ot mystical(29-12-2010)
reiting (17)
[ dobre ]
[ zle ]
Variant za otpechatvane
Rukovodstvo za instalirane i
konfigurirane na
Wive-v0.6.1-preX na Edimax
EW-7209APg
V1.1
Vnimanie: Avtorut
ne nosi otgovornost pri zaguba na informatsiia ili povreda na
ustroistvoto. Izpulnete
rukovodstvoto na sobstven risk.
Kakvo e
Wive?
Wive
e
ruski
furmuer baziran
na Wive-ng.
Wive-ng
e
svobodno
dostupna versiia na furmuera za ustroistva
s
chip rtl8186. V sravnenie sus svoite
predshestvenitsi Wive-ng
ima reditsa podobreniia, kato
optimizirano iadro, po-goliama sigurnost,
po-novi moduli za bezzhichniia interfeis,
ulesneno konfigurirane (redaktirat se
konfiguratsionnite failove).
Sred
otlichavashtite se kachestva sa pptp klient
s poddruzhka na mppe, igmp proxy, spoof zashtita.
V
mnogo ot sluchaite softuera za rtl8186
protsesorite e platen ili za lichno
polzvane. Tazi
versiia na furmuera vi dava vuzmozhnost
za pulno pridobivane na kontrol nad
oborudvaneto, vsichki
vuzmozhnosti sa otkriti na vashe
razpolozhenie, no skriti ot ofitsialniia
proizvoditel na furmuera.
V
nashiia sluchai shte instalirame tozi furmuer
na EW-7209APg
,
a tuk
mozhe da namerite spisuka s ustroistvata,
koito se poddurzhat.
Preporuchvam vi Wive-v0.6.1-preX, ponezhe poddurzha WPA2 encryption i
neshtata sa malko po-oprosteni, no ne idva s avtomatichno startirasht se
veb interfeis (koito tui ili inache ne vurshi nikakva rabota).
Instalirane na furmuera
1. Otvorete
http://sourceforge.net/projects/rtl8186/
i izteglete Wive-v0.6.1-preX-20090115.tar.gz Sled razarhiviraneto v
papka Wive-v0.6.1 shte ima tri poddirektorii:
Za nashiia ruter shte izpolzvame black_fw_reva.bin i wive_rev_a.bin.
2. Triabva da instalirate tftp klient.
3. Svurzhete kompyutura i rutera s lan kabel na port 3.
4 .Vuvedete IP adres 192.168.1.10 na kompyutura.
5. Izklyuchete otzad zahranvaneto na rutera. Natisnete reset butona i bez da go puskate, vklyuchete toka. Kogato
oranzheviia diod, na koito pishe WLAN zapochne da sveti postoianno,
mozhe da pusnete reset butona.
6. Dobre e, da
suberete dvata faila wive_rev_a.bin i black_fw_reva.bin v edna
papka, sled koeto izpulniavate:
ne izlizaite ot programata
ftp>
put wive_rev_a.bin
Izchakvate
okolo 4-5 min. i ako vsichko e nared, rutera triabva da instalira
noviia furmuer
i samostoiatelno da se restartira. Mozhe da razberete tova, kogato
oranzheviia diod zapochne da miga.
Rutera
shte bude dostupen na adres 192.168.0.50
/ 255.255.255.0
7. Vuvedete IP adres 192.168.0.2 na kompyutura.
Konfigurirane
na rutera
TSelta na tazi
konfiguratsiia e da obedinim lokalnata i bezzhichnata mrezha i da pusnem
rutirane prez WAN. Ako niakoi iska da polzva AP-to pod drug rezhim,
mozhe da razgleda ofitsialnoto rukovodstvo
(ruski).
Rutera e
dostupen prez telnet i ssh.
Ssh
Web –shte raboti sled kato bude nastroen
user: root user: root
password:rtl8186 password: rtl8186
ssh root@192.168.0.50
http://192.168.0.50
Smiana na
administratorskite paroli
Vlizame v
rutera i promeniame parolite:
ssh root@192.168.0.50
[Wive@/]#
passwd
Changing password for root
New password:******
Retype password: ******
Password for root changed by root
Parolata za
dostup prez WEB se namira v
[Wive@/]# vi
/etc/httpd.conf
/cgi-bin:root:rtl8186
Kak se raboti s tekstov redaktor
vi?
- tuk
Mozhe da
razreshite na WEB
interfeisa,
da se startira avtomatichno, kato redaktirate /etc/boot. Tuk mozhe da
vidite i drugi interesni nastroiki.
