The experience of creating a home Wi-Fi router. Part 2. Software installation and configuration

  • Tutorial


Hello again!

In the first part of the article, I talked about the "iron" component of the future router. Since even the most wonderful hardware will not work without software, of course, it was therefore necessary to equip the device with the appropriate software “stuffing”.

When I started this whole movement, I assumed that it would not be easy. But I didn’t think so. In one of the comments to the previous part of the article, I vowed to tell about the following “on the weekend”. Reasonably silent to which ones. :-) Here I still managed to take a peep at the wrong time, but still I keep my promise.

So ...


I recall the package bundle:

  • Motherboard Intel D2500CC with a complete 64-bit dual-core processor Intel Atom D2500, two Gigabit network interfaces
  • RAM SO-DIMM DDR-3 1066 4Gb Corsair
  • Crucial M500 120 GB SSD
  • network card 1000 Mbit D-Link DGE-528T
  • mini-PCI-E Wi-Fi card Intel 7260.HMWWB 802.11 a / b / g / n / ac + Bluetooth 4.0
  • the whole farm is packaged in a Morex T-3460 60W enclosure

First of all, I determined for myself the range of tasks that the router will perform, so that in the future it will be easier for me to administer it.

I’ll clarify once again that these your Internet access come to me via a 100 Mbit channel (the tariff, of course, gives a slightly lower speed, but not the point). It turned out, in fact, this:

  • Internet access from all devices available at home + n devices that appear occasionally or even once
  • Home lokalka
  • Accordingly, the routing of traffic from / to the Internet / local area network
  • File storage (FTP or Samba access)
  • Torrent download
  • ed2k-network (because it is very cool developed by the provider)
  • web server

In perspective:

  • domain
  • CCTV
  • elements of "smart home"
  • hell in a mortar a lot of interesting things

In this situation, it was natural to choose from * nix-based systems. I had to spend some time studying the materiel, scouring the net. In the end, I went the next way ...


1. FreeBSD 10.1-RELEASE


I really wanted to realize everything on a freak. Its advantages in managing network devices, servers / gateways / routers are obvious, undeniable and repeatedly praised by the guru.
Since I had no close dealings with the frach, I had to cool the FreeBSD Handbook , accompanying the reading process with the parallel installation process on the device of the latest stable release 10.1.
Small digression
By the way, I installed the frayha (and all the systems described below) with the help of the wonderful Zalman ZM-VE300 device with a terabyte HDD inside; This device has an optical drive emulator on board, which allows you to upload images to the _iso folder on your hard drive , after installing the BIOS from the Zalman Virtual CD, loading and installing from these images, it’s the same as if they were recorded on the disc and inserted into the physical drive.

Everything was wonderful, the system got up, but an unpleasant surprise awaited me, which, frankly, I knew, but decided to test it in practice: FreeBSD refused to see the Wi-Fi card. Rather, she saw her, but only the vendor’s address and name, and what this is and what they eat her with, the freecha did not want to understand (the device driver was listed as none1 ). In addition, further reading of the manual revealed that only Wi-Fi cards based on the Prism chipset work in the access point mode in FreeBSD. Sadness ... Yes, I also found information that my card at the moment does not have a driver for the fray. Even ported.

10. Debian 7.7.0



I was not upset for long: the frayka did not take place - I'll take the good old Debian. I installed a base system with no net environment from a netinstall image. For a long time I tried to understand what was wrong. The stable release of Debian at the moment is 7.7.0, has a kernel version 3.2. In this core, again, there is no support for my long-suffering Wi-Fi network card. I climbed onto the ENT to find an answer, in the end I got disappointing conclusions: you need to put the kernel fresher (in the case of Debian - it’s also hemorrhoids), dancing with a tambourine core, according to the guru, don’t try the Debian-way (they said so plainly: if you want to recompile the kernels - choose another distribution).

11. Ubuntu Server 14.04 LTS



Having spat on attempts to spend a cool time red-eyed , I took a distribution familiar and respected by me. For more than a year now he (though version 12.04 LTS ) has been spinning on my server distributing buns on the provider's network.

Of the advantages: stability, ease of installation, configuration and administration, a lot of documentation.
Of the minuses: the need to modify the file, because the "sparks" are thick and somewhat clumsy.

