事前準備
無線LANアクセスポイントになるための LAN カード (TP-LINK TL-WDN4800) を PCI Express x1 ポートにつけておく。
別マシンで SystemRescueCd の USB メモリを作る。
# wget \ --content-disposition \ https://sourceforge.net/projects/systemrescuecd/files/sysresccd-x86/4.7.3/systemrescuecd-x86-4.7.3.iso/download \ ; # echo 'f3a30a11ade9c5dd631522a9bfad4b2d5b7e5b14d9ba65ec94d1cf441635bc7a systemrescuecd-x86-4.7.3.iso' >> systemrescuecd-x86-4.7.3.iso.sha256sum # sha256sum --check systemrescuecd-x86-4.7.3.iso.sha256sum systemrescuecd-x86-4.7.3.iso: OK # mkdir --parent /mnt/cdrom # mount --options loop,exec systemrescuecd-x86-2.8.0.iso /mnt/cdrom # cd /mnt/cdrom # bash ./usb_inst.sh # cd # umount /mnt/cdrom
同じ USB メモリの中に debian-installer と grub2 の設定ファイルを仕込んでおく。Super Grub2 Disk のメニューから設定ファイルを探させる場合、検索先がハードコードされているので適切な場所に grub.cfg を配置する必要がある (configfile を自分でタイプするならどこでもOK)。
# mount /dev/sda1 /mnt/usb # mkdir /mnt/usb/d-i # cd /mnt/usb/d-i # wget \ http://ftp.debian.org/debian/dists/stable/main/installer-amd64/current/images/netboot/debian-installer/amd64/initrd.gz \ http://ftp.debian.org/debian/dists/stable/main/installer-amd64/current/images/netboot/debian-installer/amd64/linux \ ; # cat << 'EOT' >> /mnt/boot/grub/grub.cfg menuentry "debian stable amd64 netboot" { set root='(hd0,msdos1)' linux /d-i/linux initrd /d-i/initrd.gz } EOT # cd # umount /mnt/usb # shutdown -h
できた USB メモリでブート。Super Grub2 Disk を起動して、Escキーでメニューからコンソールに移動。メニューから Detect any GRUB2 configuration file (grub.cfg) を選べば先に仕込んだ grub.cfg が読み込まれるのでメニューから debian-installer を起動。
または configfile で先に仕込んだ grub.cfg を読み込ませて debian-installer を起動。
grub> configfile (hd0,msdos1)/boot/grub/grub.cfg
または直接コマンドを叩いて (必要なら linux /d-i/linux modules=ppp-udeb などのようにカーネルオプションをつける) debian-installer を起動。
grub> set root=(hd0,msdos1) grub> linux /d-i/linux grub> initrd /d-i/initrd.gz grub> boot
GRUB2 からキック
設定を行って
# cat << EOT >> /etc/grub.d/40_custom menuentry "debian stable amd64 netboot" { set root='(hd0,msdos1)' linux /d-i/linux initrd /d-i/initrd.gz } EOT
設定を永続化して
# update-grub
設定の反映確認。
# vi /boot/grub/grub.cfg
BIOS でデフォルト設定に
F10 で BIOS 画面。Exit -> Load Optimal Default -> [OK]。
起動ディスクの設定
この処理は起動ディスクの取り付け位置を変えた際にやり直す必要がある。BIOS側で起動順位を変える項目がある。ここで grub をインストールしたディスクを選択しておく。エンクロージャにつけられたHDDの0番にGRUBをインストールしていない場合は、GRUBをインストールしたHDDの順位を0番に変更する項目があるので、これを変えてから同ディスクを選ぶ。
F10 で BIOS 画面。Boot -> Hard Disk Devices -> 1st Device -> HDD:(GRUB をインストールしたHDD)。 この後、Boot -> Boot Device Priority -> 1st Boot Device -> HDD:(GRUB をインストールしたHDD)。こんな感じ。
debian 側設定
openssh-server パッケージのインストール
インストールと初期設定 (パスワード認証禁止) 作業は以下のページ参照。
apt で Recommends と Suggests パッケージの自動インストールを禁止
共通で必要なパッケージのインストール
# apt-get install vim screen (snip) # echo -e 'syntax on\nset hlsearch\n' >> ~/.vimrc
getty の数を減らす
ntp パッケージのインストール
ddclient パッケージのインストール
nfs-common パッケージのインストール
別の nfs サービスを使ってこのマシンにディレクトリをマウントする際に必要。
# apt-get install nfs-common (snip)
logwatch パッケージのインストール
サービスのログを適当に抽出してまとめてメールしてくれるパッケージを導入しておく。
# apt-get install logwatch (snip)
samba パッケージのインストール
パッケージをインストールすると、自動的に smbd と nmbd サービスが実行される
# apt-get --no-install-recommends install samba (snip) # systemctl status smbd nmbd ● smbd.service - LSB: start Samba SMB/CIFS daemon (smbd) Loaded: loaded (/etc/init.d/smbd) Active: active (running) since *** ****-**-** **:**:** ***; 1min 36s ago CGroup: /system.slice/smbd.service ├─4108 /usr/sbin/smbd -D └─4167 /usr/sbin/smbd -D *** ** **:**:** ************** smbd[4099]: Starting SMB/CIFS daemon: smbd. ● nmbd.service - LSB: start Samba NetBIOS nameserver (nmbd) Loaded: loaded (/etc/init.d/nmbd) Active: active (running) since *** ****-**-** **:**:** ***; 1min 36s ago CGroup: /system.slice/nmbd.service └─4169 /usr/sbin/nmbd -D *** ** **:**:** ************** nmbd[4155]: Starting NetBIOS name server: nmbd.
初期設定状態の設定ファイルを参照。
# grep -v -e '^$' -e '^#' -e '^;' /etc/samba/smb.conf [global] workgroup = WORKGROUP dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d server role = standalone server passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user usershare allow guests = yes [homes] comment = Home Directories browseable = no read only = yes create mask = 0700 directory mask = 0700 valid users = %S [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no
samba ユーザを作成して、内容の確認。
# smbpasswd -a ************** New SMB password: Retype new SMB password: Added user **************. # pdbedit -L -v ************** Unix username: ************** NT username: Account Flags: [U ] User SID: ?-?-?-??-??????????-??????????-??????????-???? Primary Group SID: ?-?-?-??-??????????-??????????-??????????-??? Full Name: ************** Home Directory: \\??????????????\************** HomeDir Drive: Logon Script: Profile Path: \\??????????????\**************\profile Domain: ?????????????? Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: ***, ** *** **** **:**:** *** Kickoff time: ***, ** *** **** **:**:** *** Password last set: ***, ** *** **** **:**:** *** Password can change: ***, ** *** **** **:**:** *** Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
別マシンからマウント実行テスト。上記設定だと[homes]はreadonly になっているので、マウントしたマシンからの書き込みには失敗するはず。OK。
cronの設定
crontab を使って適当なスケジュールを記入
$ crontab -e $ crontab -l | grep --invert-match --regex '^#' --invert-match --regex '^$' */10 * * * * date; 2>&1
この状態で実行確認すると以下のメッセージが得られる。MTA がインストールされていないので、date コマンドの出力は捨てられる。
# systemctl status cron ● cron.service - Regular background program processing daemon Loaded: loaded (/lib/systemd/system/cron.service; enabled) Active: active (running) since *** ****-**-** **:**:** ***; 4h 6min ago Docs: man:cron(8) Main PID: 649 (cron) CGroup: /system.slice/cron.service └─649 /usr/sbin/cron -f (snip) *** ** **:20:01 ************** CRON[9718]: pam_unix(cron:session): session opened for user ************ by (uid=0) *** ** **:20:01 ************** CRON[9719]: (************) CMD (date; 2>&1) *** ** **:20:01 ************** CRON[9718]: (CRON) info (No MTA installed, discarding output)
ということで、exim4 パッケージをインストール。
# apt-get install exim4 (snip)
インストール後には件のメッセージは消える
# systemctl status cron ● cron.service - Regular background program processing daemon Loaded: loaded (/lib/systemd/system/cron.service; enabled) Active: active (running) since *** ****-**-** **:**:** ***; 4h 16min ago Docs: man:cron(8) Main PID: 649 (cron) CGroup: /system.slice/cron.service └─649 /usr/sbin/cron -f (snip) *** ** **:30:01 ************** CRON[10877]: pam_unix(cron:session): session opened for user ************ by (uid=0) *** ** **:30:01 ************** CRON[10878]: (************) CMD (date; 2>&1)
さらにプロンプトで以下の様なメッセージが出てくる。この状態はすなわち、mbox 形式で保存されているということ。
You have mail in /var/mail/************
ホームディレクトリに maildir 形式で保存させたい場合は exim4 の設定を変えないとダメ。まずは設定状態の確認。ここで注目すべきは dc_localdelivery。
$ grep --invert-match --regex '^#' --invert-match --regex '^$' /etc/exim4/update-exim4.conf.conf dc_eximconfig_configtype='local' dc_other_hostnames='**************.**************' dc_local_interfaces='127.0.0.1 ; ::1' dc_readhost='' dc_relay_domains='' dc_minimaldns='false' dc_relay_nets='' dc_smarthost='' CFILEMODE='644' dc_use_split_config='false' dc_hide_mailname='' dc_mailname_in_oh='true' dc_localdelivery='mail_spool'
このファイルを直接編集するか、dpkg-reconfigure exim4-config を行う。今回は前者で。dc_localdelivery に設定できる値は man update-exim4.conf に書かれている。exim4の設定ファイルは update-exim4.conf コマンドを実行することで /var/lib/exim4/config.autogenerated に生成される。デーモンの再起動直前にこのコマンドを実行する必要がある。
$ man update-exim4.conf | grep 'dc_localdelivery' -A 3 dc_localdelivery name of the default transport for local mail delivery. Defaults to mail_spool if unset, use maildir_home for delivery to ~/Maildir/. Sets macro LOCAL_DELIVERY. # sed \ --in-place='.orig' \ --expression="s/\(dc_localdelivery\)=.*/\1='maildir_home'/" \ /etc/exim4/update-exim4.conf.conf \ ; # diff /etc/exim4/update-exim4.conf.conf.orig /etc/exim4/update-exim4.conf.conf 31c31 < dc_localdelivery='mail_spool' --- > dc_localdelivery='maildir_home' # update-exim4.conf # cat /var/lib/exim4/config.autogenerated (snip) # systemctl restart exim4
firmware-linux-nonfree をインストール
dmesg を確認すると以下のエラーが出ている。最後のエラーを解決するために firmware-linux-nonfree パッケージが必要。
$ dmesg --decode --level err kern :err : [ 1.597930] ERST: Failed to get Error Log Address Range. kern :err : [ 2.660774] i8042: No controller found kern :err : [ 7.044749] [drm:radeon_pci_probe] *ERROR* radeon kernel modesetting for R600 or later requires firmware-linux-nonfree.
non-free コンポーネントをセクション部分に追加、データベースを更新、パッケージをインストール、再起動。
# sed \ --in-place='.orig' \ --expression='/^deb/{ /non-free/!{ s/$/ non-free/ }}' \ /etc/apt/sources.list # apt-get update (snip) # apt-get install firmware-linux-nonfree (snip) # systemctl reboot
再起動後にエラーの内容を確認。OK。
$ dmesg --decode --level err kern :err : [ 1.606395] ERST: Failed to get Error Log Address Range. kern :err : [ 2.662259] i8042: No controller found
ハードウェアの認識確認
追加したデバイスが認識されているかを仕様書と見比べる。
$ lspci 00:00.0 Host bridge: Advanced Micro Devices, Inc. [AMD] RS880 Host Bridge 00:01.0 PCI bridge: Hewlett-Packard Company Device 9602 00:02.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] RS780 PCI to PCI bridge (ext gfx port 0) 00:04.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] RS780/RS880 PCI to PCI bridge (PCIE port 0) 00:06.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] RS780 PCI to PCI bridge (PCIE port 2) 00:11.0 SATA controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 SATA Controller [AHCI mode] (rev 40) 00:12.0 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB OHCI0 Controller 00:12.2 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB EHCI Controller 00:13.0 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB OHCI0 Controller 00:13.2 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB EHCI Controller 00:14.0 SMBus: Advanced Micro Devices, Inc. [AMD/ATI] SBx00 SMBus Controller (rev 42) 00:14.1 IDE interface: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 IDE Controller (rev 40) 00:14.3 ISA bridge: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 LPC host controller (rev 40) 00:14.4 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] SBx00 PCI to PCI Bridge (rev 40) 00:16.0 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB OHCI0 Controller 00:16.2 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB EHCI Controller 00:18.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor HyperTransport Configuration 00:18.1 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor Address Map 00:18.2 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor DRAM Controller 00:18.3 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor Miscellaneous Control 00:18.4 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor Link Control 01:05.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] RS880M [Mobility Radeon HD 4225/4250] 02:00.0 Ethernet controller: Intel Corporation 82575EB Gigabit Network Connection (rev 02) 02:00.1 Ethernet controller: Intel Corporation 82575EB Gigabit Network Connection (rev 02) 03:00.0 Network controller: Qualcomm Atheros AR93xx Wireless Network Adapter (rev 01) 04:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5723 Gigabit Ethernet PCIe (rev 10) $ lspci 00:00.0 Host bridge: Advanced Micro Devices, Inc. [AMD] RS880 Host Bridge 00:01.0 PCI bridge: Hewlett-Packard Company Device 9602 00:02.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] RS780 PCI to PCI bridge (ext gfx port 0) 00:04.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] RS780/RS880 PCI to PCI bridge (PCIE port 0) 00:06.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] RS780 PCI to PCI bridge (PCIE port 2) 00:11.0 SATA controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 SATA Controller [AHCI mode] (rev 40) 00:12.0 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB OHCI0 Controller 00:12.2 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB EHCI Controller 00:13.0 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB OHCI0 Controller 00:13.2 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB EHCI Controller 00:14.0 SMBus: Advanced Micro Devices, Inc. [AMD/ATI] SBx00 SMBus Controller (rev 42) 00:14.1 IDE interface: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 IDE Controller (rev 40) 00:14.3 ISA bridge: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 LPC host controller (rev 40) 00:14.4 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] SBx00 PCI to PCI Bridge (rev 40) 00:16.0 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB OHCI0 Controller 00:16.2 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB EHCI Controller 00:18.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor HyperTransport Configuration 00:18.1 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor Address Map 00:18.2 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor DRAM Controller 00:18.3 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor Miscellaneous Control 00:18.4 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor Link Control 01:05.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] RS880M [Mobility Radeon HD 4225/4250] 02:00.0 PCI bridge: Integrated Device Technology, Inc. [IDT] PES12N3A PCI Express Switch (rev 0e) 03:02.0 PCI bridge: Integrated Device Technology, Inc. [IDT] PES12N3A PCI Express Switch (rev 0e) 03:04.0 PCI bridge: Integrated Device Technology, Inc. [IDT] PES12N3A PCI Express Switch (rev 0e) 04:00.0 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet Controller (Copper) (rev 06) 04:00.1 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet Controller (Copper) (rev 06) 05:00.0 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet Controller (Copper) (rev 06) 05:00.1 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet Controller (Copper) (rev 06) 06:00.0 Network controller: Qualcomm Atheros AR93xx Wireless Network Adapter (rev 01) 07:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5723 Gigabit Ethernet PCIe (rev 10)