[Wive@/]#
vi
/etc/boot
START_HTTP=yes
[Wive@/]#vi
/etc/init.d/httpd
/sbin/httpd -c /etc/httpd.conf -h /usr/local/www -p 8080
# za tezi, koito iskat da smeniat porta na WEB interfeisa
IP
nastroiki
Vuvezhdame IP
nastroikite i pravim drugi promeni v /etc/network/interfaces.
Iskam da oburna vnimanie, che eth1
= WAN (port
1); eth0
= lokalna mrezha (port
2).
[Wive@/]# vi /etc/network/interfaces
#Global options
IPV4_FORWARD_ENABLE=yes
START_IPTABLES=yes
START_SHAPER=no
VLAN_START=no
#Dobavia pravilo za rutirane i maskirane na
paketite ot LAN kum WAN . Tova mozhe da se napravi i ruchno, kato se
dobavi edna komanda v /etc/network/iptables, koeto shte obiasnia po-dolu.
Ako ste izbrali yes ne e nuzhno da dobaviate nishto v
/etc/network/iptables!
#WAN options
is for NAT settings on this interfaces.
WAN_ENABLE=yes
WAN_PORTS="eth1"
#Za tezi, koito izpolzvat PPPoE vruzka
#PPP0_TYPE is
'pptp' or 'pppoe' or 'generic'
PPP0_START=no
PPP0_TYPE=pptp
PPP0_LOGIN=login
PPP0_PASSW=password
PPTP_SERVER=vpn.someserver.net
PPTP_ENCRYPT=no
PPPOE_ETH=eth0
PPPOE_ACNAME=your_acname
PPPOE_SERVICENAME=your_servicename
#Bridge config
BRIDGE_START=yes
AUTO_BRIDGE=yes
BR0_IPADDR=192.168.2.1/24
BR0_USE_DHCP=no
STP_ENABLE=no
FD_TIMER=0
GCINT_TIMER=0
#Select port fo multicast filter
PORT_FILT=eth0
#Multicast bandwidth in kbps (decrase for speed down on selected interface for cpu offload)
MCAST_BND_ETH0=80000
MCAST_BND_ETH1=80000
MCAST_BND_WLAN=40000
#Macclone from to interface
#MACCLONE_IF="eth0 wlan0"
#Ethernet port2 config = LAN
ETH0_ENABLED=yes
ETH0_FORCEIP=no
ETH0_IN_BR0=yes
ETH0_USE_DHCP=no
ETH0_IPADDR=192.168.0.50/24
ETH0_MACADDR=00006c576976
#Ethernet port1 config = WAN
ETH1_ENABLED=yes
# yes(vklyuchen)/no(izklyuchen)interfeis
ETH1_FORCEIP=yes # vuvezhda IP nastroikite i pri izklyuchen mrezhovi kabel
ETH1_IN_BR0=no # yes/no suzdava most mezhdu ETH WLAN; WAN - triabva da e na no
ETH1_USE_DHCP=no # interfeisa priema avtomatichno IP nastroikite
ETH1_IPADDR=94.15X.XXX.XXX/24 # zadava ruchni IP nastroiki
ETH1_MACADDR=00006c576977
#Wireless port config
WLAN_ENABLED=yes
WLAN_FORCEIP=no
WLAN_IN_BR0=yes
WLAN_USE_DHCP=no
WLAN_IPADDR=192.168.2.50/24
WLAN_MACADDR=00006c576976
Konfiguratsiite
v tozi fail se izpolzvat ot skripta /etc/rc.d/S10network
Promeniame
podrazbirashtiia se Gateway i DNS
[Wive@/]#vi /etc/network/routes
#!/bin/sh
ip ro add default via 94.15X.XXX.XXX
[Wive@/]# vi /etc/resolv.conf
nameserver 94.15X.XXX.XXX
!!! Veche
mozhe da zapazim napravenite promeni.
!!!
[Wive@/]#
fs
save
tar: removing leading '/' from member names
0+1 records in
0+1 records out
Triabva
po-chesto da izpolzvate tazi komanda, v protiven sluchai vremeto i
usilieto vi mozhe da otide na viatura.
Nastroika
na WIFI
Ako iskame da
polzvame WPA2 encryption, shte se nalozhi da redaktirame
/etc/network/wifireset v 279
red.
[Wive@/]#vi /etc/network/wifireset
predi redaktirane
if [
"$WLAN_IN_BRIDGE" !=
""]; then
sled redaktirane
if [
"$WLAN_IN_BRIDGE"=
"no"]; then
Osnovnite
nastroiki se suhraniavat v direktoriia /etc/network/wifi/. SHTe zapochnem
s promeni vuv faila /etc/network/wifi/general.