Installation

In fact, it is nothing complicated and is similar to that in Debian. It is produced in the dialog mode text-mode . Describe in detail I do not see the point, because all this has already been chewed dozens of times and wallowed on a variety of resources (from official websites in different languages ​​to small-town forums).

An important point is the correct layout and preparation of the SSD . Everyone knows that solid-state drives are built on flash-memory technology and have a limited recording resource. In fairness, I note that on the expanses of the World Wide Web they say about the sufficient reliability of modern solid-state shakers (comparable to classic hard drives). Nevertheless, it would be foolish to spit on elementary recommendations regarding the operation of SSDs.

Before starting any manipulations with the drive, it is recommended to update the firmware, but mine turned out to be the most recent, so I skipped this step.

The first necessary manipulation when marking a drive is to align disk partitions . In short, each section should begin with a sector of multiple 8. The first section is recommended to start from sector 2048 (this is due to the location of the MBR or GPT at the beginning , and a 1 MB indent is taken with a margin.

When marking up, I created 3 sections:

  • boot - ext2
  • root - ext4
  • home - ext4

$ sudo fdisk -l
Диск /dev/sda: 120.0 Гб, 120034123776 байт
255 головок, 63 секторов/треков, 14593 цилиндров, всего 234441648 секторов
Units = секторы of 1 * 512 = 512 bytes
Размер сектора (логического/физического): 512 байт / 4096 байт
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Идентификатор диска: 0x000ea779
Устр-во Загр     Начало       Конец       Блоки   Id  Система
/dev/sda1   *        2048     1050623      524288   83  Linux
/dev/sda2         1050624    42993663    20971520   83  Linux
/dev/sda3        42993664   234440703    95723520   83  Linux

As you can see, all sections begin with sectors that are multiples of 8. Thus, access will be made using the correct sector, which will help save the delicate resource of the drive.

Next, in the options for mounting partitions in / etc / fstab , you should add discard - to enable TRIM and noatime - to disable writing to the metadata of the time the file was last accessed.

Another retreat
With noatime, things are not so simple. For example, in desktop systems, browsers track the “freshness” of their cache precisely by the time they were last accessed, so enabling this option does not entail a decrease in write to disk, but rather an increase, because the browser sees that its cache is “rotten” and starts pull up a new one. In this case, it is recommended to use the relatime option - the access time attribute (atime) is updated, but only if the file data (attribute mtime) or its status (attribute ctime) has changed. For the server system, this is perhaps not so critical, but still I turned on noatime for boot, and for root and home - relatime .

All other tips googled on the open spaces of the network, such as increasing the time between flushing buffers to disk (option commit = [time, sec.] ), Disabling the “barrier” (option barrier = 0 ), and so on, did not inspire me with confidence in terms of acquired utility to the detriment of data security and security.
In addition, I did not begin to allocate a separate section for swap, deciding that I should have enough RAM for the tasks. If, nevertheless, there is a need for swapping, nothing prevents you from making swap as a file and mounting it as a partition.

A strong-willed decision was also made to transfer temporary files (/ tmp) to tmpfs.

During installation, general parameters are set, such as: locale, time / geo-location parameters, system name, and a new user and password are created for it. The following is a selection of the software to be installed, in which I marked the following for installation:

  • Openssh server
  • DNS server
  • LAMP server
  • Print server
  • Samba file server

After loading into a freshly installed system, one extremely unpleasant feature appeared (by the way, in Debian it was the same): after the drivers were initialized, the video was cut out, the monitor went into standby mode, and the system became unclear, or there was simply something wrong with the output. It turned out that there was access via ssh, and we could stop there, but there could always be a situation when you need to get physical access to the router (for example, the playful little hands of the administrator fiddled with the network settings, and access through the console categorically disappeared%)). After surfing through the forums, I came across a solution (it turns out that the bug is known and appears on this motherboard):
add to /etc/modprobe.d/blacklist.conf:
blacklist gma500_gfx

run
sudo update-initramfs -u
sudo reboot

Proof
In the case of Debian - /etc/modprobe.d/fbdev-blacklist.conf .
After the reboot, everything worked.