ネットワーク・インターフェイスとサービス
有線インターフェイスは eth0 eth1 eth2 eth3 eth4。eth0 は home10 ネットワーク、eth1 は global ネットワークにつながっている。
interface | network | service | ||||
---|---|---|---|---|---|---|
sshd | pppd | ntpd | dhcpd | vpnd | ||
lo | local | OK | NG | OK | NG | NG |
eth0 | home10 | OK | NG | NG | NG | NG |
ppp0 (eth1) | global | OK | OK | NG | NG | NG |
eth1 | ||||||
eth2 | home20 | OK | NG | NG | OK | NG |
eth3 | ||||||
eth4 | ||||||
wlan0 |
PPPoE の設定
現在の (インストール後のデフォルト) ネットワークインターフェイス設定は以下。
$ grep -v -e '^$' -e '#' /etc/network/interfaces source /etc/network/interfaces.d/* auto lo iface lo inet loopback allow-hotplug eth0 iface eth0 inet dhcp
eth1 が PPPoE サービスを提供するネットワークに繋がれているならば、以下のようにすることで設定できる。
# apt-get install pppoeconf (snip) # pppoeconf -nox eth1 +-------------------| SCANNING DEVICE |--------------------+ | Looking for PPPoE Access Concentrator on eth1... | | | | 36% | | | +----------------------------------------------------------+ +-------------------------| OKAY TO MODIFY |-------------------------+ | | | If you continue with this program, these configuration files will | | be modified : /etc/ppp/peers/dsl-provider /etc/network/interfaces | | and /etc/ppp/*-secrets. Please make sure that you have a backup | | copy before saying Yes. | | | | Continue with configuration? | | | | <Yes> <No> | | | +--------------------------------------------------------------------+ +------------------------| POPULAR OPTIONS |-------------------------+ | | | Most people using popular dialup providers prefer the options | | 'noauth' and 'defaultroute' in their configuration and remove the | | 'nodetach' option. Should I check your configuration file and | | change these settings where neccessary? | | | | <Yes> <No> | | | +--------------------------------------------------------------------+ +--------------------| ENTER USERNAME |--------------------+ | Please enter the username which you usually need for the | | PPP login to your provider in the input box below. If | | you wish to see the help screen, delete the username and | | press OK. | | | | ________________________________________________________ | | | | <Ok> | | | +----------------------------------------------------------+ +--------------------| ENTER PASSWORD |--------------------+ | Please enter the password which you usually need for the | | PPP login to your provider in the input box below. | | | | NOTE: you can see the password in plain text while | | typing. | | | | ________________________________________________________ | | | | <Ok> | | | +----------------------------------------------------------+ +---------------------| USE PEER DNS |---------------------+ | | | You need at least one DNS IP address to resolve the | | normal host names. Normally your provider sends you | | addresses of useable servers when the connection is | | established. Would you like to add these addresses | | automatically to the list of nameservers in your local | | /etc/resolv.conf file? (recommended) | | | | <Yes> <No> | | | +----------------------------------------------------------+ +----------------------| LIMITED MSS PROBLEM |-----------------------+ | | | Many providers have routers that do not support TCP packets with a | | MSS higher than 1460. Usually, outgoing packets have this MSS when | | they go through one real Ethernet link with the default MTU size | | (1500). Unfortunately, if you are forwarding packets from other | | hosts (i.e. doing masquerading) the MSS may be increased depending | | on the packet size and the route to the client hosts, so your | | client machines won't be able to connect to some sites. There is a | | solution: the maximum MSS can be limited by pppoe. You can find | | more details about this issue in the pppoe documentation. | | | | Should pppoe clamp MSS at 1452 bytes? | | | | If unsure, say yes. | | | | (If you still get problems described above, try setting to 1412 in | | the dsl-provider file.) | | | | <Yes> <No> | | | +--------------------------------------------------------------------+ +-------------------------| DONE |-------------------------+ | | | Your PPPD is configured now. Would you like to start the | | connection at boot time? | | | | <Yes> <No> | | | +----------------------------------------------------------+ +----------------| ESTABLISH A CONNECTION |----------------+ | | | Now, you can make a DSL connection with "pon | | dsl-provider" and terminate it with "poff". Would you | | like to start the connection now? | | | | <Yes> <No> | | | +----------------------------------------------------------+ +-----------------| CONNECTION INITIATED |-----------------+ | | | The DSL connection has been triggered. You can use the | | "plog" command to see the status or "ip addr show ppp0" | | for general interface info. | | | | <Ok> | | | +----------------------------------------------------------+
設定は /etc/network/interfaces と /etc/ppp/peers/dsl-provider と /etc/ppp/chap-secrets と /etc/ppp/pap-secrets に書き込まれる。パスワードやユーザ名は *-secrets に平文で書き込まれる。
$ grep -v -e '^$' -e '^#' /etc/network/interfaces source /etc/network/interfaces.d/* auto lo iface lo inet loopback allow-hotplug eth0 iface eth0 inet dhcp auto dsl-provider iface dsl-provider inet ppp pre-up /bin/ip link set eth1 up # line maintained by pppoeconf provider dsl-provider auto eth1 iface eth1 inet manual
以前はこの状態だと再起動時にプロバイダから IP アドレスを取得できない問題があったけど、今はなぜか成功する。
有線 LAN ネットワーク用設定
eth2 eth3 eth4 wlan0 に対して dhcp サービスを提供するための設定を行う。デフォルトで使われる dhcp クライアントは isc 製なので、dhcp サーバも同じ isc 製の物を使う。
# dpkg -l | grep dhcp ii isc-dhcp-client 4.3.1-6+deb8u2 amd64 DHCP client for automatically obtaining an IP address ii isc-dhcp-common 4.3.1-6+deb8u2 amd64 common files used by all of the isc-dhcp packages # apt-get install isc-dhcp-server (snip)
dhcpd を動かすポートはipアドレスを静的に割り当てる。dhcpd の設定で割り当てるip アドレス範囲を設定する。
$ grep -v -e '^$' -e '#' /etc/network/interfaces.d/eth2.cfg allow-hotplug eth2 auto eth2 iface eth2 inet static address 192.168.22.1 netmask 255.255.255.240 up route add -net 192.168.22.0 netmask 255.255.255.240 gw 192.168.22.1 pre-down route del -net 192.168.22.0 netmask 255.255.255.240 gw 192.168.22.1 $ grep -v -e '^$' -e '#' /etc/network/interfaces.d/eth3.cfg allow-hotplug eth3 auto eth3 iface eth3 inet static address 192.168.23.1 netmask 255.255.255.240 up route add -net 192.168.23.0 netmask 255.255.255.240 gw 192.168.23.1 pre-down route del -net 192.168.23.0 netmask 255.255.255.240 gw 192.168.23.1 $ grep -v -e '^$' -e '#' /etc/network/interfaces.d/eth4.cfg allow-hotplug eth4 auto eth4 iface eth4 inet static address 192.168.24.1 netmask 255.255.255.240 up route add -net 192.168.24.0 netmask 255.255.255.240 gw 192.168.24.1 pre-down route del -net 192.168.24.0 netmask 255.255.255.240 gw 192.168.24.1 $ grep -v -e '^$' -e '#' -R /etc/network/interfaces.d/wlan0.cfg allow-hotplug wlan0 auto wlan0 iface wlan0 inet static address 192.168.120.1 netmask 255.255.255.240 up route add -net 192.168.120.0 netmask 255.255.255.240 gw 192.168.120.1 pre-down route del -net 192.168.120.0 netmask 255.255.255.240 gw 192.168.120.1 $ grep -v -e '^$' -e '#' -R /etc/dhcp/dhcpd.conf ddns-update-style none; option domain-name-servers 8.8.8.8, 8.8.4.4; default-lease-time 600; max-lease-time 7200; log-facility local7; subnet 192.168.22.0 netmask 255.255.255.240 { option routers 192.168.22.1; range 192.168.22.2 192.168.22.14; } subnet 192.168.23.0 netmask 255.255.255.240 { option routers 192.168.23.1; range 192.168.23.2 192.168.23.14; } subnet 192.168.24.0 netmask 255.255.255.240 { option routers 192.168.24.1; range 192.168.24.2 192.168.24.14; } subnet 192.168.120.0 netmask 255.255.255.240 { option routers 192.168.120.1; range 192.168.120.2 192.168.120.14; } # shutdown -r
再起動後にネットワーク設定を確認。
$ ip route default via 192.168.13.1 dev eth0 192.168.13.0/28 dev eth0 proto kernel scope link src 192.168.13.12 192.168.21.0/28 via 192.168.21.1 dev eth1 scope link 192.168.21.0/28 dev eth1 proto kernel scope link src 192.168.21.1 192.168.22.0/28 via 192.168.22.1 dev eth2 scope link 192.168.22.0/28 dev eth2 proto kernel scope link src 192.168.22.1 192.168.23.0/28 via 192.168.23.1 dev eth3 scope link 192.168.23.0/28 dev eth3 proto kernel scope link src 192.168.23.1 192.168.24.0/28 via 192.168.24.1 dev eth4 scope link 192.168.24.0/28 dev eth4 proto kernel scope link src 192.168.24.1 $ ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff inet 192.168.13.12/28 brd 192.168.13.15 scope global eth0 valid_lft forever preferred_lft forever inet6 ****::****:****:****:****/64 scope link valid_lft forever preferred_lft forever 3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000 link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff inet 192.168.21.1/28 brd 192.168.21.15 scope global eth1 valid_lft forever preferred_lft forever 4: eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000 link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff inet 192.168.22.1/28 brd 192.168.22.15 scope global eth2 valid_lft forever preferred_lft forever 5: eth3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000 link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff inet 192.168.23.1/28 brd 192.168.23.15 scope global eth3 valid_lft forever preferred_lft forever 6: eth4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000 link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff inet 192.168.24.1/28 brd 192.168.24.15 scope global eth4 valid_lft forever preferred_lft forever 7: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 inet6 ****::****:****:****:****/64 scope link
別のマシンからこのマシンに対してdhcp要求を出して正しく設定されるか確認。
$ ip addr list eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000 link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff inet 192.168.24.2/28 brd 192.168.24.15 scope global eth0 valid_lft forever preferred_lft forever inet6 ****::***:****:****:****/64 scope link valid_lft forever preferred_lft forever $ cat /etc/resolv.conf nameserver 8.8.8.8 nameserver 8.8.4.4
このままだとこのマシンからIPアドレスを貰ったマシンで外に出られないので、このマシンを NAT ルータ化ために、パケット転送を許可する。
# sysctl --all | grep ip_forward net.ipv4.ip_forward = 0 net.ipv4.ip_forward_use_pmtu = 0 # echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.d/01-nat.conf # shutdown -r
再起動後に状態確認。
# sysctl --all | grep ip_forward net.ipv4.ip_forward = 1 net.ipv4.ip_forward_use_pmtu = 0
iptables-persistent をインストールして iptables の状態を再起動後に自動反映させる。反映させたい状態を保存するには ip6tables-save と iptables-save の結果を適当な場所に保存する。
# apt-get install iptables-persistent # iptables -t nat -A POSTROUTING -j MASQUERADE (snip) # dpkg-reconfigure iptables-persistent (snip) # iptables-save > /etc/iptables/rules.v4 # ip6tables-save > /etc/iptables/rules.v6 # shutdown -r
別のマシンから外に出れるか確認。
$ ping -c 4 google.com PING google.com (172.217.25.238) 56(84) bytes of data. 64 bytes from nrt12s14-in-f14.1e100.net (172.217.25.238): icmp_seq=1 ttl=54 time=15.3 ms 64 bytes from nrt12s14-in-f14.1e100.net (172.217.25.238): icmp_seq=2 ttl=54 time=14.9 ms 64 bytes from nrt12s14-in-f14.1e100.net (172.217.25.238): icmp_seq=3 ttl=54 time=16.2 ms 64 bytes from nrt12s14-in-f14.1e100.net (172.217.25.238): icmp_seq=4 ttl=54 time=14.0 ms --- google.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 14.085/15.150/16.217/0.774 ms
無線LANホスト用設定
無線LAN用に必要なツールのインストール。
# apt-get install iw hostapd wpasupplicant
lspci を使ってデバイスの詳細を確認
# lspci | grep Atheros 06:00.0 Network controller: Qualcomm Atheros AR93xx Wireless Network Adapter (rev 01) # lspci -s 06:00.0 -vv 06:00.0 Network controller: Qualcomm Atheros AR93xx Wireless Network Adapter (rev 01) Subsystem: Qualcomm Atheros Device 3112 Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 0, Cache Line Size: 64 bytes Interrupt: pin A routed to IRQ 16 Region 0: Memory at fe8e0000 (64-bit, non-prefetchable) [size=128K] Expansion ROM at fe8d0000 [disabled] [size=64K] Capabilities: [40] Power Management version 3 Flags: PMEClk- DSI- D1+ D2- AuxCurrent=375mA PME(D0+,D1+,D2-,D3hot+,D3cold-) Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME- Capabilities: [50] MSI: Enable- Count=1/4 Maskable+ 64bit+ Address: 0000000000000000 Data: 0000 Masking: 00000000 Pending: 00000000 Capabilities: [70] Express (v2) Endpoint, MSI 00 DevCap: MaxPayload 128 bytes, PhantFunc 0, Latency L0s <1us, L1 <8us ExtTag- AttnBtn- AttnInd- PwrInd- RBE+ FLReset- DevCtl: Report errors: Correctable- Non-Fatal- Fatal- Unsupported- RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop- MaxPayload 128 bytes, MaxReadReq 512 bytes DevSta: CorrErr+ UncorrErr- FatalErr- UnsuppReq+ AuxPwr- TransPend- LnkCap: Port #0, Speed 2.5GT/s, Width x1, ASPM L0s L1, Exit Latency L0s <2us, L1 <64us ClockPM- Surprise- LLActRep- BwNot- LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk+ ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt- LnkSta: Speed 2.5GT/s, Width x1, TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt- DevCap2: Completion Timeout: Not Supported, TimeoutDis+, LTR-, OBFF Not Supported DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled LnkCtl2: Target Link Speed: 2.5GT/s, EnterCompliance- SpeedDis- Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS- Compliance De-emphasis: -6dB LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1- EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest- Capabilities: [100 v1] Advanced Error Reporting UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol- UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol- UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol- CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- NonFatalErr+ CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- NonFatalErr+ AERCap: First Error Pointer: 00, GenCap- CGenEn- ChkCap- ChkEn- Capabilities: [140 v1] Virtual Channel Caps: LPEVC=0 RefClk=100ns PATEntryBits=1 Arb: Fixed- WRR32- WRR64- WRR128- Ctrl: ArbSelect=Fixed Status: InProgress- VC0: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans- Arb: Fixed- WRR32- WRR64- WRR128- TWRR128- WRR256- Ctrl: Enable+ ID=0 ArbSelect=Fixed TC/VC=ff Status: NegoPending- InProgress- Capabilities: [300 v1] Device Serial Number 00-00-00-00-00-00-00-00 Kernel driver in use: ath9k
iw list でネットワークアダプタの機能詳細を確認。
# iw list Wiphy phy0 max # scan SSIDs: 4 max scan IEs length: 2257 bytes Retry short limit: 7 Retry long limit: 4 Coverage class: 0 (up to 0m) Device supports RSN-IBSS. Device supports AP-side u-APSD. Device supports T-DLS. Supported Ciphers: * WEP40 (00-0f-ac:1) * WEP104 (00-0f-ac:5) * TKIP (00-0f-ac:2) * CCMP (00-0f-ac:4) * CMAC (00-0f-ac:6) Available Antennas: TX 0x7 RX 0x7 Configured Antennas: TX 0x7 RX 0x7 Supported interface modes: * IBSS * managed * AP * AP/VLAN * WDS * monitor * mesh point * P2P-client * P2P-GO Band 1: Capabilities: 0x11ef RX LDPC HT20/HT40 SM Power Save disabled RX HT20 SGI RX HT40 SGI TX STBC RX STBC 1-stream Max AMSDU length: 3839 bytes DSSS/CCK HT40 Maximum RX AMPDU length 65535 bytes (exponent: 0x003) Minimum RX AMPDU time spacing: 8 usec (0x06) HT TX/RX MCS rate indexes supported: 0-23 Bitrates (non-HT): * 1.0 Mbps * 2.0 Mbps (short preamble supported) * 5.5 Mbps (short preamble supported) * 11.0 Mbps (short preamble supported) * 6.0 Mbps * 9.0 Mbps * 12.0 Mbps * 18.0 Mbps * 24.0 Mbps * 36.0 Mbps * 48.0 Mbps * 54.0 Mbps Frequencies: * 2412 MHz [1] (23.0 dBm) * 2417 MHz [2] (23.0 dBm) * 2422 MHz [3] (23.0 dBm) * 2427 MHz [4] (23.0 dBm) * 2432 MHz [5] (23.0 dBm) * 2437 MHz [6] (23.0 dBm) * 2442 MHz [7] (23.0 dBm) * 2447 MHz [8] (23.0 dBm) * 2452 MHz [9] (23.0 dBm) * 2457 MHz [10] (23.0 dBm) * 2462 MHz [11] (23.0 dBm) * 2467 MHz [12] (disabled) * 2472 MHz [13] (disabled) * 2484 MHz [14] (disabled) Band 2: Capabilities: 0x11ef RX LDPC HT20/HT40 SM Power Save disabled RX HT20 SGI RX HT40 SGI TX STBC RX STBC 1-stream Max AMSDU length: 3839 bytes DSSS/CCK HT40 Maximum RX AMPDU length 65535 bytes (exponent: 0x003) Minimum RX AMPDU time spacing: 8 usec (0x06) HT TX/RX MCS rate indexes supported: 0-23 Bitrates (non-HT): * 6.0 Mbps * 9.0 Mbps * 12.0 Mbps * 18.0 Mbps * 24.0 Mbps * 36.0 Mbps * 48.0 Mbps * 54.0 Mbps Frequencies: * 5180 MHz [36] (16.0 dBm) (no IR) * 5200 MHz [40] (16.0 dBm) (no IR) * 5220 MHz [44] (16.0 dBm) (no IR) * 5240 MHz [48] (16.0 dBm) * 5260 MHz [52] (13.0 dBm) (no IR, radar detection) DFS state: usable (for 2645 sec) DFS CAC time: 0 ms * 5280 MHz [56] (14.0 dBm) (no IR, radar detection) DFS state: usable (for 2645 sec) DFS CAC time: 0 ms * 5300 MHz [60] (14.0 dBm) (no IR, radar detection) DFS state: usable (for 2645 sec) DFS CAC time: 0 ms * 5320 MHz [64] (13.0 dBm) (no IR, radar detection) DFS state: usable (for 2645 sec) DFS CAC time: 0 ms * 5500 MHz [100] (disabled) * 5520 MHz [104] (disabled) * 5540 MHz [108] (disabled) * 5560 MHz [112] (disabled) * 5580 MHz [116] (disabled) * 5600 MHz [120] (disabled) * 5620 MHz [124] (disabled) * 5640 MHz [128] (disabled) * 5660 MHz [132] (disabled) * 5680 MHz [136] (disabled) * 5700 MHz [140] (disabled) * 5745 MHz [149] (20.0 dBm) (no IR) * 5765 MHz [153] (20.0 dBm) (no IR) * 5785 MHz [157] (20.0 dBm) (no IR) * 5805 MHz [161] (20.0 dBm) (no IR) * 5825 MHz [165] (20.0 dBm) (no IR) Supported commands: * new_interface * set_interface * new_key * start_ap * new_station * new_mpath * set_mesh_config * set_bss * authenticate * associate * deauthenticate * disassociate * join_ibss * join_mesh * remain_on_channel * set_tx_bitrate_mask * frame * frame_wait_cancel * set_wiphy_netns * set_channel * set_wds_peer * tdls_mgmt * tdls_oper * probe_client * set_noack_map * register_beacons * start_p2p_device * set_mcast_rate * Unknown command (104) * connect * disconnect Supported TX frame types: * IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 * managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 * AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 * AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 * mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 * P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 * P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 * P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 Supported RX frame types: * IBSS: 0x40 0xb0 0xc0 0xd0 * managed: 0x40 0xd0 * AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0 * AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0 * mesh point: 0xb0 0xc0 0xd0 * P2P-client: 0x40 0xd0 * P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0 * P2P-device: 0x40 0xd0 software interface modes (can always be added): * AP/VLAN * monitor valid interface combinations: * #{ managed } <= 2048, #{ AP, mesh point } <= 8, #{ P2P-client, P2P-GO } <= 1, total <= 2048, #channels <= 1, STA/AP BI must match * #{ WDS } <= 2048, total <= 2048, #channels <= 1, STA/AP BI must match HT Capability overrides: * MCS: ff ff ff ff ff ff ff ff ff ff * maximum A-MSDU length * supported channel width * short GI for 40 MHz * max A-MPDU length exponent * min MPDU start spacing Device supports TX status socket option. Device supports HT-IBSS. Device supports SAE with AUTHENTICATE command Device supports low priority scan. Device supports scan flush. Device supports AP scan. Device supports per-vif TX power setting Driver supports a userspace MPM Device supports active monitor (which will ACK incoming frames) Driver/device bandwidth changes during BSS lifetime (AP/GO mode)
hostapd のインストール。/usr/share/doc/hostapd/README.Debian の内容に従って、例を /etc/hostapd/hostapd.conf にインストール、編集。/etc/default/hostapd の中でデーモンとして起動する場合に参照する設定ファイルを指定。
# apt-get install hostapd # less /usr/share/doc/hostapd/README.Debian # zcat /usr/share/doc/hostapd/examples/hostapd.conf.gz > /etc/hostapd/hostapd.conf # cat << EOF >> /etc/default/hostapd DAEMON_CONF="/etc/hostapd/hostapd.conf" EOF
hostapd を再スタートして、状態を確認。適当な端末で ssid が test のものが存在するか確認。
# systemctl restart hostapd # systemctl status hostapd ● hostapd.service - LSB: Advanced IEEE 802.11 management daemon Loaded: loaded (/etc/init.d/hostapd) Active: active (running) since *** ****-**-** **:**:** ***; 2s ago Process: 2225 ExecStop=/etc/init.d/hostapd stop (code=exited, status=0/SUCCESS) Process: 2230 ExecStart=/etc/init.d/hostapd start (code=exited, status=0/SUCCESS) CGroup: /system.slice/hostapd.service └─2234 /usr/sbin/hostapd -B -P /run/hostapd.pid /etc/hostapd/hostapd.conf *** ** **:**:** ************** hostapd[2230]: Starting advanced IEEE 802.11 management: hostapd.
認証系の設定。wpa_passphrase を使って接続用の MAC アドレスとパスワードの対応表を作成し、設定に反映。
# wpa_passphrase ***** ******** network={ ssid="*****" #psk="********" psk=**************************************************************** } # cat << EOF >> /etc/hostapd.wpa_psk **:**:**:**:**:** **************************************************************** EOF # grep --invert-match --regex='#' --regex='^$' /etc/hostapd/hostapd.conf interface=wlan0 driver=nl80211 ssid=******************** country_code=JP channel=8 wpa=2 wpa_psk_file=/etc/hostapd.wpa_psk wpa_key_mgmt=WPA-PSK rsn_pairwise=CCMP hw_mode=g wmm_enabled=1 ieee80211n=1 ht_capab=[HT20][HT40-][SHORT-GI-40][RX-STBC1][TX-STBC][AMPDU][DSSS_CCK-40] # systemctl restart hostapd
接続すると以下の様なログが流れる。
# systemctl status hostapd ● hostapd.service - LSB: Advanced IEEE 802.11 management daemon Loaded: loaded (/etc/init.d/hostapd) Active: active (running) since *** ****-**-** **:**:** ***; 6min ago Process: 3507 ExecStop=/etc/init.d/hostapd stop (code=exited, status=0/SUCCESS) Process: 3512 ExecStart=/etc/init.d/hostapd start (code=exited, status=0/SUCCESS) CGroup: /system.slice/hostapd.service └─3517 /usr/sbin/hostapd -B -P /run/hostapd.pid /etc/hostapd/hostapd.conf *** ** **:**:** ************** hostapd[3517]: wlan0: STA **:**:**:**:**:** IEEE 802.11: authenticated *** ** **:**:** ************** hostapd[3517]: wlan0: STA **:**:**:**:**:** IEEE 802.11: associated (aid 1) *** ** **:**:** ************** hostapd[3517]: wlan0: STA **:**:**:**:**:** RADIUS: starting accounting session 576073B8-00000002 *** ** **:**:** ************** hostapd[3517]: wlan0: STA **:**:**:**:**:** WPA: pairwise key handshake completed (RSN) *** ** **:**:** ************** hostapd[3517]: wlan0: STA **:**:**:**:**:** IEEE 802.11: authenticated *** ** **:**:** ************** hostapd[3517]: wlan0: STA **:**:**:**:**:** IEEE 802.11: associated (aid 1) *** ** **:**:** ************** hostapd[3517]: wlan0: STA **:**:**:**:**:** RADIUS: starting accounting session 576073B8-00000003 *** ** **:**:** ************** hostapd[3517]: wlan0: STA **:**:**:**:**:** WPA: pairwise key handshake completed (RSN)
パスワードが間違っている場合、以下。
