Spaces:
Build error
Build error
Commit
·
ea24835
1
Parent(s):
7862e13
Added iptables config to instructions
Browse files- PortiloopV2.md +48 -1
PortiloopV2.md
CHANGED
|
@@ -143,7 +143,53 @@ server=8.8.8.8
|
|
| 143 |
|
| 144 |
This configuration file specifies the `ap0` interface, the range of IP addresses to assign to clients, and the DNS server to use. Note that the IP address of the `dhcp-option=6,...` should be the same as the IP address set in step 2.
|
| 145 |
|
| 146 |
-
### 5.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 147 |
|
| 148 |
To make sure that everything happens on startup, we need to enable all services. Execute the following commands:
|
| 149 |
|
|
@@ -151,6 +197,7 @@ To make sure that everything happens on startup, we need to enable all services.
|
|
| 151 |
sudo systemctl enable create_ap.service
|
| 152 |
sudo systemctl enable hostapd.service
|
| 153 |
sudo systemctl enable dnsmasq.service
|
|
|
|
| 154 |
```
|
| 155 |
|
| 156 |
## Jupyter notebook
|
|
|
|
| 143 |
|
| 144 |
This configuration file specifies the `ap0` interface, the range of IP addresses to assign to clients, and the DNS server to use. Note that the IP address of the `dhcp-option=6,...` should be the same as the IP address set in step 2.
|
| 145 |
|
| 146 |
+
### 5. Configure IP Tables for internet access
|
| 147 |
+
|
| 148 |
+
To make sure you get internet access on your home computer when you are connected to the Portiloop, we need to setup IP tables. Create the following script `sudo nano /usr/local/bin/setup_tables.sh` and copy paste the following code:
|
| 149 |
+
|
| 150 |
+
```bash
|
| 151 |
+
#!/bin/bash
|
| 152 |
+
|
| 153 |
+
echo "Telling kernel to turn on ipv4 ip_forwarding"
|
| 154 |
+
echo 1 > /proc/sys/net/ipv4/ip_forward
|
| 155 |
+
echo "Done. Setting up iptables rules to allow FORWARDING"
|
| 156 |
+
|
| 157 |
+
DOWNSTREAM=ap0 # ap0 is client network (running hostapd)
|
| 158 |
+
UPSTREAM=wlan0 # upstream network (internet)
|
| 159 |
+
|
| 160 |
+
# Allow IP Masquerading (NAT) of packets from clients (downstream) to upstream network (internet)
|
| 161 |
+
iptables -t nat -A POSTROUTING -o $UPSTREAM -j MASQUERADE
|
| 162 |
+
|
| 163 |
+
# Forward packets from downstream clients to the upstream internet
|
| 164 |
+
iptables -A FORWARD -i $DOWNSTREAM -o $UPSTREAM -j ACCEPT
|
| 165 |
+
|
| 166 |
+
# Forward packers from the internet to clients IF THE CONNECTION IS ALREADY OPEN!
|
| 167 |
+
iptables -A FORWARD -i $UPSTREAM -o $DOWNSTREAM -m state --state RELATED,ESTABLISHED -j ACCEPT
|
| 168 |
+
|
| 169 |
+
# Setup the external DNS server
|
| 170 |
+
iptables -t nat -A PREROUTING -i $DOWNSTREAM -p udp --dport 53 -j DNAT --to-destination 8.8.8.8:53
|
| 171 |
+
|
| 172 |
+
echo "Done setting up iptables rules. Forwarding enabled"
|
| 173 |
+
```
|
| 174 |
+
|
| 175 |
+
Then, create a file called `/etc/systemd/system/setup_tables.service` and paste the following configuration:
|
| 176 |
+
|
| 177 |
+
```ini
|
| 178 |
+
[Unit]
|
| 179 |
+
Description=Setup tables service
|
| 180 |
+
After=create_ap.service
|
| 181 |
+
Wants=network-online.target
|
| 182 |
+
After=network-online.target
|
| 183 |
+
|
| 184 |
+
[Service]
|
| 185 |
+
Type=simple
|
| 186 |
+
ExecStart=/usr/local/bin/setup_tables.sh
|
| 187 |
+
|
| 188 |
+
[Install]
|
| 189 |
+
WantedBy=multi-user.target
|
| 190 |
+
```
|
| 191 |
+
|
| 192 |
+
### 6. Start Systemd services
|
| 193 |
|
| 194 |
To make sure that everything happens on startup, we need to enable all services. Execute the following commands:
|
| 195 |
|
|
|
|
| 197 |
sudo systemctl enable create_ap.service
|
| 198 |
sudo systemctl enable hostapd.service
|
| 199 |
sudo systemctl enable dnsmasq.service
|
| 200 |
+
sudo systemctl enable setup_tables.service
|
| 201 |
```
|
| 202 |
|
| 203 |
## Jupyter notebook
|