Network configuration

During the installation of the system, I chose the D-Link card as the network interface that will be used for installation. She was able to connect a patch cord to one of the LANs of my old router (this was done in order to have access via SSH before setting up network interfaces, and since a DHCP server was also running on Asus, there were no problems connecting), test with such a connection Internet access is no problem.
Another glitch also appeared in the fresh system:
no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory

The problem is with the libpam-smbpass authorization library , you can simply tear it down, or you can do it more elegantly:

$ sudo pam-auth-update 

uncheck SMB password synchronization , which disables the password synchronization of system users and Samba users.
Install all available updates:

$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get dist-upgrade

And we proceed to configure network interfaces. The router has 4 physical interfaces and loopback:
Terminal output
$ ifconfig -a
em0       Link encap:Ethernet  HWaddr 00:22:4d:ad:69:f0  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:17 Память:d0220000-d0240000 
eth0      Link encap:Ethernet  HWaddr d8:fe:e3:a7:d5:26  
          inet addr:192.168.1.10  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::dafe:e3ff:fea7:d526/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:741 errors:0 dropped:0 overruns:0 frame:0
          TX packets:477 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:482523 (482.5 KB)  TX bytes:45268 (45.2 KB)
eth1      Link encap:Ethernet  HWaddr 00:22:4d:ad:69:ec  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:16 Память:d0320000-d0340000 
lo        Link encap:Локальная петля (Loopback)  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:28 errors:0 dropped:0 overruns:0 frame:0
          TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1784 (1.7 KB)  TX bytes:1784 (1.7 KB)
wlan0     Link encap:Ethernet  HWaddr 80:19:34:1e:fe:83  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)


  • eth0 - "looks" on the Internet, receives settings via DHCP
  • eth1 and em0 - integrated network adapters in the motherboard
  • wlan0 - as you might guess, the Wi-Fi wireless interface

Install hostapd and set the wireless interface to Master mode :
$ sudo iwconfig wlan0 mode Master

To my great regret, this method did not work, and the command fell out with an error, so I resorted to an alternative method:
$ sudo apt-get install iw
$ sudo iw dev wlan0 del
$ sudo iw phy phy0 interface add wlan0 type __ap

Then:
$ iwconfig 
wlan0     IEEE 802.11abgn  Mode:Master  Tx-Power=0 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Power Management:on

Now you need to configure all network interfaces to make it more convenient to work with them. I decided to combine the built-in network cards and Wi-Fi into a bridge in order to manage this economy as a whole when distributing IP addresses via DHCP, routing, etc. We bring to the following form / etc / network / interfaces :
/ etc / network / interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet dhcp
auto wlan0 br0
# The wireless interface
iface wlan0 inet manual
pre-up iw dev wlan0 del
pre-up iw phy phy0 interface add wlan0 type __ap
# The bridge
iface br0 inet static
address 192.168.0.1
network 192.168.0.0
netmask 255.255.255.0
broadcast 192.168.0.255
bridge_ports em0 eth1 wlan0


Reboot. Now we see:
Terminal output
$ ifconfig -a
br0       Link encap:Ethernet  HWaddr 00:22:4d:ad:69:ec  
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
em0       Link encap:Ethernet  HWaddr 00:22:4d:ad:69:f0  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:17 Память:d0220000-d0240000 
eth0      Link encap:Ethernet  HWaddr d8:fe:e3:a7:d5:26  
          inet addr:192.168.1.10  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::dafe:e3ff:fea7:d526/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1329 errors:0 dropped:0 overruns:0 frame:0
          TX packets:819 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:531178 (531.1 KB)  TX bytes:125004 (125.0 KB)
eth1      Link encap:Ethernet  HWaddr 00:22:4d:ad:69:ec  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:16 Память:d0320000-d0340000 
lo        Link encap:Локальная петля (Loopback)  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:28 errors:0 dropped:0 overruns:0 frame:0
          TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1784 (1.7 KB)  TX bytes:1784 (1.7 KB)
wlan0     Link encap:Ethernet  HWaddr 80:19:34:1e:fe:83  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)


All interfaces were initialized.
You can start configuring hostapd . While we were discussing here, the version became 2.1.
I got the following config /etc/hostapd/hostapd.conf :
hostapd.conf
interface=wlan0
bridge=br0
driver=nl80211
logger_syslog=-1
logger_syslog_level=4
logger_stdout=-1
logger_stdout_level=4
ssid=TEST
hw_mode=g
ieee80211n=1
ht_capab=[HT40-][SHORT-GI-40]
channel=11
macaddr_acl=0
deny_mac_file=/etc/hostapd/hostapd.deny
auth_algs=3
ignore_broadcast_ssid=1
ap_max_inactivity=300
wpa=2
wpa_passphrase=my_wpa_passphrase
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP


We enable hostapd to start automatically when the system boots, for this, uncomment and edit the lines in / etc / default / hostapd :
DAEMON_CONF="/etc/hostapd/hostapd.conf"
DAEMON_OPTS="-B"
RUN_DAEMON="yes"

Further, without further ado, I set up sharing. I took the script for configuring iptables and ip forwarding from here , brought it into line with my realities and set up autorun. As a result, iptables are filled with the necessary content at system startup.
It is logical that you also need to configure the DHCP server. Having decided to simplify the task to a minimum, I installed dnsmasq and demolished the existing and conflicting bind9 . The config is simple:
/etc/dnsmasq.conf
# Configuration file for dnsmasq.
#
# Format is one option per line, legal options are the same
# as the long options legal on the command line. See
# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
# Never forward plain names (without a dot or domain part)
domain-needed
# Never forward addresses in the non-routed address spaces.
bogus-priv
# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
interface=br0
# This is an example of a DHCP range where the netmask is given. This
# is needed for networks we reach the dnsmasq DHCP server via a relay
# agent. If you don't know what a DHCP relay agent is, you probably
# don't need to worry about this.
dhcp-range=192.168.0.2,192.168.0.254,255.255.255.0,12h
# Give a host with Ethernet address 11:22:33:44:55:66 or
# 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume
# that these two Ethernet interfaces will never be in use at the same
# time, and give the IP address to the second, even if it is already
# in use by the first. Useful for laptops with wired and wireless
# addresses.
#dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60
dhcp-host=00:11:22:33:44:55,66:77:88:99:aa:bb,MyDevice1,192.168.0.2
dhcp-host=cc:dd:ee:ff:ee:dd,cc:bb:aa:99:88:77,MyDevice2,192.168.0.3


In fact, the config still has a bunch of commented out options that allow for very fine tuning , but such a set is enough for correct operation. Basically, from now on, the device already works as a home router.
After finishing the main setup, I installed and configured transmission-daemon , aMuled and vsftpd . As a matter of fact, the configuration of these services is rather trivial, I will not dwell on it in detail. Naturally, access to these resources is available only from the local network, if you want to access from the outside, you will need to open the corresponding ports in iptables .
The web server is a bunch of Apache 2.4.7+ MySQL Ver 14.14 Distrib 5.5.40 . I haven’t figured out what I’ll fill it with: roll up the finished engine and indulge in the design, or just practice html and php . In any case, this has an applied value for me. Perhaps in the future it will be possible to configure the web interface for monitoring and managing the router.
After all the manipulations, it remains to configure the logging: if possible, bring the settings of all processes leading the logs, display only critical notifications and warnings in them. The idea is to reduce the number of write operations, and, consequently, the negative impact on the SSD.
In addition, it is highly recommended that you enable cron startup.once a day fstrim (for each section separately). They say it will not be worse for sure.

Ffuh ... I got a somewhat messy description of my ordeals with a device assembled by myself, but the satisfaction that everything works is simply indescribable.

In the commentary to the previous part of the article, the esteemed dmitrmax was interested in the level of energy consumption of the assembly. Well, here are some sample data that I managed to draw from open sources:
  • processor the Intel: Atom D2500 - 10 W
  • Crucial M500 SSD - 3.6 W

There was no immediate data on the other components, but almost everywhere in the characteristics of the network card and Wi-Fi module they write “low power consumption”. If you roughly put everything on everything about 10 watts (other hardware, integrated network cards, etc), then the total is about 25 watts - not so much, I think ...

It seems to have forgotten nothing, mentioned all the key points. For details, please comment. Thanks for attention! (-;

UPD: Mr. Revertis rightly remarked, and I agree with him that initially when installing the system it was not necessary to mark the DNS server in order to demolish it later (talking about bind9 ), but in the article I described the paththat he did - with all his mistakes and nooks. And yes, I agree that nginx is better than Apache , moreover, I will even replace it. Thanks for the advice.

Also popular now: