Wifi repeater/range extender script

Posted on by

Updated June, 17 2013 : bad copy/paste, script did not work! Arghhh. Now fixed!


#!/bin/bash
#
# Wifi Repeater/Range extender script
#
# last modified 12/Apr/2013
# - adapted for Debian (tested under 7.0 Wheezy)
#
# http://agentoss.wordpress.com / fredo696@gmail.com
#
# thanks to : http://www.aerospacesoftware.com/howtos/Laptop-NAT-Howto.html
#
# hardware requirements : 2 wireless NICs
# software requirements : iptables, wpa_supplicant, hostapd, dnsmasq, dhcpcd (or equivalent)
#
# This is a standalone script, it will not use your existing configuration files
# (wpa_supplicant/hostapd)
#
# Both wireless interfaces will use WPA/WPA2 encryption.
#
# BEFORE STARTING THIS SCRIPT :
# - you must have root rights
# - stop your wireless connection manager (networkmanager, wicd, etc...)
# - disable your firewall
# - disable power management (prevent the computer to go into suspend mode when unused)
#
# This script has been tested on OpenSUSE 12.2, Debian 7.0
# but should work on other Linux systems with minor adaptations.

# this is the wireless interface we use to connect to our main AP
WLAN_STA="wlan0"
# enter here your SSID and WPA passphrase
WLAN_STA_SSID="YOUR_EXISTING_SSID"
WLAN_STA_PASSPHRASE="your$existing$passphrase"

# this is the wireless interface we use to create our new AP (the "repeater" AP)
WLAN_AP="wlan1"
# your new AP's SSID
WLAN_AP_SSID="REPEAT_$WLAN_STA_SSID"
# Be sure to use different channels for the 2 AP's for best performance
WLAN_AP_CHANNEL=6
WLAN_AP_IP="192.168.7.1"
WLAN_AP_DHCP_RANGE="192.168.7.10,192.168.7.20"
# we can use the same passphrase (or not)
WLAN_AP_PASSPHRASE=$WLAN_STA_PASSPHRASE

# temp files (will contain clear passphrases!)
HOSTAP_TEMP_CONF="/root/hostap_temp.conf"
WPASUPPLICANT_TEMP_CONF="/root/wpasupplicant_temp.conf"

# Path for used commands (adapt to your system)
#DHCPCD="/sbin/dhcpcd"
#for Debian we use dhclient (installed by default)
DHCPCD=$(which dhclient)
HOSTAPD=$(which hostapd)
WPASUPPLICANT=$(which wpa_supplicant)
DNSMASQ=$(which dnsmasq)
IPTABLES=$(which iptables)

# Main program

# check if we are root
if [ $EUID -ne 0 ]; then
echo `basename $0` ": this script must be run as root!" 1>&2
exit 1
fi
# check for software we need
if [ ! -x $DHCPCD ]; then
echo "FATAL: $DHCPCD not found!"; exit 1
fi
if [ ! -x $HOSTAPD ]; then
echo "FATAL: $HOSTAPD not found!"; exit 1
fi
if [ ! -x $WPASUPPLICANT ]; then
echo "FATAL: $WPASUPPLICANT not found!"; exit 1
fi
if [ ! -x $DNSMASQ ]; then
echo "FATAL: $DNSMASQ not found!"; exit 1
fi
if [ ! -x $IPTABLES ]; then
echo "FATAL: $IPTABLES not found!"; exit 1
fi
# check for wireless interfaces
ifconfig $WLAN_STA 1>&2>/dev/null
if [[ $? -ne 0 ]]; then
echo "FATAL: Wireless interface $WLAN_STA unavailable!"; exit 1
fi
ifconfig $WLAN_AP 1>&2>/dev/null
if [[ $? -ne 0 ]]; then
echo "FATAL: Wireless interface $WLAN_AP unavailable!"; exit 1
fi

# some cleanup
# stop network-manager or wicd daemons if running
service network-manager stop 2>/dev/null
service wicd stop 2>/dev/null

# kill existing wireless connections from previous execution of this script
$DHCPCD -x $WLAN_STA 2>/dev/null
$DHCPCD -x $WLAN_AP 2>/dev/null
killall wpa_supplicant 2>/dev/null

