type
Post
status
Published
date
Jun 1, 2022
slug
hostapd
summary
通过HK1 BOX 小型服务器,用Nat转发,绕过校园网认证,开热点
tags
Linux
category
技术分享
icon
password
参考资料:
主要参考于恩山论坛的luozs08大佬
配置时间:
2022年5月30日
配置环境
Armbian 22.05.0-trunk Focal with Linux 5.15.34-flippy-71+o
使用技术
- NAT转发
- hostapd开启热点
- udhcpd分配IP
应用背景
通过将HK1 BOX刷成Armbian后,有线连接校园网,并用HK1 BOX认证校园网后
启动hostapd和udhcp
将网络通过
nat
转发而不采用桥接,因为桥接后仍需要校园网认证nat
可以绕过认证,具体在NAT和桥接区别中可见之后将连上热点的产生的数据,通过有线连接转发出去
NAT和桥接的区别
坑点
- 对于有线网卡并不需要过多配置,让他正常联网即可
- 无线网卡的ip会作为网关,所以不用和有线网卡的ip保持一致,自成一个局域网
- 不配置udhcp的话,连上热点后需要手动配置(而且还容易出错)
Hostapd配置流程
1. 定义hostapd配置文件
vim /etc/default/hostapd
找到
DAEMON_CONF="/etc/hostapd.conf"
,把前面的#号删除2. 修改hostapd配置文件
vim /etc/hostapd.conf
配置文件代码
# # armbian hostapd configuration example # # nl80211 mode # ssid=txuw-host interface=wlan0 hw_mode=a channel=149 #bridge=br0 driver=nl80211 logger_syslog=0 logger_syslog_level=0 wmm_enabled=1 wpa=2 preamble=1 wpa_psk=66eb31d2b48d19ba216f2e50c6831ee11be98e2fa3a8075e30b866f4a5ccda27 wpa_passphrase=xxxx wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP auth_algs=1 macaddr_acl=0 ## IEEE 802.11n ieee80211n=1 ht_capab=[DSSS_CK-40][HT20+] country_code=US ieee80211d=1 ## IEEE 802.11n ## IEEE 802.11a hw_mode=a ## IEEE 802.11a ### IEEE 802.11ac #ieee80211ac=1 #vht_capab= #vht_oper_chwidth=1 #vht_oper_centr_freq_seg0_idx=42 ### IEEE 802.11ac # controlling enabled ctrl_interface=/var/run/hostapd ctrl_interface_group=0
在
bridge=br0
前加#号ssid=
这里写wifi名wpa_passphrase=
这里写密码 8位如果使用2G热点,其余不改
如果用5G热点,把"
hw_mode=g
"改为"#hw_mode=a
"把”
channel=6
”改为“channel=149
”3. 修改hostapd主程序
vim /etc/init.d/hostapd
对hostapd服务脚本进行编辑,修改内容如下:
在
start)
下一行添加如下内容:sed -i '/\[keyfile\]/a unmanaged-devices=interface-name:wlan0' /etc/NetworkManager/NetworkManager.conf ip addr add 192.168.1.1/24 dev wlan0 echo "1" >/proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE sleep 2
第一行命令为
在
/etc/NetworkManager/NetworkManager.conf
文件中的[keyfile]
字段之后添加内容: unmanaged-devices=interface-name:wlan0
这样该网卡就已经不再受NetworkManager管理了;第二行为wlan0设置ip地址;
第三行设置ip转发;
第四行设置NAT转换规则。
在
stop)
下一行添加如下内容:sed -i '/^unmanaged-devices=interface-name:wlan0/d' /etc/NetworkManager/NetworkManager.conf echo "0" >/proc/sys/net/ipv4/ip_forward ip addr del 192.168.1.1/24 dev wlan0 iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE sleep 2
在
reload)
下一行添加如下内容:sed -i '/^unmanaged-devices=interface-name:wlan0/d' /etc/NetworkManager/NetworkManager.conf echo "0" >/proc/sys/net/ipv4/ip_forward ip addr del 192.168.1.1/24 dev wlan0 iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE sed -i '/\[keyfile\]/a unmanaged-devices=mac:c8:3a:35:cb:18:e0' /etc/NetworkManager/NetworkManager.conf ip addr add 192.168.1.1/24 dev wlan0 echo "1" >/proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE sleep 2
修改Daemon_CONF指向配置文件
DAEMON_CONF=/etc/hostapd.conf
使用命令
systemctl daemon-reload
对脚本文件进行重新配置4.启动hostapd,并设置开机启动
systemctl start hostapd.service
(启动hostapd)这一步就可以看到搜索到wifi热点了,也可以通过设置静态ip的方式连接。
systemctl enable hostapd.service
(设置开机启动)最后主程序代码
