interesting
/
linux-router
mirror of https://github.com/garywill/linux-router.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: interesting:master
Branches Tags
interesting:master
interesting:workaround-31
interesting:dev-12
interesting:history
interesting:0.8.1
interesting:0.7.6
interesting:0.7.3
interesting:0.7.1
interesting:0.7.1b
interesting:0.6.7
interesting:0.6.6
interesting:0.6.5
interesting:0.6.2
interesting:0.6.0
..
compare: interesting:0.6.7
Branches Tags
interesting:master
interesting:workaround-31
interesting:dev-12
interesting:history
interesting:0.8.1
interesting:0.7.6
interesting:0.7.3
interesting:0.7.1
interesting:0.7.1b
interesting:0.6.7
interesting:0.6.6
interesting:0.6.5
interesting:0.6.2
interesting:0.6.0

No commits in common. "master" and "0.6.7" have entirely different histories.
master ... 0.6.7

2 changed files with 602 additions and 979 deletions
Show Stats Expand all files Collapse all files

202
README.md
View File

@ -4,8 +4,7 @@ Set Linux as router in one command. Able to provide Internet, or create WiFi hot
It wraps `iptables`, `dnsmasq` etc. stuff. Use in one command, restore in one command or by `control-c` (or even by closing terminal window).
[More tools and projects 🛠️](https://garywill.github.io) | [🍻 Buy me a coffee ❤️](https://github.com/garywill/receiving/blob/master/receiving_methods.md)
[Linux-Router News & Developer Notes 📰](https://github.com/garywill/linux-router/issues/28) | [More tools and projects 🛠️](https://garywill.github.io) | [🍻 Buy me a coffee ❤️](https://github.com/garywill/receiving/blob/master/receiving_methods.md)
## Features
@ -19,17 +18,13 @@ Basic features:
- Specify upstream DNS (kind of a plain DNS proxy)
- IPv6 (behind NATed LAN, like IPv4)
- Creating WiFi hotspot:
- Wifi 3/4/5/6
- 2.4GHz, 5GHz
- Channel selecting
- Choose encryptions: WPA2/WPA, WPA2, WPA, No encryption
- Create AP on the same interface you are getting Internet (Need hardware support. Usually require same channel)
- Create AP on the same interface you are getting Internet (usually require same channel)
- Transparent proxy (redsocks)
- Transparent DNS proxy (hijack port 53 packets)
- Detect and prevent interference from following Linux system daemons:
- NetworkManager (handle interface (un)managed status)
- firewalld (use temporary `trusted` zone)
- Instances managing. You can run multiple instances, to create different sub-networks.
- Detect NetworkManager and make sure it won't interfere (handle interface (un)managed status)
- You can run many instances, to create many different networks. Has instances managing feature.
**For many other features, see below [CLI usage](#cli-usage-and-other-features)**
@ -66,36 +61,11 @@ Internet----(eth0/wlan0)-Linux-(eth1)------Another PC
Internet----(eth0/wlan0)-Linux-(virtual interface)-----VM/container
```
## Install
1-file-script. Release on [Linux-router repo on Github](https://github.com/garywill/linux-router). Just download and run the bash script (meet the dependencies). In this case use without installation.
I'm currently not packaging for any distro. If you do, open a PR and add the link (can be with a version badge) to list here
| Linux distro | |
| ------------ | ---------------------------------------------------------------------------------------------------------- |
| Any | download [1-file-script](https://raw.githubusercontent.com/garywill/linux-router/master/lnxrouter) and run without installation |
### Dependencies
- bash
- procps or procps-ng
- iproute2
- dnsmasq
- iptables (or nftables with `iptables-nft` translation linked)
- WiFi hotspot dependencies
- hostapd
- iw (or iwconfig, when iw can not recognize adapter)
- haveged (optional)
- crda and wireless-regdb (optional)
## Usage
### Provide Internet to an interface
```bash
```
sudo lnxrouter -i eth1
```
@ -103,7 +73,7 @@ no matter which interface (other than `eth1`) you're getting Internet from.
