Raspberry Pi - 無線基地台路由模式 hostapd + dnsmasq

1. 網路架構圖

          ---------------------------------------------
         |        wlan0          |         eth0        |
       LAN PC               Raspberry Pi             Modem
  IP: 192.168.1.100    WAN eth0:  192.168.0.100   IP: 192.168.0.1
  GW: 192.168.1.1      LAN wlan0: 192.168.1.1         

2. 準備一張Edimax EW-7811Un無線網卡wlan0，當作Raspberry Pi的LAN
內建的Ethernet網卡eth0，當作Raspberry Pi的WAN
http://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/tw/wireless_adapters_n150/ew-7811un/

3. Raspberry Pi啟動後，確認系統是否有正確抓到無線網卡

$ lsusb
Bus 001 Device 005: ID 3538:0901 Power Quotient International Co., Ltd
Bus 001 Device 004: ID 7392:7811 Edimax Technology Co., Ltd EW-7811Un 802.11n Wireless Adapter [Realtek RTL8188CUS]
Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp. SMSC9512/9514 Fast Ethernet Adapter
Bus 001 Device 002: ID 0424:9514 Standard Microsystems Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

4. 安裝hostapd套件，讓無線網卡模擬成Soft AP

$ sudo apt-get install hostapd

由於內建的hostapd不支援此張網卡，需要先移除hostpad程式，但保留相關的設定檔

$ sudo apt-get remove hostapd

5. Edimax EW-7811Un的驅動程式，需要從Realtek官網下載，請選擇RTL8188CUS的Linux版本
首頁 > 下載中心 > 通訊網路 ICs > Wireless LAN ICs > WLAN NIC > IEEE 802.11b/g/n Single-Chip > Software > RTL8188CUS Linux
http://www.realtek.com/downloads/downloadsView.aspx?Langid=2&PNid=21&PFid=48&Level=5&Conn=4&DownTypeID=3&GetDown=false&Downloads=true#2742

透過wget命令，下載原廠無線網卡驅動程式到Raspberry Pi

$ wget http://12244.wpc.azureedge.net/8012244/drivers/rtdrivers/cn/wlan/0001-RTL8188C_8192C_USB_linux_v4.0.2_9000.20130911.zip

6. 安裝hostapd程式

$ unzip 0001-RTL8188C_8192C_USB_linux_v4.0.2_9000.20130911.zip

$ cd RTL8188C_8192C_USB_linux_v4.0.2_9000.20130911/wpa_supplicant_hostapd/

$ tar -zxvf wpa_supplicant_hostapd-0.8_rtw_r7475.20130812.tar.gz

$ cd wpa_supplicant_hostapd-0.8_rtw_r7475.20130812/hostapd

$ make clean && make && sudo make install

將hostapd相關檔案複製到/usr/bin

$ sudo cp /usr/local/bin/hostapd* /usr/sbin

7. 安裝wireless工具

$ cd ../../../wireless_tools

$ tar -zxvf wireless_tools.30.rtl.tar.gz

$ cd wireless_tools.30.rtl

$ make clean && make && sudo make install

8. 建立hostapd設定檔

driver: 無線網卡的驅動程式
ssid: 基地台名稱。
channel: 無線通訊的頻道，從1到11
wpa: 無線網路加密協定，1是WPA，2是WPA2
wpa_passphrase: 無線基地台的密碼。

$ sudo vi /etc/hostapd/hostapd.conf

interface=wlan0
driver=rtl871xdrv
bridge=br0
ssid=pi
channel=6
hw_mode=g
ieee80211n=1
wmm_enabled=1
wpa=2
wpa_passphrase=raspberry
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
auth_algs=1
macaddr_acl=0

測試hosapd設定檔

$ sudo hostapd -dd /etc/hostapd/hostapd.conf

如沒有出現錯誤，按Ctrl+C停止hostapd，編輯hostapd服務設定檔

$ sudo vi /etc/default/hostapd

# Defaults for hostapd initscript
#
# See /usr/share/doc/hostapd/README.Debian for information about alternative
# methods of managing hostapd.
#
# Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration
# file and hostapd will be started during system boot. An example configuration
# file can be found at /usr/share/doc/hostapd/examples/hostapd.conf.gz
#
#DAEMON_CONF=""
DAEMON_CONF="/etc/hostapd/hostapd.conf"

# Additional daemon options to be appended to hostapd command:-
#       -d   show more debug messages (-dd for even more)
#       -K   include key data in debug messages
#       -t   include timestamps in some debug messages
#
# Note that -B (daemon mode) and -P (pidfile) options are automatically
# configured by the init.d script and must not be added to DAEMON_OPTS.
#
#DAEMON_OPTS=""

啟動hostapd服務

$ sudo service hostapd restart

開機時自動啟動hostapd服務

$ sudo update-rc.d hostapd defaults

9. 修改無線網路卡的設定值，設定一個指定的靜態 IP 位址

$ sudo vi /etc/network/interfaces

# interfaces(5) file used by ifup(8) and ifdown(8)

# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

auto lo
iface lo inet loopback

iface eth0 inet manual

allow-hotplug wlan0
iface wlan0 inet static
address 192.168.1.1
netmask 255.255.255.0

10. 路由模式需要在Raspberry Pi架設dnsmasq

$ sudo apt-get -y install dnsmasq

修改dnsmasq設定檔

$ sudo vi /etc/dnsmasq.conf

# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
#interface=
interface=wlan0


# Uncomment this to enable the integrated DHCP server, you need
# to supply the range of addresses available for lease and optionally
# a lease time. If you have more than one network, you will need to
# repeat this for each network on which you want to supply DHCP
# service.
#dhcp-range=192.168.0.50,192.168.0.150,12h
dhcp-range=192.168.1.100,192.168.1.254,12h

如果想要開機時使用dnsmasq設定，需要修改設定

$ sudo vi /etc/default/dnsmasq

#DOMAIN_SUFFIX=`dnsdomainname`
DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.conf"


# By default search this drop directory for configuration options.
# Libvirt leaves a file here to make the system dnsmasq play nice.
# Comment out this line if you don't want this. The dpkg-* are file
# endings which cause dnsmasq to skip that file. This avoids pulling
# in backups made by dpkg.
#CONFIG_DIR=/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new

啟動dnsmasq服務

$ sudo service dnsmasq restart

開機時自動啟動dnsmasq服務

$ sudo update-rc.d dnsmasq defaults

11. 啟動IP Forwarding的功能，將net.ipv4.ip_forward=1拿掉註解

$ sudo vi /etc/sysctl.conf

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

12. 啟用iptables NAT功能

$ sudo iptables -F
$ sudo iptables -F -t nat
$ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
$ sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
$ sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

儲存目前iptables設定值

$ sudo bash -c 'iptables-save > /etc/network/iptables'
$ sudo iptables-restore < /etc/network/iptables

設定開機時，讓iptables的規則自動被載入

$ sudo vi /etc/rc.local

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

# Print the IP address
_IP=$(hostname -I) || true
if [ "$_IP" ]; then
  printf "My IP address is %s\n" "$_IP"
fi

sudo iptables-restore < /etc/network/iptables

exit 0

13. 重新啟動

$ sudo reboot

14. 參考來源
RPI-Wireless-Hotspot
Raspberry Pi 的應用 - Wi-Fi 無線基地台
Raspberry Pi 的實作 - 自動配置 IP 位址資訊的 DHCP Server
敗家學習之旅之樹莓派(Raspberry Pi) Realtek WIFI AP 架設成功心得分享