Add -m option, now you can choose NATed (default) or bridged Internet sharing (thanks batnas)
This commit is contained in:
parent
513f1fce19
commit
a336acd7cc
161
create_ap
161
create_ap
@ -4,10 +4,12 @@
|
|||||||
# bash (to run this script)
|
# bash (to run this script)
|
||||||
# util-linux (for getopt)
|
# util-linux (for getopt)
|
||||||
# hostapd
|
# hostapd
|
||||||
# dnsmasq
|
|
||||||
# iptables
|
|
||||||
# iproute2
|
# iproute2
|
||||||
# haveged (optional)
|
# haveged (optional)
|
||||||
|
# dnsmasq (needed for 'nat' or 'none' Internet sharing method)
|
||||||
|
# iptables (needed for 'nat' Internet sharing method)
|
||||||
|
# bridge-utils (needed for 'bridge' Internet sharing method)
|
||||||
|
# dhclient (needed for 'bridge' Internet sharing method)
|
||||||
|
|
||||||
usage() {
|
usage() {
|
||||||
echo "Usage: $(basename $0) [options] <wifi-interface> [<interface-with-internet>] [<access-point-name> [<passphrase>]]"
|
echo "Usage: $(basename $0) [options] <wifi-interface> [<interface-with-internet>] [<access-point-name> [<passphrase>]]"
|
||||||
@ -16,24 +18,40 @@ usage() {
|
|||||||
echo " -h, --help Show this help"
|
echo " -h, --help Show this help"
|
||||||
echo " -c <channel> Channel number (default: 1)"
|
echo " -c <channel> Channel number (default: 1)"
|
||||||
echo " -w <WPA version> Use 1 for WPA, use 2 for WPA2, use 1+2 for both (default: 1+2)"
|
echo " -w <WPA version> Use 1 for WPA, use 2 for WPA2, use 1+2 for both (default: 1+2)"
|
||||||
echo " -g <gateway> IPv4 Gateway for the Access Point (default: 192.168.12.1)"
|
|
||||||
echo " -d DNS server will take into account /etc/hosts"
|
|
||||||
echo " -n Disable Internet sharing (if you use this, don't pass"
|
echo " -n Disable Internet sharing (if you use this, don't pass"
|
||||||
echo " the <interface-with-internet> argument)"
|
echo " the <interface-with-internet> argument)"
|
||||||
|
echo " -m <method> Method for Internet sharing."
|
||||||
|
echo " Use: 'nat' for NAT (default)"
|
||||||
|
echo " 'bridge' for bridging"
|
||||||
|
echo " 'none' for no Internet sharing (equivalent to -n)"
|
||||||
echo " --hidden Make the Access Point hidden (do not broadcast the SSID)"
|
echo " --hidden Make the Access Point hidden (do not broadcast the SSID)"
|
||||||
echo
|
echo
|
||||||
|
echo "Non-Bridging Options:"
|
||||||
|
echo " -g <gateway> IPv4 Gateway for the Access Point (default: 192.168.12.1)"
|
||||||
|
echo " -d DNS server will take into account /etc/hosts"
|
||||||
|
echo
|
||||||
echo "Examples:"
|
echo "Examples:"
|
||||||
echo " $(basename $0) wlan0 eth0 MyAccessPoint MyPassPhrase"
|
echo " $(basename $0) wlan0 eth0 MyAccessPoint MyPassPhrase"
|
||||||
echo " $(basename $0) -n wlan0 MyAccessPoint MyPassPhrase"
|
echo " $(basename $0) -n wlan0 MyAccessPoint MyPassPhrase"
|
||||||
|
echo " $(basename $0) -m bridge wlan0 eth0 MyAccessPoint MyPassPhrase"
|
||||||
echo " echo -e 'MyAccessPoint\nMyPassPhrase' | $(basename $0) wlan0 eth0"
|
echo " echo -e 'MyAccessPoint\nMyPassPhrase' | $(basename $0) wlan0 eth0"
|
||||||
echo " echo -e 'MyAccessPoint\nMyPassPhrase' | $(basename $0) -n wlan0"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
get_macaddr() {
|
get_macaddr() {
|
||||||
ip link show "$1" | sed -n 's/.*ether \([0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]\) .*/\1/p'
|
ip link show "$1" | grep ether | grep -Eo '([0-9a-f]{2}:){5}[0-9a-f]{2}\s'
|
||||||
}
|
}
|
||||||
|
|
||||||
ARGS=$(getopt -o hc:w:g:dn -l "help","hidden" -n $(basename $0) -- "$@")
|
get_avail_bridge() {
|
||||||
|
for i in {1..100}; do
|
||||||
|
curr_bridge=$(brctl show | grep "br$i" | cut -s -f1)
|
||||||
|
if [[ -z $curr_bridge ]]; then
|
||||||
|
echo "br$i"
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
ARGS=$(getopt -o hc:w:g:dnm: -l "help","hidden" -n $(basename $0) -- "$@")
|
||||||
[[ $? -ne 0 ]] && exit 1
|
[[ $? -ne 0 ]] && exit 1
|
||||||
eval set -- "$ARGS"
|
eval set -- "$ARGS"
|
||||||
|
|
||||||
@ -42,7 +60,7 @@ GATEWAY=192.168.12.1
|
|||||||
WPA_VERSION=1+2
|
WPA_VERSION=1+2
|
||||||
ETC_HOSTS=0
|
ETC_HOSTS=0
|
||||||
HIDDEN=0
|
HIDDEN=0
|
||||||
SHARE_INTERNET=1
|
SHARE_METHOD=nat
|
||||||
|
|
||||||
while :; do
|
while :; do
|
||||||
case "$1" in
|
case "$1" in
|
||||||
@ -56,24 +74,18 @@ while :; do
|
|||||||
;;
|
;;
|
||||||
-c)
|
-c)
|
||||||
shift
|
shift
|
||||||
if [[ -n "$1" ]]; then
|
CHANNEL="$1"
|
||||||
CHANNEL="$1"
|
shift
|
||||||
shift
|
|
||||||
fi
|
|
||||||
;;
|
;;
|
||||||
-w)
|
-w)
|
||||||
shift
|
shift
|
||||||
if [[ -n "$1" ]]; then
|
WPA_VERSION="$1"
|
||||||
WPA_VERSION="$1"
|
shift
|
||||||
shift
|
|
||||||
fi
|
|
||||||
;;
|
;;
|
||||||
-g)
|
-g)
|
||||||
shift
|
shift
|
||||||
if [[ -n "$1" ]]; then
|
GATEWAY="$1"
|
||||||
GATEWAY="$1"
|
shift
|
||||||
shift
|
|
||||||
fi
|
|
||||||
;;
|
;;
|
||||||
-d)
|
-d)
|
||||||
shift
|
shift
|
||||||
@ -81,7 +93,12 @@ while :; do
|
|||||||
;;
|
;;
|
||||||
-n)
|
-n)
|
||||||
shift
|
shift
|
||||||
SHARE_INTERNET=0
|
SHARE_METHOD=none
|
||||||
|
;;
|
||||||
|
-m)
|
||||||
|
shift
|
||||||
|
SHARE_METHOD="$1"
|
||||||
|
shift
|
||||||
;;
|
;;
|
||||||
--)
|
--)
|
||||||
shift
|
shift
|
||||||
@ -95,10 +112,35 @@ if [[ $# -lt 1 ]]; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
WIFI_IFACE=$1
|
if [[ $(id -u) -ne 0 ]]; then
|
||||||
|
echo "You must run it as root."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ $# -gt 2 ]]; then
|
if [[ "$SHARE_METHOD" != "nat" && "$SHARE_METHOD" != "bridge" && "$SHARE_METHOD" != "none" ]]; then
|
||||||
if [[ $SHARE_INTERNET -eq 1 ]]; then
|
echo "ERROR: Wrong Internet sharing method"
|
||||||
|
echo
|
||||||
|
usage
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
WIFI_IFACE=$1
|
||||||
|
if [[ "$SHARE_METHOD" == "bridge" ]]; then
|
||||||
|
BRIDGE_IFACE=$(get_avail_bridge)
|
||||||
|
