FreeBSD12 Atheros 无线网卡AP模式设置

内核版本:

1
2
# uname -a
FreeBSD XMAN 12.0-RELEASE FreeBSD 12.0-RELEASE r341666 GENERIC amd64

驱动设置

找到要使用的驱动程序ath0

1
2
# sysctl net.wlan.devices
net.wlan.devices: ath0

可以通过下面的命令找到相应的硬件:

1
2
3
4
5
# pciconf -lv ath0
ath0@pci0:2:0:0: class=0x028000 card=0xe052105b chip=0x0034168c rev=0x01 hdr=0x00
vendor = 'Qualcomm Atheros'
device = 'AR9462 Wireless Network Adapter'
class = network

加载模块,修改 /boot/loader.conf 后reboot重启

1
2
3
4
5
6
7
# cat /boot/loader.conf
if_ath_load="YES"
if_wi_load="YES"
if_ath_pci_load="YES"
wlan_wep_load="YES"
wlan_ccmp_load="YES"
wlan_tkip_load="YES"

无线AP设置

加载无线网络支持后,检查无线设备是否支持基于主机的接入点模式,也称为hostap模式:

1
2
3
4
5
# ifconfig wlan0 create wlandev ath0
# ifconfig wlan0 list caps
drivercaps=4f8def41<STA,FF,IBSS,PMGT,HOSTAP,AHDEMO,TXPMGT,SHSLOT,SHPREAMBLE,MONITOR,MBSS,WPA1,WPA2,BURST,WME,WDS,TXFRAG>
cryptocaps=1f<WEP,TKIP,AES,AES_CCM,TKIPMIC>
htcaps=20701ef<LDPC,CHWIDTH40,SHORTGI20,SHORTGI40,TXSTBC>

这里打印了 HOSTAP,证实了这张无线网卡可以充当AP。还列出了各种支持的加密方式:WEP, TKIP和AES。此信息指示可以在AP上使用哪些安全协议。

无线设备只能在创建网络设备时进入hostap模式,因此必须首先销毁先前创建的设备:

1
# ifconfig wlan0 destroy

然后在设置其他参数之前使用正确的选项重新生成:

1
2
# ifconfig wlan0 create wlandev ath0 wlanmode hostap
# ifconfig wlan0 inet 10.10.10.1 netmask 255.255.255.0 ssid freebsdap mode 11g channel 1

再次通过ifconfig 查看wlan0接口状态:

1
2
3
4
5
6
7
8
9
10
11
12
# ifconfig wlan0
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 3c:77:e6:50:2a:69
inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255
groups: wlan
ssid freebsdap channel 1 (2412 MHz 11g ht/20) bssid 3c:77:e6:50:2a:69
regdomain 108 indoor ecm authmode OPEN privacy OFF txpower 20
scanvalid 60 protmode CTS ampdulimit 64k ampdudensity 8 shortgi wme
burst dtimperiod 1 -dfs
media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng <hostap>
status: running
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

将下面的参数添加到 /etc/rc.conf ,在引导时自动完成配置:

1
2
3
4
wlans_ath0="wlan0"
hostapd_enable="YES"
create_args_wlan0="wlanmode hostap"
ifconfig_wlan0="inet 10.10.10.1 netmask 255.255.255.0 ssid freebsdap mode 11g channel 1"

还需要配置WPA2安全协议,这样才能安全运行AP

配置 /etc/hostapd.conf :

1
2
3
4
5
6
7
8
9
10
# vim /etc/hostapd.conf
interface=wlan0
debug=1
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=freebasap
wpa=2
wpa_passphrase=freebsdmall #password
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP

启动hostapd服务

1
2
3
4
5
6
# service hostapd forcestart
Starting hostapd.
Configuration file: /etc/hostapd.conf
Using interface wlan0 with hwaddr 3c:77:e6:50:2a:69 and ssid "freebasap"
wlan0: interface state UNINITIALIZED->ENABLED
wlan0: AP-ENABLED

到了这一步移动设备应该可以看到SSID了,也可以对接入点进行身份验证,但是只能通过设置静态IP连接,并且无法连接公网

无线DHCP服务设置

设置DHCP服务器,需要使用DHCPd守护程序监听wlan0接口的ip地址:

安装ISC的dhcpd服务器:

1
2
cd usr/ports/net/isc-dhcp44-server/
make install clean

执行上述指令后将出现如下画面

1554882483657

使用默认设置即可

安装完后,在 /usr/local/etc/ 生成dhcpd.conf.sample 和 dhcpd.conf 我们对dhcpd.conf进行修改

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# cat usr/local/etc/dhcpd.conf

option domain-name "freebsd.org";
option domain-name-servers 8.8.8.8;
default-lease-time 86400;
max-lease-time 86400;
log-facility local7;
ddns-update-style none;
subnet 10.10.10.0 netmask 255.255.255.0 {
range 10.10.10.100 10.10.10.150;
option domain-name-servers 8.8.8.8;
option domain-name "freebsd.org";
option routers 10.10.10.1;
option broadcast-address 10.10.10.255;
default-lease-time 3600;
max-lease-time 7200;
}

启动服务 service isc-dhcpd start 后连接AP,移动设备可以自动获取到ip,但还不能访问网络

1
2
3
4
5
6
7
8
9
10
11
12
13
# service isc-dhcpd start
Starting dhcpd.
Internet Systems Consortium DHCP Server 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Config file: /usr/local/etc/dhcpd.conf
Database file: /var/db/dhcpd/dhcpd.leases
PID file: /var/run/dhcpd/dhcpd.pid
Wrote 0 leases to leases file.
Listening on BPF/wlan0/3c:77:e6:50:2a:69/10.10.10.0/24
Sending on BPF/wlan0/3c:77:e6:50:2a:69/10.10.10.0/24
Sending on Socket/fallback/fallback-net

FreeBSD PF防火墙设设置

启动FreeBSD的网关模式,允许数据包从wifi转发到lan口,修改配置 /etc/rc.conf

1
2
3
4
5
6
7
8
9
## allow packets to be passed from one network interface to another
gateway_enable="YES" # Enable as LAN gateway
## PF firewall
pf_enable="YES" # Enable PF (load module if required)
pf_rules="/etc/pf.conf" # rules definition file for pf
pf_flags="" # additional flags for pfctl start up
pflog_enable="YES" # To enable logging support
pflog_logfile="/var/log/pflog" # where pflogd should store the logfile
pflog_flags="" # additional flags for pflogd start up

保存所需的编辑后,可以通过键入以下内容 来启动PF以获取日志记录支持:

1
2
# service pf start
# service pflog start

启用网关数据转发,转发IPV4数据包:

1
2
# sysctl net.inet.ip.forwarding=1   #forward IPv4 packets
# sysctl net.inet6.ip6.forwarding=1 ##IPV6

注意如果要转发IPV6,在 /etc/rc.conf 中需要添加 ipv6_gateway_enable =“YES”

FreeBSD安装包 示例文件路径: /usr/share/examples/pf/
以下是个简单的Pf防火墙配置,允许所有通过无线网卡的数据包到有线网卡LAN。有线网卡是igb0接口,无线网卡是wlan0接口。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# vim etc/pf.conf
#block in all
#pass out all keep state #allows all
#interfaces
lan_if="igb0"
wifi_if="wlan0"
localnet=$wifi_if:network
#NAT
nat on $lan_if from $localnet to any -> ($lan_if)
block all
block in log all
pass out log quick
#pass inet4 and inet6 traffic in on wifi and lan
pass in log on $wifi_if inet
pass in log on $lan_if inet

pass from {lo0, $localnet} to any keep state

执行 pfctl -f /etc/pf.conf 刷新过滤器,连接WIFI就可以访问网络了。

无线连接接入完成!

参考文档1:https://www.freebsd.org/doc/handbook/network-wireless.html

参考文档2:https://calomel.org/freebsd_wireless_access_point.html

------ 本文结束------