#!/bin/sh ### BEGIN INIT INFO # Provides: hostapd # Required-Start: $remote_fs # Required-Stop: $remote_fs # Should-Start: $network # Should-Stop: # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Advanced IEEE 802.11 management daemon # Description: Userspace IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP # Authenticator ### END INIT INFO PATH=/sbin:/bin:/usr/sbin:/usr/bin DAEMON_SBIN=/usr/sbin/hostapd DAEMON_DEFS=/etc/default/hostapd DAEMON_CONF=/etc/hostapd.conf NAME=hostapd DESC="advanced IEEE 802.11 management" PIDFILE=/run/hostapd.pid [ -x "$DAEMON_SBIN" ] || exit 0 [ -s "$DAEMON_DEFS" ] && . /etc/default/hostapd [ -n "$DAEMON_CONF" ] || exit 0 DAEMON_OPTS="-B -P $PIDFILE $DAEMON_OPTS $DAEMON_CONF" . /lib/lsb/init-functions case "$1" in start) sed -i '/\[keyfile\]/a unmanaged-devices=interface-name:wlan0' /etc/NetworkManager/NetworkManager.conf ip addr add 192.168.1.1/24 dev wlan0 echo "1" >/proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE sleep 2 log_daemon_msg "Starting $DESC" "$NAME" start-stop-daemon --start --oknodo --quiet --exec "$DAEMON_SBIN" \ --pidfile "$PIDFILE" -- $DAEMON_OPTS >/dev/null log_end_msg "$?" ;; stop) sed -i '/^unmanaged-devices=interface-name:wlan0/d' /etc/NetworkManager/NetworkManager.conf echo "0" >/proc/sys/net/ipv4/ip_forward ip addr del 192.168.1.1/24 dev wlan0 iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE sleep 2 log_daemon_msg "Stopping $DESC" "$NAME" start-stop-daemon --stop --oknodo --quiet --exec "$DAEMON_SBIN" \ --pidfile "$PIDFILE" log_end_msg "$?" ;; reload) sed -i '/^unmanaged-devices=interface-name:wlan0/d' /etc/NetworkManager/NetworkManager.conf echo "0" >/proc/sys/net/ipv4/ip_forward ip addr del 192.168.1.1/24 dev wlan0 iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE sed -i '/\[keyfile\]/a unmanaged-devices=mac:c8:3a:35:cb:18:e0' /etc/NetworkManager/NetworkManager.conf ip addr add 192.168.1.1/24 dev wlan0 echo "1" >/proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE sleep 2 log_daemon_msg "Reloading $DESC" "$NAME" start-stop-daemon --stop --signal HUP --exec "$DAEMON_SBIN" \ --pidfile "$PIDFILE" log_end_msg "$?" ;; restart|force-reload) $0 stop sleep 8 $0 start ;; status) status_of_proc "$DAEMON_SBIN" "$NAME" exit $? ;; *) N=/etc/init.d/$NAME echo "Usage: $N {start|stop|restart|force-reload|reload|status}" >&2 exit 1 ;; esac exit 0
配置udhcpd
1.安装dhcp服务程序(以udhcpd为例)
apt install udhcpd
2.修改dhcp配置文件
vim /etc/udhcpd.conf
删除所有,并填入以下内容
start 192.168.1.2 end 192.168.1.254 interface wlan0 opt dns 223.5.5.5 option subnet 255.255.255.0 opt router 192.168.1.1 option dns 233.6.6.6
3.修改udhcp启动配置
vim /etc/default/udhcpd
将DHCPD_ENABLED=”no”注释,原意是指不生效DHCPD,注释以后生效
# Comment the following line to enable #DHCPD_ENABLED="no" # Options to pass to busybox' udhcpd. # # -S Log to syslog # -f run in foreground DHCPD_OPTS="-S"
4.启动udhcpd,并设置开机启动
systemctl start udhcpd.service
systemctl enable udhcpd.service
- 作者:txuw
- 链接:https://txuw.top/article/hostapd
- 声明:本文采用 CC BY-NC-SA 4.0 许可协议,转载请注明出处。