# kill running hostapd daemon if it exists
killall hostapd 2>/dev/null

# kill dnsmasq dhcp
killall dnsmasq 2>/dev/null

# empty existing temp.conf files, for security
>$HOSTAP_TEMP_CONF
>$WPASUPPLICANT_TEMP_CONF

# stop the repeater? then just exit, we have already cleaned up!
if [ "$1" == "stop" ]; then
echo "Repeater has been stopped."
exit 0;
fi

# else, continue and create our repeater AP
echo "Please wait, starting up... "

# create temp wpa_supplicant.conf file for our STA interface
cat >$WPASUPPLICANT_TEMP_CONF <$HOSTAP_TEMP_CONF <<EOF
interface=$WLAN_AP
country_code=FR
ieee80211d=1
ssid=$WLAN_AP_SSID
hw_mode=g
channel=$WLAN_AP_CHANNEL
wme_enabled=0
macaddr_acl=0
auth_algs=1
wpa=2
wpa_passphrase=$WLAN_AP_PASSPHRASE
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
EOF

# start the STA interface (my router has a DHCP server)
$DHCPCD $WLAN_STA
if [ $? -ne 0 ]; then
echo "FATAL: unable to start $WLAN_STA interface! ($DHCPCD)"; exit 1
fi

# start hostapd daemon to create the "repeater" AP
$HOSTAPD -B $HOSTAP_TEMP_CONF
if [ $? -ne 0 ]; then
echo "FATAL: unable to start $WLAN_AP interface ($HOSTAPD)!"; exit 1
fi

# assign an IP address to the AP, and start a new DHCP server
ifconfig $WLAN_AP $WLAN_AP_IP netmask 255.255.255.0
$DNSMASQ --dhcp-range=$WLAN_AP_DHCP_RANGE --interface=$WLAN_AP
if [ $? -ne 0 ]; then
echo "FATAL: unable to start dhcp server! ($DNSMASQ)"; exit 1
fi

# enable packet forwarding and add firewall rules to allow forwarding packets
# between our 2 network interfaces.
IF_IN=$WLAN_STA
IF_OUT=$WLAN_AP

sysctl -w net.ipv4.ip_forward=1
$IPTABLES -F
$IPTABLES -X
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -t nat -A POSTROUTING -o $IF_IN -j MASQUERADE
$IPTABLES -A FORWARD -i $IF_IN -o $IF_OUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $IF_OUT -o $IF_IN -j ACCEPT

echo -e "\nWireless repeater access point \"$WLAN_AP_SSID\" is *up* and running!\n"
echo -e "To kill it : `basename $0` stop"

exit 0

Debian 6.0 (Squeeze) on the Xplore iX104C3 rugged Tablet PC

Posted on by

productid-1444-sku-IX104C3

System specs

A nice review here :
http://www.ruggedpcreview.com/3_slates_xplore_ix104c3.html

Users handbook : ftp://Support:Xplore@ftp.xploretech.com/Reports%20and%20Handbooks/iX104C3%20USERS%20HANDBOOK.pdf

Note: my model only has a digitizer (tablet PC model), no touchscreen (dual mode version)

Debian stable to the rescue

First I wanted to install Arch Linux on this system, but soon I encountered a severe setback : the Wacom stylus would not work. Then I tried Ubuntu 12.04 (Precise), everything worked out of the box, except the stylus!
Explanation : it seems the support for this older, serial Wacom tablet has been removed from the X.Org Wacom input drivers, since the 0.10.6 version and up.
(more info can be found here :
http://ubuntuforums.org/showthread.php?t=1780154
 )

Fortunately Debian Squeeze still uses a working 0.10.5 driver version!

Continue reading

Home mail server with Postfix + Dovecot (IMAP) + Squirrelmail/Roundcube on NetBSD 6.0.1

Posted on by

NetBSD-smaller-tb

NetBSD 6.0.1

Goals

  • lightweight (no mysql server, no antivirus)
  • simple (no virtual domains/users)
  • secure

Requirements

  • a valid internet domain name if you want to be able to send/receive email to/from the internet (buy a domain or take a free one at
    http://freedns.afraid.org
     )
  • valid DNS records for your domain
  • we assume your mail server is behind a properly configured router/gateway/firewall

Hardware/Virtual machine requirements

  • 512M RAM
  • 3G of disk space minimum, 8G recommended

Continue reading

Wireless Ad-hoc server script

Posted on by

Today, a quick and dirty Bash script which will allow you, for instance, to quickly serve files from your laptop to other wireless devices (Warning here, we use WEP encryption which is not secure).


