筆記

The legend of trainer's paper


搜尋:
     關閉     
標題:hostapd
內容:

喵的,網卡用這個分出來的就不是ad-hoc ,太爽啦~~~

第一步,先安裝 hostapd
yum install hostapd -y

第二步,抓 hostapd 的 source 回來重編
git clone git://w1.fi/srv/git/hostap.git
要重編 src、wpa、hostapd

編完以後,把作出來的 hostapd 換掉
/usr/sbin/hostapd
/usr/sbin/hostapd_cli

第三步,抓 iw 的 source 回來重編
yumdownloader --source iw

rpm -Uvh iw-3.11-1.fc20.src.rpm
cd ~/rpmbuild/SPEC
rpmbuild -ba iw.spec

安裝 iw 相關套件...


/etc/hostapd/hostapd.conf

interface=wlp0s18f2u2
#ieee80211n=1
driver=nl80211
ssid=3wa_wifi_hotspot
hw_mode=g
channel=6
wpa=1
wpa_passphrase=1234567890
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
wpa_ptk_rekey=600

# 啟動
systemctl start hostapd.service

註:要記得搭配 dhcpd、 ip_forward、POSTROUTING 相關~

# dhcpd.conf 參考
[root@3wa hostap]# cat /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp/dhcpd.conf.example
#   see dhcpd.conf(5) man page
#
ddns-update-style interim;
not authoritative;
allow unknown-clients;
allow booting;
INTERFACES="wlp0s18f2u2";

# gateway
option routers 192.168.0.254;

# gateway submask
option subnet-mask 255.255.255.0;

subnet 192.168.0.0 netmask 255.255.255.0 {
    range 192.168.0.1 192.168.0.10;
    option domain-name-servers 8.8.8.8,168.95.1.1,168.95.192.1;
    default-lease-time -1;
    max-lease-time -1;
    filename "pxelinux.0";
}

# nat 與防火牆設定

#!/bin/bash

# systemctl disable firewalld.service
# /etc/init.d/iptables  stop
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo "1" > /proc/sys/net/ipv4/ip_no_pmtu_disc

modprobe ip_tables
modprobe ip_nat_ftp
modprobe ip_nat_irc
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_conntrack_irc

iptables -F
iptables -X
iptables -Z
iptables -F -t  nat
iptables -X -t  nat
iptables -Z -t  nat
iptables -P INPUT    DROP
iptables -P OUTPUT   ACCEPT
iptables -P FORWARD  ACCEPT
iptables -t nat  -P  PREROUTING   ACCEPT
iptables -t nat  -P  POSTROUTING  ACCEPT
iptables -t nat  -P  OUTPUT       ACCEPT

iptables -t nat -A POSTROUTING -o p20p1 -s 192.168.0.0/24 -j MASQUERADE;
# 防火牆
# 予許 Ping
iptables -A INPUT -p icmp -s 0/0 -j ACCEPT
# 予許 FTP
iptables -A INPUT -p tcp -s 0/0 --dport 20 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 21 -j ACCEPT
# 予許 SSH
iptables -A INPUT -p tcp -s 0/0 --dport 22 -j ACCEPT
# 予許 HTTP
iptables -A INPUT -p tcp -s 0/0 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 8080 -j ACCEPT
# 予許 VNC
iptables -A INPUT -p tcp -s 0/0 --dport 5800 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 5900 -j ACCEPT
# 予許 Proxy...
iptables -A INPUT -p tcp -s 0/0 --dport 3128 -j ACCEPT
# 予許 465 GMAIL
iptables -A OUTPUT -p tcp -s 0/0 --dport 465 -j ACCEPT
# Mail Server
iptables -A INPUT -p tcp -s 0/0 --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 110 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 143 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 783 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 993 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 995 -j ACCEPT
# Nessus
iptables -A INPUT -p tcp -s 0/0 --dport 1241 -j ACCEPT
# MySQL
iptables -A INPUT -p tcp -s 0/0 --dport 3306 -j ACCEPT
# Postgresql
iptables -A INPUT -p tcp -s 0/0 --dport 5432 -j ACCEPT
# X-Window
iptables -A INPUT -p tcp -s 0/0 --dport 6000 -j ACCEPT
# 沒加這行,Gmail 不能寄,SSH,看不到password
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT