Spaces:
Sleeping
Sleeping
MiloSobral
commited on
Commit
•
ea24835
1
Parent(s):
7862e13
Added iptables config to instructions
Browse files- PortiloopV2.md +48 -1
PortiloopV2.md
CHANGED
@@ -143,7 +143,53 @@ server=8.8.8.8
|
|
143 |
|
144 |
This configuration file specifies the `ap0` interface, the range of IP addresses to assign to clients, and the DNS server to use. Note that the IP address of the `dhcp-option=6,...` should be the same as the IP address set in step 2.
|
145 |
|
146 |
-
### 5.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
147 |
|
148 |
To make sure that everything happens on startup, we need to enable all services. Execute the following commands:
|
149 |
|
@@ -151,6 +197,7 @@ To make sure that everything happens on startup, we need to enable all services.
|
|
151 |
sudo systemctl enable create_ap.service
|
152 |
sudo systemctl enable hostapd.service
|
153 |
sudo systemctl enable dnsmasq.service
|
|
|
154 |
```
|
155 |
|
156 |
## Jupyter notebook
|
|
|
143 |
|
144 |
This configuration file specifies the `ap0` interface, the range of IP addresses to assign to clients, and the DNS server to use. Note that the IP address of the `dhcp-option=6,...` should be the same as the IP address set in step 2.
|
145 |
|
146 |
+
### 5. Configure IP Tables for internet access
|
147 |
+
|
148 |
+
To make sure you get internet access on your home computer when you are connected to the Portiloop, we need to setup IP tables. Create the following script `sudo nano /usr/local/bin/setup_tables.sh` and copy paste the following code:
|
149 |
+
|
150 |
+
```bash
|
151 |
+
#!/bin/bash
|
152 |
+
|
153 |
+
echo "Telling kernel to turn on ipv4 ip_forwarding"
|
154 |
+
echo 1 > /proc/sys/net/ipv4/ip_forward
|
155 |
+
echo "Done. Setting up iptables rules to allow FORWARDING"
|
156 |
+
|
157 |
+
DOWNSTREAM=ap0 # ap0 is client network (running hostapd)
|
158 |
+
UPSTREAM=wlan0 # upstream network (internet)
|
159 |
+
|
160 |
+
# Allow IP Masquerading (NAT) of packets from clients (downstream) to upstream network (internet)
|
161 |
+
iptables -t nat -A POSTROUTING -o $UPSTREAM -j MASQUERADE
|
162 |
+
|
163 |
+
# Forward packets from downstream clients to the upstream internet
|
164 |
+
iptables -A FORWARD -i $DOWNSTREAM -o $UPSTREAM -j ACCEPT
|
165 |
+
|
166 |
+
# Forward packers from the internet to clients IF THE CONNECTION IS ALREADY OPEN!
|
167 |
+
iptables -A FORWARD -i $UPSTREAM -o $DOWNSTREAM -m state --state RELATED,ESTABLISHED -j ACCEPT
|
168 |
+
|
169 |
+
# Setup the external DNS server
|
170 |
+
iptables -t nat -A PREROUTING -i $DOWNSTREAM -p udp --dport 53 -j DNAT --to-destination 8.8.8.8:53
|
171 |
+
|
172 |
+
echo "Done setting up iptables rules. Forwarding enabled"
|
173 |
+
```
|
174 |
+
|
175 |
+
Then, create a file called `/etc/systemd/system/setup_tables.service` and paste the following configuration:
|
176 |
+
|
177 |
+
```ini
|
178 |
+
[Unit]
|
179 |
+
Description=Setup tables service
|
180 |
+
After=create_ap.service
|
181 |
+
Wants=network-online.target
|
182 |
+
After=network-online.target
|
183 |
+
|
184 |
+
[Service]
|
185 |
+
Type=simple
|
186 |
+
ExecStart=/usr/local/bin/setup_tables.sh
|
187 |
+
|
188 |
+
[Install]
|
189 |
+
WantedBy=multi-user.target
|
190 |
+
```
|
191 |
+
|
192 |
+
### 6. Start Systemd services
|
193 |
|
194 |
To make sure that everything happens on startup, we need to enable all services. Execute the following commands:
|
195 |
|
|
|
197 |
sudo systemctl enable create_ap.service
|
198 |
sudo systemctl enable hostapd.service
|
199 |
sudo systemctl enable dnsmasq.service
|
200 |
+
sudo systemctl enable setup_tables.service
|
201 |
```
|
202 |
|
203 |
## Jupyter notebook
|