if [[ -z $BRIDGE_IFACE ]]; then
|
||||||
|
echo "ERROR: No availabe bridges < br100"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ "$SHARE_METHOD" != "none" ]]; then
|
||||||
|
MIN_REQUIRED_ARGS=2
|
||||||
|
else
|
||||||
|
MIN_REQUIRED_ARGS=1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ $# -gt $MIN_REQUIRED_ARGS ]]; then
|
||||||
|
if [[ "$SHARE_METHOD" != "none" ]]; then
|
||||||
if [[ $# -ne 3 && $# -ne 4 ]]; then
|
if [[ $# -ne 3 && $# -ne 4 ]]; then
|
||||||
usage
|
usage
|
||||||
exit 1
|
exit 1
|
||||||
@ -115,7 +157,7 @@ if [[ $# -gt 2 ]]; then
|
|||||||
PASSPHRASE=$3
|
PASSPHRASE=$3
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
if [[ $SHARE_INTERNET -eq 1 ]]; then
|
if [[ "$SHARE_METHOD" != "none" ]]; then
|
||||||
if [[ $# -ne 2 ]]; then
|
if [[ $# -ne 2 ]]; then
|
||||||
usage
|
usage
|
||||||
exit 1
|
exit 1
|
||||||
@ -141,11 +183,6 @@ else
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ $(id -u) -ne 0 ]]; then
|
|
||||||
echo "You must run it as root."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
CONFDIR=$(mktemp -d /tmp/create_ap.${WIFI_IFACE}.conf.XXXXXXXX)
|
CONFDIR=$(mktemp -d /tmp/create_ap.${WIFI_IFACE}.conf.XXXXXXXX)
|
||||||
echo "Config dir: $CONFDIR"
|
echo "Config dir: $CONFDIR"
|
||||||
|
|
||||||
@ -175,28 +212,42 @@ rsn_pairwise=CCMP
|
|||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# dnsmasq config (dhcp + dns)
|
if [[ "$SHARE_METHOD" == "bridge" ]]; then
|
||||||
cat << EOF > $CONFDIR/dnsmasq.conf
|
echo "bridge=${BRIDGE_IFACE}" >> $CONFDIR/hostapd.conf
|
||||||
|
else
|
||||||
|
# dnsmasq config (dhcp + dns)
|
||||||
|
cat << EOF > $CONFDIR/dnsmasq.conf
|
||||||
interface=${WIFI_IFACE}
|
interface=${WIFI_IFACE}
|
||||||
bind-interfaces
|
bind-interfaces
|
||||||
dhcp-range=${GATEWAY%.*}.1,${GATEWAY%.*}.254,255.255.255.0,24h
|
dhcp-range=${GATEWAY%.*}.1,${GATEWAY%.*}.254,255.255.255.0,24h
|
||||||
dhcp-option=option:router,${GATEWAY}
|
dhcp-option=option:router,${GATEWAY}
|
||||||
EOF
|
EOF
|
||||||
|
[[ $ETC_HOSTS -eq 0 ]] && echo no-hosts >> $CONFDIR/dnsmasq.conf
|
||||||
|
fi
|
||||||
|
|
||||||
[[ $ETC_HOSTS -eq 0 ]] && echo no-hosts >> $CONFDIR/dnsmasq.conf
|
# setup WiFi interface
|
||||||
|
|
||||||
# enable interface
|
|
||||||
ip link set down dev ${WIFI_IFACE}
|
ip link set down dev ${WIFI_IFACE}
|
||||||
ip addr flush ${WIFI_IFACE}
|
ip addr flush ${WIFI_IFACE}
|
||||||
ip link set up dev ${WIFI_IFACE}
|
if [[ "$SHARE_METHOD" != "bridge" ]]; then
|
||||||
ip addr add ${GATEWAY}/24 dev ${WIFI_IFACE}
|
ip link set up dev ${WIFI_IFACE}
|
||||||
|
ip addr add ${GATEWAY}/24 dev ${WIFI_IFACE}
|
||||||
|
fi
|
||||||
|
|
||||||
# enable NATed Internet sharing
|
# enable Internet sharing
|
||||||
if [[ $SHARE_INTERNET -eq 1 ]]; then
|
if [[ "$SHARE_METHOD" != "none" ]]; then
|
||||||
iptables -t nat -A POSTROUTING -o ${INTERNET_IFACE} -j MASQUERADE
|
echo "Sharing Internet using method: $SHARE_METHOD"
