Skip to content

Instantly share code, notes, and snippets.

@wilhelmberg
Last active May 1, 2019 20:23
Show Gist options
  • Save wilhelmberg/d0874fd9d1b55d8af6e0 to your computer and use it in GitHub Desktop.
Save wilhelmberg/d0874fd9d1b55d8af6e0 to your computer and use it in GitHub Desktop.
Mapbox-Studio-Proxy-Setup

raspberry pi connected to internet via ethernet, client with Mapbox Studio connect to raspberry pi via wifi

  • get raspberry pi 2
  • setup ubuntu
  • get usb wifi dongle that supports master (AP) mode, e.g. with RT5370 chip. Search on Amazon

This is based on WiFi AP (RT5370) on Raspberry Pi

don't forget to adjust to your adapters: eth0 and wlan1 used here

hotspot/access point

  • sudo su -, opens root console, that redirect > works
  • lsusb, should show 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter
  • apt-get install hostapd dnsmasq
  • nano /etc/network/interfaces
allow-hotplug wlan1
iface wlan1 inet static
  address 10.10.10.1
  netmask 255.255.255.0

#wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet manual
  • nano /etc/hostapd/hostapd.conf
interface=wlan1
driver=nl80211
ssid=MAPBOX-STUDIO-PROXY
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=MY_SUPER_SECRET_PASSWORD
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
  • nano /etc/default/hostapd
DAEMON_CONF="/etc/hostapd/hostapd.conf"
  • /etc/init.d/hostapd restart
  • update-rc.d hostapd enable
  • nano /etc/dnsmasq.conf
interface=wlan1 
except-interface=eth0
dhcp-range=10.10.10.2,10.10.10.150,255.255.255.0,12h
  • /etc/init.d/dnsmasq restart

  • update-rc.d dnsmasq enable

  • nano /etc/sysctl.conf

    • uncomment net.ipv4.ip_forward=1
  • sysctl -p

  • iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

  • iptables -A FORWARD -i eth0 -o wlan1 -m state --state RELATED,ESTABLISHED -j ACCEPT

  • iptables -A FORWARD -i eth0 -o wlan1 -p tcp --dport 3128 -m state --state RELATED,ESTABLISHED -j ACCEPT

  • iptables -A FORWARD -i wlan1 -o eth0 -j ACCEPT

  • iptables -A FORWARD -i wlan1 -o eth0 -p tcp --dport 3128 -j ACCEPT

  • iptables -A INPUT -s 10.10.10.0/24 -p tcp --dport 3128 -j ACCEPT

  • iptables -A INPUT -p tcp --dport 3128 -j DROP

  • iptables -A OUTPUT -d 10.10.10.0/24 -p tcp --sport 3128 -j ACCEPT

  • iptables -A OUTPUT -p tcp --sport 3128 -j DROP

  • iptables-save > /etc/iptables.nat

  • echo '#!/bin/bash' > /etc/network/if-up.d/forwarding && echo 'iptables-restore < /etc/iptables.nat' >> /etc/network/if-up.d/forwarding && chmod +x /etc/network/if-up.d/forwarding

  • shutdown -r now

The author of WiFi AP (RT5370) on Raspberry Pi states that it doesn't work after a reboot. He solved it with:

  • nano /etc/default/ifplugd
INTERFACES="eth0"
HOTPLUG_INTERFACES="eth0"
ARGS="-q -f -u0 -d10 -w -I"
SUSPEND_ACTION="stop"

Didn't work for me.

However, reissuing iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE after reboot works for me.

Clear all iptables rules:

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t raw -F
iptables -t raw -X

proxy

Help Ubuntu: Squid - Proxy Server

Minimal squid3 proxy configuration

  • apt-get install apache2-utils
  • apt-get install squid3
  • sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original
  • sudo chmod a-w /etc/squid3/squid.conf.original
  • nano /etc/squid3/squid.conf
# Uncomment following lines to activate authentication
#auth_param digest program /usr/lib/squid3/digest_file_auth -c /etc/squid3/passwords
#auth_param digest realm proxy
#acl authenticated proxy_auth REQUIRED
#http_access allow authenticated
# Comment following line when using authentication
http_access allow all
http_port 3128
  • service squid3 restart
  • htdigest -c /etc/squid3/passwords proxy FIRSTUSER
  • htdigest /etc/squid3/passwords proxy SECONDUSER

Check if it is working: tail -f /var/log/squid3/access.log

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment