mpeven · July 21, 2017 07:34
diff --git a/setup.sh b/setup.sh
 # This version:
 # brings WiFi in from the Huawei adapter on eth1
 # pushes WiFi out from the built in adapter on wlan0
 # sets up an ip address on 192.168.5.2 to ssh into from another computer

 ##################################################
 # Update
 #
 #sudo apt-get update
 #sudo apt-get -qq upgrade

 ##################################################
 # Removed dhcpcd5 since it gets in the way
 # Install dnsmasq to provide IP addresses (via dhcp)
 # Install hostapd to be an access point
 sudo apt-get -qq remove dhcpcd5
 sudo apt-get -qq install dnsmasq hostapd isc-dhcp-server ufw dnsutils netstat-nat

 ##################################################
 # Update network interfaces
 #
 cat << EOF > /etc/network/interfaces
 source-directory /etc/network/interfaces.d

 auto lo
 iface lo inet loopback

 iface eth0 inet static
  address 10.10.0.1
  netmask 255.0.0.0
  network 10.10.0.0

 allow-hotplug eth1
 iface eth1 inet dhcp

 auto wlan0
 allow-hotplug wlan0
 iface wlan0 inet static
  address 192.168.5.1
  netmask 255.255.255.0
  network 192.168.5.0
 EOF

 ##################################################
 # Setup hostapd
 #
 cat << EOF > /etc/hostapd/hostapd.conf
 # This is the name of the WiFi interface we configured above
 interface=wlan0
 # Use the nl80211 driver with the brcmfmac driver
 driver=nl80211
 # This is the name of the network
 ssid=_wingnet_
 # Use the 2.4GHz band
 hw_mode=g
 # Use channel 11 because 6 is crowded
 channel=11
 # Enable 802.11n
 ieee80211n=1
 # Enable WMM
 wmm_enabled=1
 # Enable 40MHz channels with 20ns guard interval
 ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
 # Accept all MAC addresses
 macaddr_acl=0
 # Use WPA authentication
 auth_algs=1
 # Require clients to know the network name
 ignore_broadcast_ssid=0
 # Use WPA2
 wpa=2
 # Use a pre-shared key
 wpa_key_mgmt=WPA-PSK
 # The network passphrase
 wpa_passphrase=wingpass
 # Use AES, instead of TKIP
 rsn_pairwise=CCMP
 EOF

 # make hostapd use new conf file
 sudo sed -i 's;\#DAEMON_CONF="";DAEMON_CONF="/etc/hostapd/hostapd.conf";' /etc/default/hostapd

 ##################################################
 # Setup dhcpd.conf
 #
 sudo mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.default
 cat << EOF > /etc/dhcp/dhcpd.conf
 default-lease-time 600;
 max-lease-time 7200;
 option subnet-mask 255.255.255.0;
 option broadcast-address 192.168.5.255;
 option routers 192.168.5.1;
 option domain-name-servers 192.168.5.1;
 option domain-name "localdomain";
 subnet 192.168.5.0 netmask 255.255.255.0 {
 range 192.168.5.10 192.168.5.100;
 }
 EOF

 ##################################################
 # setup isc-dhcp-server INTERFACE
 #
 sudo sed -i 's;\INTERFACES="";INTERFACES="wlan0 eth0";' /etc/default/isc-dhcp-server

 ##################################################
 # Setup dnsmasq.conf
 #
 sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
 cat << EOF > /etc/dnsmasq.conf
 listen-address=127.0.0.1,192.168.5.1
 port=53
 bind-interfaces      # Bind to wifi interface
 server=8.8.8.8       # Forward DNS requests to Google DNS
 no-poll
 bogus-priv           # Never forward addresses in the non-routed address spaces.
 neg-ttl=3600
 cache-size=1000
 dns-forward-max=150
 domain-needed        # Don't forward short names
 EOF

 ##################################################
 # Setup dhclient.conf
 #
 # This prevents the INTERNET connection to change our local DNS server
 sed -i 's/domain-name, domain-name-servers, domain-search, host-name,/host-name,/' /etc/dhcp/dhclient.conf

 ##################################################
 # UFW
 #
 sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
 sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"

 sed -i 's/IPV6=yes/IPV6=no/' /etc/default/ufw
 sed -i 's/DEFAULT_INPUT_POLICY="DROP"/DEFAULT_INPUT_POLICY="ACCEPT"/' /etc/default/ufw
 sed -i 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/' /etc/default/ufw
 sed -i 's/ENABLED=no/ENABLED=yes/' /etc/ufw/ufw.conf
 sed -i 's;\#net/ipv4/ip_forward=1;net/ipv4/ip_forward=1;' /etc/ufw/sysctl.conf

 cat >> /etc/ufw/before.rules << EOF
 # NAT table rules
 *nat
 :POSTROUTING ACCEPT [0:0]

 # Forward traffic through eth1 - Change to match you out-interface
 -A POSTROUTING -s 192.168.5.0/24 -o eth1 -j MASQUERADE

 # don't delete the 'COMMIT' line or these nat table rules won't
 # be processed
 COMMIT
 EOF

 ##################################################
 # Start it up!

 sudo rm /etc/rc.local
 sudo touch /etc/rc.local
 sudo chmod +x /etc/rc.local

 cat << EOF > /etc/rc.local
 #!/bin/sh -e
 #
 # rc.local
 sudo /etc/init.d/isc-dhcp-server stop
 sudo /etc/init.d/hostapd stop
 sudo /etc/init.d/dnsmasq stop
 sudo ifdown eth0
 sudo ifdown wlan0
 sudo ifup eth0
 sudo ifup wlan0
 sudo /etc/init.d/isc-dhcp-server start
 sudo /etc/init.d/hostapd start
 sudo /etc/init.d/dnsmasq start
 exit 0
 EOF

 ##################################################
 # Reboot
 echo "press any key to reboot"
 read reboot_key
 sudo shutdown -r now

 # Credit to:
 # https://github.com/mbanders/raspberry_access_point
	# This version:
	# brings WiFi in from the Huawei adapter on eth1
	# pushes WiFi out from the built in adapter on wlan0
	# sets up an ip address on 192.168.5.2 to ssh into from another computer

	##################################################
	# Update
	#
	#sudo apt-get update
	#sudo apt-get -qq upgrade

	##################################################
	# Removed dhcpcd5 since it gets in the way
	# Install dnsmasq to provide IP addresses (via dhcp)
	# Install hostapd to be an access point
	sudo apt-get -qq remove dhcpcd5
	sudo apt-get -qq install dnsmasq hostapd isc-dhcp-server ufw dnsutils netstat-nat

	##################################################
	# Update network interfaces
	#
	cat << EOF > /etc/network/interfaces
	source-directory /etc/network/interfaces.d

	auto lo
	iface lo inet loopback

	iface eth0 inet static
	address 10.10.0.1
	netmask 255.0.0.0
	network 10.10.0.0

	allow-hotplug eth1
	iface eth1 inet dhcp

	auto wlan0
	allow-hotplug wlan0
	iface wlan0 inet static
	address 192.168.5.1
	netmask 255.255.255.0
	network 192.168.5.0
	EOF

	##################################################
	# Setup hostapd
	#
	cat << EOF > /etc/hostapd/hostapd.conf
	# This is the name of the WiFi interface we configured above
	interface=wlan0
	# Use the nl80211 driver with the brcmfmac driver
	driver=nl80211
	# This is the name of the network
	ssid=_wingnet_
	# Use the 2.4GHz band
	hw_mode=g
	# Use channel 11 because 6 is crowded
	channel=11
	# Enable 802.11n
	ieee80211n=1
	# Enable WMM
	wmm_enabled=1
	# Enable 40MHz channels with 20ns guard interval
	ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
	# Accept all MAC addresses
	macaddr_acl=0
	# Use WPA authentication
	auth_algs=1
	# Require clients to know the network name
	ignore_broadcast_ssid=0
	# Use WPA2
	wpa=2
	# Use a pre-shared key
	wpa_key_mgmt=WPA-PSK
	# The network passphrase
	wpa_passphrase=wingpass
	# Use AES, instead of TKIP
	rsn_pairwise=CCMP
	EOF

	# make hostapd use new conf file
	sudo sed -i 's;\#DAEMON_CONF="";DAEMON_CONF="/etc/hostapd/hostapd.conf";' /etc/default/hostapd

	##################################################
	# Setup dhcpd.conf
	#
	sudo mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.default
	cat << EOF > /etc/dhcp/dhcpd.conf
	default-lease-time 600;
	max-lease-time 7200;
	option subnet-mask 255.255.255.0;
	option broadcast-address 192.168.5.255;
	option routers 192.168.5.1;
	option domain-name-servers 192.168.5.1;
	option domain-name "localdomain";
	subnet 192.168.5.0 netmask 255.255.255.0 {
	range 192.168.5.10 192.168.5.100;
	}
	EOF

	##################################################
	# setup isc-dhcp-server INTERFACE
	#
	sudo sed -i 's;\INTERFACES="";INTERFACES="wlan0 eth0";' /etc/default/isc-dhcp-server

	##################################################
	# Setup dnsmasq.conf
	#
	sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
	cat << EOF > /etc/dnsmasq.conf
	listen-address=127.0.0.1,192.168.5.1
	port=53
	bind-interfaces # Bind to wifi interface
	server=8.8.8.8 # Forward DNS requests to Google DNS
	no-poll
	bogus-priv # Never forward addresses in the non-routed address spaces.
	neg-ttl=3600
	cache-size=1000
	dns-forward-max=150
	domain-needed # Don't forward short names
	EOF

	##################################################
	# Setup dhclient.conf
	#
	# This prevents the INTERNET connection to change our local DNS server
	sed -i 's/domain-name, domain-name-servers, domain-search, host-name,/host-name,/' /etc/dhcp/dhclient.conf

	##################################################
	# UFW
	#
	sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
	sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"

	sed -i 's/IPV6=yes/IPV6=no/' /etc/default/ufw
	sed -i 's/DEFAULT_INPUT_POLICY="DROP"/DEFAULT_INPUT_POLICY="ACCEPT"/' /etc/default/ufw
	sed -i 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/' /etc/default/ufw
	sed -i 's/ENABLED=no/ENABLED=yes/' /etc/ufw/ufw.conf
	sed -i 's;\#net/ipv4/ip_forward=1;net/ipv4/ip_forward=1;' /etc/ufw/sysctl.conf

	cat >> /etc/ufw/before.rules << EOF
	# NAT table rules
	*nat
	:POSTROUTING ACCEPT [0:0]

	# Forward traffic through eth1 - Change to match you out-interface
	-A POSTROUTING -s 192.168.5.0/24 -o eth1 -j MASQUERADE

	# don't delete the 'COMMIT' line or these nat table rules won't
	# be processed
	COMMIT
	EOF

	##################################################
	# Start it up!

	sudo rm /etc/rc.local
	sudo touch /etc/rc.local
	sudo chmod +x /etc/rc.local

	cat << EOF > /etc/rc.local
	#!/bin/sh -e
	#
	# rc.local
	sudo /etc/init.d/isc-dhcp-server stop
	sudo /etc/init.d/hostapd stop
	sudo /etc/init.d/dnsmasq stop
	sudo ifdown eth0
	sudo ifdown wlan0
	sudo ifup eth0
	sudo ifup wlan0
	sudo /etc/init.d/isc-dhcp-server start
	sudo /etc/init.d/hostapd start
	sudo /etc/init.d/dnsmasq start
	exit 0
	EOF

	##################################################
	# Reboot
	echo "press any key to reboot"
	read reboot_key
	sudo shutdown -r now

	# Credit to:
	# https://github.com/mbanders/raspberry_access_point