1. first I take a look the following info as reference.
http://drizztcp.wordpress.com/category/pandaboard/
2. Grab the Ubuntu 12.04 image from http://cdimage.ubuntu.com/releases/12.04/release/. I choose http://cdimage.ubuntu.com/releases/12.04/release/ubuntu-12.04-preinstalled-server-armhf+omap4.img.gz for my Pandaboard A2.
3. Make bootable SDCard & following the install instruction. https://wiki.ubuntu.com/ARM/OmapDesktopInstall
4. Now, I have an bootable Panda.
5. Configuration the hostapd. I don't want just take my panda as AP only. So, I decide to run dhcpd on wlan0.
5.1 dhcp-server part:
5.1.1. apt-get install isc-dhcp-server
5.1.2 modify /etc/default/isc-dhcp-server
- INTERFACES="wlan0"
5.1.3 modify /etc/dhcp/dhcpd.conf
- option domain-name "myhome.net";
- option domain-name-servers 168.95.192.1, 168.95.1.1; (for my Hinet DNS)
- subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.150;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.254;
}
5.2 hostapd part:
5.2.1 /etc/network/interfaces We need wlan0 has static ip to be the rule of dhcp-server.
- auto wlan0
iface wlan0 inet static
address 192.168.0.254
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
5.2.2 /etc/hostapd/hostapd.conf
- interface=wlan0
driver=nl80211
ssid=panda-wifi
hw_mode=g
ieee80211n=1 # enable 802.11n support.
wmm_enabled=1
#ht_capab=[HT40-][HT40+] #Ti wl1271 only up to 65Mbps. HT40 will cause module hang.
channel=5
macaddr_acl=0
#0 is allow all connection, 1 is deny all connect, only accept in hostspd.accept
accept_mac_file=/etc/hostapd/hostapd.accept
deny_mac_file=/etc/hostapd/hostapd.deny
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=xxxxxx #choose the password you want.
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
5.2.3 touch /etc/hostapd/hostapd.accept & /etc/hostapd/hostapd.deny to let hostapd daemon running.
OK, we have wlan0 & hostapd work now. Next, I want the pppoe work. Zyxel P874 seems performance is not good enough for P2P.
6. PPPoE on eth0
6.1 install ppp, pppoe support
- apt-get install ppp pppconfig pppoe pppoeconf
6.2 /etc/ppp/peers/dsl-provider
- pty "/usr/sbin/pppoe -I eth0 -T 80 -m 1452"
noipdefault
usepeerdns
defaultroute
user "????????@ip.hinet.net"
6.3 /etc/ppp/chap-secrets, /etc/ppp/pap-secrets
- "????????@ip.hinet.net" * "??????"
6.4 /etc/network/interfaces
- add dsl-provider section
auto dsl-provider
iface dsl-provider inet ppp
provider dsl-provider
6.5 PPPoE keepalive.sh (for auto-reconnect)
#!/bin/sh
# keepalive.sh
# This is a keepalive script for the Casema cable modems. This script was
# lifted from the /usr/doc/HOWTO/unmaintained/mini/Dynamic-IP-Hacks
# document. There should be an entry in your crontab looking like:
# */2 * * * * /etc/ppp/keepalive.sh
# to run this script every 2 minutes to see if your connection is still
# up, if not, gracefully kill the pppd process and remake it.
# Modify paths as necessary.
if [ -f /var/run/ppp0.pid ]; then
testing=$(ping -c4 -l4 168.95.192.1 2>&1 | grep "0 packets")
if [ "$testing" != "" ]; then
/usr/bin/poff -a
sleep 10
/usr/bin/pon dsl-provider
fi
else
/usr/bin/pon dsl-provider
fi
6.6 /etc/crontab
- */2 * * * * root /etc/ppp/keepalive.sh (for auto-reconnect)
7. To be an Wireless router
7.1 /etc/sysctl.conf
- enable IPv4 forward
net.ipv4.ip_forward=1
7.2 add iptable rule.
- wlan0 as LAN (192.168.0.xxx/24) , ppp0 as Internet connection
7.2.1 /etc/firewall-rules
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i wlan0 -s 127.0.0.1/8 -j DROP
-A OUTPUT -o wlan0 -d 127.0.0.1/8 -j DROP
-A INPUT -i ppp0 -s 127.0.0.1/8 -j DROP
-A OUTPUT -o ppp0 -d 127.0.0.1/8 -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT
#for transmission package
-A INPUT -i ppp0 -p tcp -m tcp --dport 9091 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 51413 -j ACCEPT
#for FTP
-A INPUT -i wlan0 -p tcp -m tcp --dport 20 -j ACCEPT
-A INPUT -i wlan0 -p tcp -m tcp --dport 21 -j ACCEPT
# for SSH
-A INPUT -i wlan0 -p tcp -m tcp --dport 22 -j ACCEPT
#for SMB/CIFS
-A INPUT -i wlan0 -p tcp -m tcp --dport 139 -j ACCEPT
-A INPUT -i wlan0 -p tcp -m tcp --dport 445 -j ACCEPT
#for transmission package
-A INPUT -i wlan0 -p tcp -m tcp --dport 4001 -j ACCEPT
-A INPUT -i wlan0 -p tcp -m tcp --dport 9091 -j ACCEPT
#for SMB/CIFS
-A INPUT -i wlan0 -p udp -m udp --dport 137 -j ACCEPT
-A INPUT -i wlan0 -p udp -m udp --dport 138 -j ACCEPT
#deny hacker scan
-A INPUT -p tcp --tcp-flags ALL NONE -j DROP
-A FORWARD -p tcp --tcp-flags ALL NONE -j DROP
-A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
-A FORWARD -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
-A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A FORWARD -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
-A FORWARD -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
-A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP
-A FORWARD -p tcp --tcp-flags ACK,FIN FIN -j DROP
-A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP
-A FORWARD -p tcp --tcp-flags ACK,URG URG -j DROP
# icmp allow list
-A INPUT -p icmp --icmp-type 0 -j ACCEPT
-A INPUT -p icmp --icmp-type 3 -j ACCEPT
-A INPUT -p icmp --icmp-type 3/4 -j ACCEPT
-A INPUT -p icmp --icmp-type 4 -j ACCEPT
-A INPUT -p icmp --icmp-type 11 -j ACCEPT
-A INPUT -p icmp --icmp-type 12 -j ACCEPT
-A INPUT -p icmp --icmp-type 14 -j ACCEPT
-A INPUT -p icmp --icmp-type 16 -j ACCEPT
-A INPUT -p icmp --icmp-type 18 -j ACCEPT
COMMIT
7.2.2 /etc/network/interfaces
- modify dsl-provider section.
auto dsl-provider
iface dsl-provider inet ppp
pre-up iptables-restore < /etc/firewall-rules
provider dsl-provider
8. install transmission daemon & do basic setting.
BTW, I upgrade the kernel to 3.4.0 (from PPA) & upgrade the tiwlan-wl12xx-dkms, tiwlan-wl12xx-firmware to help wl1271 more stable.
Done...
沒有留言:
張貼留言