nmcli device modify eth0 ipv6.method "disabled"
rm -f /etc/wpa_supplicant/wpa_supplicant.conf
mv /etc/init.d/hostapd /etc/init.d/hostapd.orig
■ Bridge 네트워크를 구성하기 위해 인터페이스 파일 편집(br0)
vi /etc/network/interfaces.d/br0
-----------------------------------------------------------
auto br0
iface br0 inet static
address 10.10.10.108
netmask 255.255.255.0
gateway 10.10.10.254
dns-nameservers 8.8.8.8
bridge_ports eth0 wlan0
bridge_stp off
bridge_fd 0
bridge_maxwait 0
-----------------------------------------------------------
■ Bridge 네트워크를 구성하기 위해 인터페이스 파일 편집(eth0)
vi /etc/network/interfaces.d/eth0
-----------------------------------------------------------
auto eth0
iface eth0 inet manual
-----------------------------------------------------------
■ Bridge 네트워크를 구성하기 위해 인터페이스 파일 편집(wlan0)
wlan0 주소는 아무거나 사용하지 않는 것으로 넣는다.
vi /etc/network/interfaces.d/wlan0
-----------------------------------------------------------
allow-hotplug wlan0
auto wlan0
iface wlan0 inet static
address 192.168.101.1
netmask 255.255.255.0
-----------------------------------------------------------
■ Bridge 구성이 아닌 단독 라우터 구성이면 DHCP 서버 설정
vi /etc/dhcp/dhcpd.conf
-----------------------------------------------------------
ddns-update-style none;
default-lease-time 86400;
max-lease-time 172800;
subnet 192.168.2.0 netmask 255.255.255.248 {
range 192.168.2.2 192.168.2.6;
option domain-name "local";
option domain-name-servers 8.8.8.8, 8.8.4.4;
option subnet-mask 255.255.255.248;
option routers 192.168.2.1;
option broadcast-address 192.168.2.7;
default-lease-time 86400;
max-lease-time 172800;
}
-----------------------------------------------------------
systemctl restart isc-dhcp-server
■ hostapd에 대한 systemd 스크립트 작성
vi /usr/lib/systemd/system/hostapd.service
-----------------------------------------------------------
[Unit]
Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
Wants=network-online.target
After=systemd-networkd.service
After=sys-subsystem-net-devices-wlan.device
After=sys-subsystem-net-devices-lan.device
#BindsTo=sys-subsystem-net-devices-lan.device
[Service]
Type=forking
PIDFile=/run/hostapd.pid
ExecStart=/usr/sbin/hostapd /etc/hostapd/hostapd.conf -P /run/hostapd.pid -B
[Install]
WantedBy=multi-user.target
-----------------------------------------------------------
systemctl daemon-reload
systemctl disable hostapd
systemctl restart hostapd
■ hostapd.conf 작성
vi /etc/hostapd/hostapd.conf
-----------------------------------------------------------
interface=wlan0
driver=nl80211
ssid=opizero2
hw_mode=a
channel=36
macaddr_acl=0
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_passphrase=12345678
rsn_pairwise=CCMP
-----------------------------------------------------------
■ rc.local에서 호출되어 실행할 방화벽 스크립트 작성.
■ brctl addif br0 wlan0은 wlan0가 자동으로 Bridge 구성이 안될 경우 대비.
■ hostapd가 올라오기 전에 wlan0의 bridge 추가 불가.
mkdir /root/scripts
vi /root/scripts/firewall_opizero2.sh
-----------------------------------------------------------
#!/bin/bash
sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1
sysctl -w net.ipv4.ip_forward=1
iptables -F
iptables -F -t nat
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
systemctl restart hostapd
brctl addif br0 wlan0
-----------------------------------------------------------