wif-router

  • Автор
/etc/sysctl.conf

net.ipv4.ip_forward=1


# /etc/network/interfaces

Код

auto lo
iface lo inet loopback

iface eth0 inet manual

iface default inet manual

auto wlan0

allow-hotplug wlan0
iface wlan0 inet static
address 192.168.4.253/24
gateway 192.168.4.1
broadcast 192.168.4.255
name_server 192.168.4.1
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

auto uap0

iface uap0 inet static

address 192.168.55.1/24
# netmask 255.255.255.0
network 192.168.55.0
broadcast 192.168.55.255

pre-up  iw phy phy0 interface add "$IFACE" type __ap    || true
up      ifup "$IFACE"    || true

#pre-up  iw phy phy0 interface add uap0 type __ap    || true
#up      ifup uap0    || true

pre-up iptables-restore < /etc/network/firewall.rules
# /etc/dnsmasq.conf

Код

interface=uap0
no-dhcp-interface=lo,wlan0
bind-interfaces
domain-needed
bogus-priv
dhcp-range=192.168.55.10,192.168.55.49,255.255.255.0,12h
dhcp-option=3,192.168.55.1

IPTables

Код

echo "### ** iptables Rules ** ###
### ** DEFAULT SETTING ** ###
### ** Блокировать только входящие соединения ** ###"
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
echo "iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT"
### ** iptables sshguard ** ###
echo "### ** iptables sshguard ** ###"
ip6tables -N sshguard
ip6tables -A INPUT -j sshguard
echo "ip6tables -N sshguard
ip6tables -A INPUT -j sshguard"
### ** Forwarding Tor ** ###
echo "### ** Forwarding Tor ** ###"
iptables -t nat -A PREROUTING -i
uap0
-p tcp --dport 22 -j REDIRECT --to-ports 22
iptables -t nat -A PREROUTING -i
uap0
-p udp --dport 55 -j REDIRECT --to-ports 55
iptables -t nat -A PREROUTING -i
uap0
-p tcp --syn -j REDIRECT --to-ports 9040
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERAD
echo "iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 22 -j REDIRECT --to-ports 22
iptables -t nat -A PREROUTING -i
uap0
-p udp --dport 55 -j REDIRECT --to-ports 55
iptables -t nat -A PREROUTING -i
uap0
-p tcp --syn -j REDIRECT --to-ports 9040
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERAD"
### ** Ban Ruleles ** ###
echo "### ** Ban Ruleles ** ###"
iptables -A INPUT -p tcp -m tcp --dport 5:65535 -m state --state NEW -m hashlimit --hashlimit 1/hour --hashlimit-burst 5 --hashlimit-mode srcip --hashlimit-name MPB --hashlimit-htable-expire 90000 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 5:65535 --tcp-flags SYN,RST,ACK SYN -j DROP
echo "iptables -A INPUT -p tcp -m tcp --dport 5:65535 -m state --state NEW -m hashlimit --hashlimit 1/hour --hashlimit-burst 5 --hashlimit-mode srcip --hashlimit-name MPB --hashlimit-htable-expire 90000 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 5:65535 --tcp-flags SYN,RST,ACK SYN -j DROP"
iptables -I INPUT -p tcp --port 443 --tcp-flags RST RST -j DROP
echo "iptables -I INPUT -p tcp --port 443 --tcp-flags RST RST -j DROP"
### ** Port Rules ** ###
echo "### ** Port Rules ** ###"
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT # HTTPS
iptables -A INPUT -s 127.0.0.1/32 -m state --state NEW -p tcp --dport 80 -j ACCEPT
echo "iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT # HTTPS
iptables -A INPUT -s 127.0.0.1/32 -m state --state NEW -p tcp --dport 80 -j ACCEPT"



eth0      Link encap:Ethernet  HWaddr b8:27:eb:b9:4c:b8  
          inet addr:192.168.1.36  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::a38b:bdef:c560:db9d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:810343 errors:0 dropped:1 overruns:0 frame:0
          TX packets:417383 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1182164291 (1.1 GiB)  TX bytes:34286459 (32.6 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:430 errors:0 dropped:0 overruns:0 frame:0
          TX packets:430 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:90444 (88.3 KiB)  TX bytes:90444 (88.3 KiB)

uap0      Link encap:Ethernet  HWaddr b8:27:eb:ec:19:ed  
          inet addr:192.168.55.1  Bcast:192.168.55.255  Mask:255.255.255.0
          inet6 addr: fe80::4483:2e98:f119:ede0/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

wlan0     Link encap:Ethernet  HWaddr b8:27:eb:ec:19:ed  
          inet addr:192.168.1.46  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::d018:e18f:72d5:c274/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9901 errors:0 dropped:962 overruns:0 frame:0
          TX packets:7703 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:10000070 (9.5 MiB)  TX bytes:1888042 (1.8 MiB)
  • 0

Комментарии:

Для написания комментариев необходимо зарегистрироваться