#!/bin/bash
#
# Wireless Ad-hoc script
#
# http://agentoss.wordpress.com / fredo696@gmail.com
#
# This script will setup your wireless adapter in Ad-Hoc mode
# and start a DHCP server so that other peers (eg. an Android device)
# can receive an IP address and connect to your computer.
#
# After that, you can start a minimal webserver (darkhttpd for example)
# so that you can quickly share some files with minimal effort!
#
# This script must be run as root.
# Tested on Arch Linux.
# Some adaptations may be needed for other Linux systems.
#
# Requirements: iw, ifconfig commands, and dnsmasq.
#
# WARNING : WEP encryption is weak security :)

# User variables
mywlan="wlan0"
myessid="fredo"
mychan="4"
mywepkey="dead-beef-00"
myip="192.168.7.100"
mydhcprange="192.168.7.101,192.168.7.110"

# Main program
echo -n "Stopping wireless connections (if any)... "
# adapt to your system; I use wicd
systemctl stop wicd && echo "OK"
# for networkmanager
#systemctl stop NetworkManager

echo -n "Starting wireless Ad-hoc mode... "
ifconfig $mywlan down || exit 1
iwconfig $mywlan mode ad-hoc || exit 1
iwconfig $mywlan essid $myessid
iwconfig $mywlan channel $mychan
[ "$mywepkey" ] && iwconfig $mywlan key $mywepkey

ifconfig $mywlan $myip
ifconfig $mywlan up && echo "OK"
echo -n "Starting DHCP server ... "
dnsmasq --dhcp-range="$mydhcprange" && echo "OK"

echo "--------------------------------------"
echo "ESSID : $myessid"
[ "$mywepkey" ] && echo "WEP KEY : $mywepkey"
echo "This computer's IP : $myip"
echo "--------------------------------------"

# debug
#iwconfig $mywlan

while true; do
echo -n "Enter 'q' to quit. "
read value
if [ "$value" == "q" ]; then
break
fi
done

echo -n "Killing DHCP server... "
killall dnsmasq && echo "OK"
echo -n "Killing wireless... "
# restoring the wlan interface to "default" mode
ifconfig $mywlan down
iwconfig $mywlan mode managed
iwconfig $mywlan essid off
iwconfig $mywlan key off
echo "OK"
echo "Wireless Ad-hoc mode terminated."
# now you can restart your network manager

exit 0

Linux Slackware 14.0 (64 bits) quick setup

Posted on by
Slackware 14.0 (XFCE)

Slackware 14.0 (XFCE desktop)

System used for this howto :
VirtualBox 4.2 virtual machine, with
2 cpu’s
1024Mb RAM
20Gb Hard disk

Installation

Download the official (64 bit) DVD iso
Boot the DVD
Select your keyboard map, login as “root”.
Create your partitions (I use cfdisk)
# cfdisk /dev/sda
First partition (/dev/sda1) : swap
(use at least the same size as your RAM for suspend-to-disk to work)
Second (bootable) partition (/dev/sda2) : Linux
Start the installer
# setup
Go to ADDSWAP and follow the steps. For my Linux root partition I use ext4 as filesystem.
Package selection
I choose Default, but personally deselect “GNU Emacs”, “TeX” and “Games” as I don’t use them.
We will install KDE international language later.
Select prompting mode. I select “terse” which is faster.
Default choices are used for the rest of the installation steps.
End of installation
# reboot

Post-installation configuration

Note : root login is permitted by ssh in the default Slackware installation.
First login on the system, login as root, then check your mail
# mail
or even better, use mutt
# mutt

Setup Slackpkg and update your freshly installed system

Select your mirror
# nano /etc/slackpkg/mirrors
Uncomment ONE mirror.
# slackpkg update
# slackpkg upgrade-all

Set the system locale

Show list of supported locales
# locale -a
Then set it (changes will be effective after a reboot)
# nano /etc/profile.d/lang.sh
(here for french systems)
export LANG=fr_FR.utf8
(Do the same for /etc/profile.d/lang.csh if you use the tcsh shell)
Add your KDE international language (here french for me).
Note: installing the KDE environment will also install the Calligra office suite.
# slackpkg search l10n
then
# slackpkg install kde-l10n-fr calligra-l10n-fr
Note 1 : you’ll have to select the language to use in KDE’s system settings (look under Locale).
Note 2 : the language pack in XFCE will be automatically detected after you set the systemwide locale.

