Mapbox-Studio-Proxy-Setup

Mapbox-Studio-Proxy-Setup.md

raspberry pi connected to internet via ethernet, client with Mapbox Studio connect to raspberry pi via wifi

• get raspberry pi 2
• setup ubuntu
• get usb wifi dongle that supports master (AP) mode, e.g. with RT5370 chip. Search on Amazon

This is based on WiFi AP (RT5370) on Raspberry Pi

don't forget to adjust to your adapters: eth0 and wlan1 used here

hotspot/access point

• sudo su -, opens root console, that redirect > works
• lsusb, should show 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter
• apt-get install hostapd dnsmasq
• nano /etc/network/interfaces

allow-hotplug wlan1
iface wlan1 inet static
  address 10.10.10.1
  netmask 255.255.255.0

#wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet manual

• nano /etc/hostapd/hostapd.conf

interface=wlan1
driver=nl80211
ssid=MAPBOX-STUDIO-PROXY
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=MY_SUPER_SECRET_PASSWORD
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

• nano /etc/default/hostapd

DAEMON_CONF="/etc/hostapd/hostapd.conf"

• /etc/init.d/hostapd restart
• update-rc.d hostapd enable
• nano /etc/dnsmasq.conf

interface=wlan1 
except-interface=eth0
dhcp-range=10.10.10.2,10.10.10.150,255.255.255.0,12h

• /etc/init.d/dnsmasq restart

• update-rc.d dnsmasq enable

• nano /etc/sysctl.conf

  • uncomment net.ipv4.ip_forward=1

• sysctl -p

• iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

• iptables -A FORWARD -i eth0 -o wlan1 -m state --state RELATED,ESTABLISHED -j ACCEPT

• iptables -A FORWARD -i eth0 -o wlan1 -p tcp --dport 3128 -m state --state RELATED,ESTABLISHED -j ACCEPT

• iptables -A FORWARD -i wlan1 -o eth0 -j ACCEPT

• iptables -A FORWARD -i wlan1 -o eth0 -p tcp --dport 3128 -j ACCEPT

• iptables -A INPUT -s 10.10.10.0/24 -p tcp --dport 3128 -j ACCEPT

• iptables -A INPUT -p tcp --dport 3128 -j DROP

• iptables -A OUTPUT -d 10.10.10.0/24 -p tcp --sport 3128 -j ACCEPT

• iptables -A OUTPUT -p tcp --sport 3128 -j DROP

• iptables-save > /etc/iptables.nat

• echo '#!/bin/bash' > /etc/network/if-up.d/forwarding && echo 'iptables-restore < /etc/iptables.nat' >> /etc/network/if-up.d/forwarding && chmod +x /etc/network/if-up.d/forwarding

• shutdown -r now

The author of WiFi AP (RT5370) on Raspberry Pi states that it doesn't work after a reboot. He solved it with:

• nano /etc/default/ifplugd

INTERFACES="eth0"
HOTPLUG_INTERFACES="eth0"
ARGS="-q -f -u0 -d10 -w -I"
SUSPEND_ACTION="stop"

Didn't work for me.

However, reissuing iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE after reboot works for me.

Clear all iptables rules:

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t raw -F
iptables -t raw -X

proxy

Help Ubuntu: Squid - Proxy Server

Minimal squid3 proxy configuration

• apt-get install apache2-utils
• apt-get install squid3
• sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original
• sudo chmod a-w /etc/squid3/squid.conf.original
• nano /etc/squid3/squid.conf

# Uncomment following lines to activate authentication
#auth_param digest program /usr/lib/squid3/digest_file_auth -c /etc/squid3/passwords
#auth_param digest realm proxy
#acl authenticated proxy_auth REQUIRED
#http_access allow authenticated
# Comment following line when using authentication
http_access allow all
http_port 3128

• service squid3 restart
• htdigest -c /etc/squid3/passwords proxy FIRSTUSER
• htdigest /etc/squid3/passwords proxy SECONDUSER

Check if it is working: tail -f /var/log/squid3/access.log

Findings:

• all URIs must be absolute:
  • https://github.com/SalesforceEng/global-tunnel#absolute-uri-proxies
  • RFC 2068 The absoluteURI form is required when the request is being made to a proxy.