[Wive@/]#vi /etc/network/wifi/general
#---------------------------------GENERAL WIRELESS INTERFACE CONFIG--------------------------------------
# rezhim na rabota: AP/CLIENT/ADHOC
RMODE=AP
# ime na WIFI mrezhata
ESSID=myessid
# kanal, na koito raboti bezzhichnata mrezha ot 1 do 14
CHANNEL=6
# ustanoviava moshtnostta na 802.11b rezhima
CCKPOWER=18
# ustanoviava moshtnostta na 802.11g rezhima
OFDMPOWER=18
#---------------------------------------Encryption---------------------------------------------------------
# Metod na kodirane, validni stoinosti: WEP64 WEP128 WPA
ENCRYPTION=WPA
Izbirame
metod i zaklyuchvame rutera.
[Wive@/]#vi /etc/network/wifi/wpa
rezhim na zaklyuchvane
#0 – disable, 1 – WEP, 2 – WPA, 4 – WPA2 only, 6 –WPA2 mixed
encryption = 6
ssid = "myessid"
#imeto triabva da e sushtoto kato “ESSID=myessid“
enable1x = 0
enableMacAuth = 0
supportNonWpaClient = 0
wepKey = 0
wepGroupKey = ""
authentication = 2
unicastCipher = 2
wpa2UnicastCipher = 2
usePassphrase = 1
psk = "mypassword"
Nastroika
na DHCP survura
Pravim
izpulnim skripta na dhcp survura i redaktirame /etc/boot, za da se
startira avtomatichno.
[Wive@/]# chmod a+x /etc/rc.d/S65udhcpd
[Wive@/]# vi /etc/boot
START_DHCPSERVER=yes
[Wive@/]# vi /etc/udhcpd.conf
interface br0 #izbirame interfeisa, na koito shte razdava IP-ta
start 192.168.2.15
end 192.168.2.25
max_leases 30
opt dns 94.15X.XXX.XX 8.8.8.8
option subnet 255.255.255.0
opt router 192.168.2.1
#opt wins 10.0.0.254
#option domain somedomain.com
option lease 86400 # 1 day of seconds
NAT
Vsichki
pravila se vuvezhdat i suhraniavat v /etc/network/iptables.
Niama da razglezhdame zashtitnata stena, zashtoto v internet ima dostatuchno
informatsiia i metoda na suzdavana na firewall e identichen s drugite
linuks distributsii.
Maskiraneto
na hostovete i rutiraneto mozhe da se izpulni v dva varianta
MASQUERADE,
kogato imame dinamichen IP adres daden ot dostavchika i SNAT
kogato
imame statichen.
#!/bin/sh
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
#Ako v /etc/network/interfaces ste izbrali WAN_ENABLE=yes ne e neobhodimo da dobaviate niakoia ot tezi komandi.
#/sbin/iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o eth1 -j SNAT --to 94.15X.XXX.XXX
#iptables -t nat -A POSTROUTING -j MASQUERADE -o eth1 -s 192.168.2.0/24
#iptables -t nat -A POSTROUTING -j MASQUERADE -o ppp0 -s 192.168.2.0/24
# Tazi komanda prenasochva vsichki tcp zaiavki na 22 i 80 port kum WAN interfeisa kum lokalnata
mrezha na IP 192.168.2.10 „-m
multiport --dport 22,80 “ po
tozi nachin izbroiavate portovete, koito iskate da prenasochite
#/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp -m multiport --dport 22,80 -j DNAT --to 192.168.2.10
# Tazi komanda prenasochva
vsichki udp zaiavki v interval ot 27010 do 27035 kum WAN interfeisa kum
lokalnata mrezha na IP 192.168.2.10 „-p
udp/tcp --dport 27010:27035“ po
tozi nachin mozhe da zadadete interval na portovete.
#/sbin/iptables -t nat -A PREROUTING -i eth1 -p udp --dport 27010:27035 -j DNAT --to 192.168.2.10
Ne
zabraviaite da zapazite promenite!
[Wive@/]# fs save
tar: removing leading '/' from member names
0+1 records in
0+1 records out
[Wive@/]# reboot
avtor:
mystical
E-mail:
mystical.bg@gmail.com
Iztegli rukovodstvoto i neobhodimite failove ot
Edimax
EW-7209APg
Iztochnitsi:
linux-wive-firmware
(ruski)
dlink-dwl-g700ap
(ruski)
Wive firmware on DLink DWL-G700AP
(angliiski)
<< Ne na Skiap | Sigurno elektronno bankirane s Firefox i Linux >>
|