Sendmail

Note : your system should have a valid DNS name otherwise email relaying will be refused ( “Sender address rejected: Domain not found” ).
Use netconfig to reconfigure hostname and domain if needed
# netconfig
Configure the MTA so that the system can send outgoing mail to the internet.
We will use our ISP’s SMTP smarthost. For this we need to generate a new sendmail.cf configuration file
# cd /usr/share/sendmail/cf/cf
# nano sendmail-slackware.mc
Uncomment the SMART_HOST define :
replace
dnl define(`SMART_HOST',`mailserver.example.com')
by
define(`SMART_HOST',`smtp.yourisp.com')
Save changes and build the config file
# ./Build sendmail-slackware.mc
Copy the generated .cf file to sendmail’s directory
# cp sendmail-slackware.cf /etc/mail/sendmail.cf
Now start sendmail (also this way sendmail will be automatically started on boot, Slackware-style)
# chmod +x /etc/rc.d/rc.sendmail
# /etc/rc.d/rc.sendmail start
Send an email for testing
# echo 'from my Slackware box'| mail -s 'Hello' my@address.com
See the logs to see if everything goes well
# tail /var/log/maillog
Forward root mail
We create a .forward file in root’s home so that emails sent to root@localhost will be forwarded to another address (useful for cron jobs and daemons)
# echo >/root/.forward my@address.com
(several different addresses can be added to the file, one per line)
Test the forwarding
# echo 'from my Slackware box'| mail -s 'Forwarding' root@localhost

X.Org systemwide keyboard settings

You can setup keyboard layout in KDE or XFCE settings. If you prefer to set it up systemwide, just create the file :
# nano /etc/X11/xorg.conf.d/10-evdev.conf
Section "InputClass"
        Identifier "evdev keyboard catchall"
        MatchIsKeyboard "on"
        MatchDevicePath "/dev/input/event*"
        Driver "evdev"
        option "xkblayout"      "fr"
EndSection

Virtualbox guest additions (optional, only if running in a VM)

It’s easy to do since Slackware’s default install includes a standard development environment and the kernel source.
(First mount the VirtualBox Additions cdrom)
# mount /dev/sr0 /mnt/tmp
# sh /mnt/tmp/VBoxLinuxAdditions.run

Create a regular user “fred”

# adduser fred
Additional groups (press the UP arrow key) : audio cdrom floppy plugdev video power netdev lp scanner

Graphical login

Edit the /etc/inittab
# nano /etc/inittab
change
id:3:initdefault:
to
id:4:initdefault:
Comment out some ttys while we are at it (will save some memory)
c1:12345:respawn:/sbin/agetty –noclear 38400 tty1 linux
c2:12345:respawn:/sbin/agetty 38400 tty2 linux
c3:12345:respawn:/sbin/agetty 38400 tty3 linux
#c4:12345:respawn:/sbin/agetty 38400 tty4 linux
#c5:12345:respawn:/sbin/agetty 38400 tty5 linux
#c6:12345:respawn:/sbin/agetty 38400 tty6 linux
Save changes, reboot.
Now you should be presented to the default session manager (KDM or XDM if you did not install KDE)

Install additional software

Surprise! There’s an “extra” directory on the DVD! It contains some popular applications :
Chromium web browser, Java, Flash player plugin, …
Just open a terminal and read the TXT file (README) for instructions.
Note: the flashplayer-plugin slackbuild found on the DVD does not work (outdated flash player version no more available for download).
Or just copy extra/flashplayer-plugin/* files to /tmp, edit the .slackbuild file
# nano flashplayer-plugin.SlackBuild
replace
VERSION=${VERSION:-”11.2.202.236″}
by
VERSION=${VERSION:-”11.2.202.238″}
Save changes and run the slackbuild
# sh flashplayer-plugin.SlackBuild
Install the generated package
# installpkg /tmp/flashplayer-plugin-11.2.202.238-x86_64-1alien.txz
Also, as an alternative, the slackbuild found on slackbuilds.org will work (
http://slackbuilds.org/repository/13.37/multimedia/flash-player-plugin/
 ).

Additional software from 3rd party packages

(versions are likely to change since the writing of this document)
VLC (from AlienBob’s repository)
(as root)
# cd
# wget http://slackware.org.uk/people/alien/restricted_slackbuilds/vlc/pkg64/14.0/vlc-2.0.3-x86_64-1alien.txz
# installpkg vlc*
LibreOffice (from RlWorkman’s repository)
# wget http://www.rlworkman.net/pkgs/14.0/x86_64/libreoffice-3.6.1_en_US-x86_64-1_rlw.txz
# installpkg libreoffice*
Note : the language packs are not included.
AlienBob also has LibreOffice packages (including the language packs), just wait for some days for the updated packages for Slackware 14.0 to appear :)

Filesystem optimizations

# nano /etc/fstab
Add the “noatime” option for the rootfs.
/dev/sda2        /                ext4        defaults,noatime         1   1
Add /tmp in tmpfs
tmpfs           /tmp            tmpfs           defaults,nosuid,nodev   0       0

Generic Kernel, faster boot and resume from hibernation

Generate an initramfs
# /usr/share/mkinitrd/mkinitrd_command_generator.sh -r
Copy the result to your command prompt and execute it
(in my case)
# mkinitrd -c -k 3.2.29 -f ext4 -r /dev/sda2 -m mbcache:jbd2:ext4 -u -o /boot/initrd.gz
Then update lilo’s (bootloader) configuration
# nano /etc/lilo.conf
- add the “compact” directive (will gain some boot speed) at the beginning
- decrease the “timeout” value to your liking (a value of 50 should be enough)
- add a “default” directive for our new kernel entry :
default=Linux-generic
then add a new kernel entry at the end
image= /boot/vmlinuz-generic-3.2.29
root=/dev/sda2
  initrd = /boot/initrd.gz
  label = Linux-generic
  read-only
  append="quiet fastboot resume=/dev/sda1"
Save changes, make sure lilo is executed to update the bootloader code
# lilo -v
Then reboot. Less messages, (a little) faster boot times :)
Be sure to test suspend-to-disk (hibernate) and system resume.

Firewalling

By default, no firewall is configured at all.
# iptables -L
We can generate a simple firewall configuration from this website :
http://www.mista.nu/iptables/
Then copy and paste our generated firewall to /etc/rc.d/rc.firewall
(the generated config needs some adjustments, like the path to the iptables executable in the IPT variable)
#!/bin/sh
# iptables script generated 2012-09-30
# http://www.mista.nu/iptables
IPT="/usr/sbin/iptables"
# Flush old rules, old custom tables
$IPT --flush
$IPT --delete-chain
# Set default policies for all three default chains
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT
# Enable free use of loopback interfaces
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT
# All TCP sessions should begin with SYN
$IPT -A INPUT -p tcp ! --syn -m state --state NEW -s 0.0.0.0/0 -j DROP
# Accept inbound TCP packets
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# SMTP
#$IPT -A INPUT -p tcp --dport smtp -m state --state NEW -s 0.0.0.0/0 -j ACCEPT
# HTTP
#$IPT -A INPUT -p tcp --dport http -m state --state NEW -s 0.0.0.0/0 -j ACCEPT
# HTTPS
#$IPT -A INPUT -p tcp --dport https -m state --state NEW -s 0.0.0.0/0 -j ACCEPT
# SSH
$IPT -A INPUT -p tcp --dport ssh -m state --state NEW -s 0.0.0.0/0 -j ACCEPT
# Accept inbound ICMP messages
$IPT -A INPUT -p ICMP --icmp-type 8 -s 0.0.0.0/0 -j ACCEPT
$IPT -A INPUT -p ICMP --icmp-type 11 -s 0.0.0.0/0 -j ACCEPT
# EOF

Start firewall at boot

# chmod +x /etc/rc.d/rc.firewall
If you want to disable the firewall
# iptables -F
To disable at boot time
# chmod -x /etc/rc.d/rc.firewall

That’s it!

TIPS

Read the TXT files on the DVD! Lots of useful info for special setups (encrypted, lvm/raid, etc)
Need to boot in single user mode (useful for rescue)?
Append “S” to your kernel line at boot time.
Need to reconfigure your system?
# pkgtool
Want to change the default desktop environment?
# xwmconfig
Want to change the default X session manager?
# chmod -x /usr/bin/kdm
This will use XDM instead of KDM as the default session manager

Useful links

Official Slackware wiki
Packages list
SlackBuilds
AlienBob’s packages
Rlworkman’s packages
Great sendmail howto