# systemctl status hostapd ● hostapd.service - LSB: Advanced IEEE 802.11 management daemon Loaded: loaded (/etc/init.d/hostapd) Active: active (running) since *** ****-**-** **:**:** ***; 43s ago Process: 3551 ExecStop=/etc/init.d/hostapd stop (code=exited, status=0/SUCCESS) Process: 3677 ExecStart=/etc/init.d/hostapd start (code=exited, status=0/SUCCESS) CGroup: /system.slice/hostapd.service └─3680 /usr/sbin/hostapd -B -P /run/hostapd.pid /etc/hostapd/hostapd.conf *** ** **:**:** ************** hostapd[3677]: Starting advanced IEEE 802.11 management: hostapd. *** ** **:**:** ************** hostapd[3680]: wlan0: STA **:**:**:**:**:** IEEE 802.11: authenticated *** ** **:**:** ************** hostapd[3680]: wlan0: STA **:**:**:**:**:** IEEE 802.11: associated (aid 1) *** ** **:**:** ************** hostapd[3680]: wlan0: STA **:**:**:**:**:** IEEE 802.11: deauthenticated due to local deauth request *** ** **:**:** ************** hostapd[3680]: wlan0: STA **:**:**:**:**:** IEEE 802.11: authenticated *** ** **:**:** ************** hostapd[3680]: wlan0: STA **:**:**:**:**:** IEEE 802.11: associated (aid 1) *** ** **:**:** ************** hostapd[3680]: wlan0: STA **:**:**:**:**:** IEEE 802.11: deauthenticated due to local deauth request
ネットワークインターフェイスにIPアドレスを割り当てる。
# cat << EOF >> /etc/network/interfaces allow-hotplug wlan0 auto wlan0 iface wlan0 inet static address 192.168.110.1 netmask 255.255.255.248 network 192.168.110.0 up route add -net 192.168.110.0 netmask 255.255.255.248 gw 192.168.110.1 pre-down route del -net 192.168.110.0 netmask 255.255.255.248 gw 192.168.110.1 EOF
dhcpdでipアドレスを割り当て、さらにMACアドレスで割り当てるIPアドレスを指定する例
# cat << EOF >> /etc/dhcp/dhcpd.conf subnet 192.168.100.0 netmask 255.255.255.248 { option routers 192.168.100.1; range 192.168.100.2 192.168.100.5; } host foobar { hardware ethernet **:**:**:**:**:** fixed-address 192.168.100.2; option host-name "foobar"; } EOF
# hostapd /etc/hostapd/hostapd.conf
最後にホストで動いているサービスにwlan0からつながるための設定
# /sbin/iptables -A INPUT -j ACCEPT -i wlan0
ブチブチ接続が切れるわけじゃないけど、RSSI値が大体-47から-45程度。リンクスピードが130Mbps。アンテナ同士が近づけばかなり改善するので、アンテナに延長ケーブルを付けたい。
実効的な速度は優先の10分の1程度になってしまった。有線(100Mbpsリンク)と無線(130Mbpsリンク)とでそれぞれsambaマウントしたディレクトリにddでファイル書き込みした場合の速度。有線はリンクスピードの8-9割出ているが、無線はリンクスピードの1割程度。結局有線のほうが早い結果になってる。
$ cd /mnt/wire $ dd if=/dev/zero of=./test count=10 bs=10M && rm ./test 10+0 records in 10+0 records out 104857600 bytes (105 MB) copied, 9.18348 s, 11.4 MB/s $ dd if=/dev/zero of=./test count=10 bs=100M && rm ./test 10+0 records in 10+0 records out 1048576000 bytes (1.0 GB) copied, 106.746 s, 9.8 MB/s $ cd /mnt/wireless $ dd if=/dev/zero of=./test count=10 bs=10M && rm ./test 10+0 records in 10+0 records out 104857600 bytes (105 MB) copied, 63.8521 s, 1.6 MB/s $ dd if=/dev/zero of=./test count=10 bs=100M && rm ./test 10+0 records in 10+0 records out 1048576000 bytes (1.0 GB) copied, 649.335 s, 1.6 MB/s
10 分間隔で "group key handshake completed" というメッセージが出る
ログを眺めていたら、以下のようなメッセージが10分間隔で出ている。これは正常。
# tail -f /var/log/daemon.log Jul 6 13:59:31 ****** hostapd: wlan0: STA **:**:**:**:**:** WPA: group key handshake completed (RSN) Jul 6 14:09:31 ****** hostapd: wlan0: STA **:**:**:**:**:** WPA: group key handshake completed (RSN) Jul 6 14:19:31 ****** hostapd: wlan0: STA **:**:**:**:**:** WPA: group key handshake completed (RSN) Jul 6 14:29:31 ****** hostapd: wlan0: STA **:**:**:**:**:** WPA: group key handshake completed (RSN)
以下を設定ファイルに追記すれば、間隔を5分にすることも可能。hostapdを再起動。
# echo "wpa_group_rekey=300" >> /etc/hostapd/hostapd.conf # /etc/init.d/hostapd restart Stopping advanced IEEE 802.11 management: hostapd. Starting advanced IEEE 802.11 management: hostapd. # tail -f /var/log/daemon.log Jul 6 14:59:34 ****** hostapd: wlan0: STA 00:1d:e0:31:7f:7f WPA: group key handshake completed (RSN) Jul 6 15:04:34 ****** hostapd: wlan0: STA 00:1d:e0:31:7f:7f WPA: group key handshake completed (RSN)
さらに、時々接続が切断される様子。接続状態をキープしたい。
# echo "wmm_enabled=0" >> /etc/hostapd/hostapd.conf # /etc/init.d/hostapd restart Stopping advanced IEEE 802.11 management: hostapd. Starting advanced IEEE 802.11 management: hostapd.
温度監視系設定
必要なパッケージのインストール
# apt-get install hddtemp lm-sensors (snip)
設定と確認
$ sensors k10temp-pci-00c3 Adapter: PCI adapter temp1: +34.0°C (high = +70.0°C) (crit = +100.0°C, hyst = +95.0°C) # sensors-detect (snip) # cat /etc/modules (snip) # Generated by sensors-detect on *** *** ** **:**:** **** # Chip drivers jc42 # shoutdown -h $ sensors jc42-i2c-0-18 Adapter: SMBus PIIX4 adapter at 0b00 temp1: +32.5°C (low = +0.0°C) ALARM (HIGH, CRIT) (high = +0.0°C, hyst = +0.0°C) (crit = +0.0°C, hyst = +0.0°C) k10temp-pci-00c3 Adapter: PCI adapter temp1: +37.1°C (high = +70.0°C) (crit = +100.0°C, hyst = +95.0°C) # hddtemp /dev/sd? /dev/sda: ***************: 37°C /dev/sdb: ***********: 37°C /dev/sdc: ***********************: 40°C /dev/sdd: ***********************: 45°C
可視化と定常監視用に zabbix を導入。今回は自分自身の監視を行うので、エージェントもサーバもインストール。
# apt-get install mysql-server zabbix-agent zabbix-server-mysql zabbix-frontend-php php5-mysql
# vi \ /usr/share/doc/zabbix-frontend-php/README.Debian \ /etc/php5/apache2/php.ini \ ;