|
||||||
iptables -A FORWARD -i ${WIFI_IFACE} -j ACCEPT
|
if [[ "$SHARE_METHOD" == "nat" ]]; then
|
||||||
OLD_IP_FORWARD=$(cat /proc/sys/net/ipv4/ip_forward)
|
iptables -t nat -A POSTROUTING -o ${INTERNET_IFACE} -j MASQUERADE
|
||||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
iptables -A FORWARD -i ${WIFI_IFACE} -j ACCEPT
|
||||||
|
OLD_IP_FORWARD=$(cat /proc/sys/net/ipv4/ip_forward)
|
||||||
|
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||||
|
elif [[ "$SHARE_METHOD" == "bridge" ]]; then
|
||||||
|
brctl addbr ${BRIDGE_IFACE}
|
||||||
|
brctl addif ${BRIDGE_IFACE} ${INTERNET_IFACE}
|
||||||
|
dhclient -pf $CONFDIR/dhclient.pid ${BRIDGE_IFACE}
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "No Internet sharing"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# boost low-entropy
|
# boost low-entropy
|
||||||
@ -207,7 +258,9 @@ if [[ $(cat /proc/sys/kernel/random/entropy_avail) -lt 1000 ]]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# start dns + dhcp server
|
# start dns + dhcp server
|
||||||
dnsmasq -C $CONFDIR/dnsmasq.conf -x $CONFDIR/dnsmasq.pid
|
if [[ "$SHARE_METHOD" != "bridge" ]]; then
|
||||||
|
dnsmasq -C $CONFDIR/dnsmasq.conf -x $CONFDIR/dnsmasq.pid
|
||||||
|
fi
|
||||||
|
|
||||||
# start access point
|
# start access point
|
||||||
echo "hostapd command-line interface: hostapd_cli -p $CONFDIR/hostapd_ctrl"
|
echo "hostapd command-line interface: hostapd_cli -p $CONFDIR/hostapd_ctrl"
|
||||||
@ -223,15 +276,25 @@ hostapd $CONFDIR/hostapd.conf || {
|
|||||||
echo
|
echo
|
||||||
}
|
}
|
||||||
|
|
||||||
|
echo
|
||||||
|
echo "Doing cleanup..."
|
||||||
|
|
||||||
# exiting
|
# exiting
|
||||||
for x in $CONFDIR/*.pid; do
|
for x in $CONFDIR/*.pid; do
|
||||||
kill -9 $(cat $x)
|
# even if the $CONFDIR is empty, the for loop will assign
|
||||||
|
# a value in $x. so we need to check if the value is a file
|
||||||
|
[[ -f $x ]] && kill -9 $(cat $x)
|
||||||
done
|
done
|
||||||
rm -rf $CONFDIR
|
rm -rf $CONFDIR
|
||||||
if [[ $SHARE_INTERNET -eq 1 ]]; then
|
if [[ "$SHARE_METHOD" != "none" ]]; then
|
||||||
iptables -t nat -D POSTROUTING -o ${INTERNET_IFACE} -j MASQUERADE
|
if [[ "$SHARE_METHOD" == "nat" ]]; then
|
||||||
iptables -D FORWARD -i ${WIFI_IFACE} -j ACCEPT
|
iptables -t nat -D POSTROUTING -o ${INTERNET_IFACE} -j MASQUERADE
|
||||||
echo $OLD_IP_FORWARD > /proc/sys/net/ipv4/ip_forward
|
iptables -D FORWARD -i ${WIFI_IFACE} -j ACCEPT
|
||||||
|
echo $OLD_IP_FORWARD > /proc/sys/net/ipv4/ip_forward
|
||||||
|
elif [[ "$SHARE_METHOD" == "bridge" ]]; then
|
||||||
|
ip link set down $BRIDGE_IFACE
|
||||||
|
brctl delbr $BRIDGE_IFACE
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
ip link set down dev ${WIFI_IFACE}
|
ip link set down dev ${WIFI_IFACE}
|
||||||
ip addr flush ${WIFI_IFACE}
|
ip addr flush ${WIFI_IFACE}
|
||||||
|
Loading…
Reference in New Issue
Block a user