### Create WiFi hotspot
```bash
```
sudo lnxrouter --ap wlan0 MyAccessPoint -p MyPassPhrase
```
@ -115,29 +85,30 @@ Clients access Internet through only `isp5`
<details>
```bash
```
sudo lnxrouter -i eth1 -o isp5 --no-dns --dhcp-dns 1.1.1.1 -6 --dhcp-dns6 [2606:4700:4700::1111]
```
> In this case of usage, it's recommended to:
>
> 1. Stop serving local DNS
> 2. Tell clients which DNS to use (ISP5's DNS. Or, a safe public DNS, like above example)
> 2. Tell clients which DNS to use ISP5's DNS. (Or, a safe public DNS, like above example)
> Also, read *Notice 1*
</details>
### Create LAN without providing Internet
### LAN without Internet
<details>
```bash
sudo lnxrouter -n -i eth1
```
```bash
sudo lnxrouter -n -i eth1
sudo lnxrouter -n --ap wlan0 MyAccessPoint -p MyPassPhrase
```
> Read _Notice 1_
</details>
### Internet for LXC
@ -146,7 +117,7 @@ sudo lnxrouter -n --ap wlan0 MyAccessPoint -p MyPassPhrase
Create a bridge
```bash
```
sudo brctl addbr lxcbr5
```
@ -159,7 +130,7 @@ lxc.network.link = lxcbr5
lxc.network.hwaddr = xx:xx:xx:xx:xx:xx
```
```bash
```
sudo lnxrouter -i lxcbr5
```
@ -171,7 +142,7 @@ All clients' Internet traffic go through, for example, Tor (notice this example
<details>
```bash
```
sudo lnxrouter -i eth1 --tp 9040 --dns 9053 -g 192.168.55.1 -6 --p6 fd00:5:6:7::
```
@ -196,7 +167,7 @@ To not give our infomation to clients. Clients can still access Internet.
<details>
```bash
```
sudo lnxrouter -i eth1 \
--tp 9040 --dns 9053 \
--random-mac \
@ -214,13 +185,13 @@ sudo lnxrouter -i eth1 \
Create a bridge
```bash
```
sudo brctl addbr lxdbr5
```
Create and add a new LXD profile overriding container's `eth0`
```bash
```
lxc profile create profile5
lxc profile edit profile5
@ -238,13 +209,13 @@ name: profile5
lxc profile add <container> profile5
```
```bash
```
sudo lnxrouter -i lxdbr5 --tp 9040 --dns 9053
```
To remove that new profile from container
```bash
```
lxc profile remove <container> profile5
```
@ -252,13 +223,13 @@ lxc profile remove <container> profile5
Add new `eth0` to container overriding default `eth0`
```bash
```
lxc config device add <container> eth0 nic name=eth0 nictype=bridged parent=lxdbr5
```
To remove the customized `eth0` to restore default `eth0`
```bash
```
lxc config device remove <container> eth0
```
@ -270,7 +241,7 @@ lxc config device remove <container> eth0
In VirtualBox's global settings, create a host-only network `vboxnet5` with DHCP disabled.
```bash
```
sudo lnxrouter -i vboxnet5 --tp 9040 --dns 9053
```
@ -282,11 +253,11 @@ sudo lnxrouter -i vboxnet5 --tp 9040 --dns 9053
Create a bridge
```bash
```
sudo brctl addbr firejail5
```
```bash
```
sudo lnxrouter -i firejail5 -g 192.168.55.1 --tp 9040 --dns 9053
firejail --net=firejail5 --dns=192.168.55.1 --blacklist=/var/run/nscd
```
@ -312,16 +283,17 @@ Options:
and to provide Internet to
(To create WiFi hotspot use '--ap' instead)
-o <interface> Specify an inteface to provide Internet from.
(See Notice 1)
(Note using this with default DNS option may leak
queries to other interfaces)
-n Do not provide Internet
-n Do not provide Internet (See Notice 1)
--ban-priv Disallow clients to access my private network
-g <ip> This host's IPv4 address in subnet (mask is /24)
(example: '192.168.5.1' or '5' shortly)
-6 Enable IPv6 (NAT)
--no4 Disable IPv4 Internet (not forwarding IPv4).
Usually used with '-6'
--no4 Disable IPv4 Internet (not forwarding IPv4)
(See Notice 1). Usually used with '-6'
--p6 <prefix> Set IPv6 LAN address prefix (length 64)
(example: 'fd00:0:0:5::' or '5' shortly)
@ -330,7 +302,7 @@ Options:
--dns <ip>|<port>|<ip:port>
DNS server's upstream DNS.
Use ',' to seperate multiple servers
(default: use /etc/resolv.conf)
(default: use /etc/resolve.conf)
(Note IPv6 addresses need '[]' around)
--no-dns Do not serve DNS
--no-dnsmasq Disable dnsmasq server (DHCP, DNS, RA)
@ -370,7 +342,7 @@ Options:
Using this you can't use same wlan interface
for both Internet and AP
--virt-name <name> Set name of virtual interface
-c <channel> Specify channel (default: use current, or 1 / 36)
-c <channel> Channel number (default: 1)
--country <code> Set two-letter country code for regularity
(example: US)
--freq-band <GHz> Set frequency band: 2.4 or 5 (default: 2.4)
@ -384,54 +356,16 @@ Options:
(defaults to /etc/hostapd/hostapd.accept)
--hostapd-debug <level> 1 or 2. Passes -d or -dd to hostapd
--isolate-clients Disable wifi communication between clients
--sta-timeout <seconds> Timeout to disconnect a no-signal client
--ieee80211n Enable IEEE 802.11n (HT)
--ieee80211ac Enable IEEE 802.11ac (VHT)
--ht_capab <HT> HT capabilities (default: [HT40+])
--vht_capab <VHT> VHT capabilities
--no-haveged Do not run haveged automatically when needed
--hs20 Enable Hotspot 2.0
WiFi 4 (802.11n) configs (2.4G/5GHz): (default: not enable)
--wifi4 Enable IEEE 802.11n (HT, High Throughput)
--ht-capab <HT caps> HT capabilities (example: '[HT40+][DSSS_CCK-40]')
(default: '[HT40+]')
--req-wifi4 Only support Wifi>=4 clients
WiFi 5 (802.11ac) configs (5GHz): (default: not enable)
--wifi5 Enable IEEE 802.11ac (VHT, Very High Thoughtput)
--vht-capab <VHT caps> VHT capabilities (example: '[VHT160][RXLDPC]')
--vht-ch-width <index> Index of VHT channel width:
0 for 20MHz or 40MHz (default)
1 for 80MHz
2 for 160MHz
3 for 80+80MHz (Non-contigous 160MHz)
--vht-seg0-ch <channel> Channel index of VHT center frequency for primary
segment. Use with '--vht-ch-width'
--vht-seg1-ch <channel> Channel index of VHT center frequency for secondary
(second 80MHz) segment. Use with '--vht-ch-width 3'
--req-wifi5 Only support Wifi>=5 clients
WiFi 6 (802.11ax) configs (2.4G/5GHz): (default: not enable)
--wifi6 Enable IEEE 802.11ax (HE, High Efficiency)
--he-ch-width <index> Index of HE channel width:
0 for 20MHz or 40MHz (default)
1 for 80MHz
2 for 160MHz
3 for 80+80MHz (Non-contigous 160MHz)
--he-seg0-ch <channel> Channel index of HE center frequency for primary
segment. Use with '--he-ch-width'
--he-seg1-ch <channel> Channel index of HE center frequency for secondary
(second 80MHz) segment. Use with '--he-ch-width 3'
--he-su-bfe HE Single User Beamformee support
--he-su-bfr HE Single User Beamformer support
--he-mu-bfr HE Multi User Beamformer support
--req-wifi6 Only support Wifi>=6 clients
--p2ptwt Peer-to-Peer Target Wake Time support
Note: Some cutting-edge Wifi features strongly depends on hostapd built
with specific flags enabled and compatible hardware
Instance managing:
--daemon Run in background
--keep-confdir Don't delete the temporary config dir after exit
-l, --list-running Show running instances
--lc, --list-clients <id|interface>
List clients of an instance. Or list neighbors of
@ -444,6 +378,20 @@ Options:
</details>
## Notice
<details>
```
Notice 1: This script assume your host's default policy won't forward
packets, so the script won't explictly ban forwarding in any
mode. In some unexpected case (eg. mistaken configurations) may
cause unwanted packets leakage between 2 networks, which you
should be aware of if you want isolated network
```
</details>
## What changes are done to Linux system
On exit of a linux-router instance, script **will do cleanup**, i.e. undo most changes to system. Though, **some** changes (if needed) will **not** be undone, which are:
@ -455,25 +403,39 @@ On exit of a linux-router instance, script **will do cleanup**, i.e. undo most c
5. The wifi device which is used to create hotspot is `rfkill unblock`ed
6. WiFi country code, if user assigns
## Meet contributor(s) and become one of them
## Install
Visit [**my homepage** 🏡](https://garywill.github.io) to see **more tools and projects** 🛠️.
1-file-script. Download and run (meet the dependencies).
> [❤️ Buy me a coffee](https://github.com/garywill/receiving/blob/master/receiving_methods.md) , this project took me lots of time! ([❤️ 扫码领红包并打赏一个!](https://github.com/garywill/receiving/blob/master/receiving_methods.md))
>
> 🥂 ( ^\_^) o自自o (^_^ ) 🍻
I'm currently not packaging for any distro. If you do, open a PR and add the link (can be with a version badge) to list here:
🤝 Bisides, thank [create_ap](https://github.com/oblique/create_ap) by [oblique](https://github.com/oblique). This script was forked from create\_ap. Now they are quite different. 🤝 Also thank those people who contributed to that project.
| Linux distro | |
| ------------ | ---------------------------------------------------------------------------------------------------------- |
| Any | download [1-file-script](https://raw.githubusercontent.com/garywill/linux-router/master/lnxrouter) and run |
👨‍💻 You can be contributor, too!
## Dependencies
- 🍃 There're some TO-DOs listed, in both [readme TODO](#todo) and [in the code file](https://github.com/garywill/linux-router/search?q=TODO&type=code)
- 🍃 Also some [unfulfilled enhancements in the Issues](https://github.com/garywill/linux-router/issues?q=is%3Aissue+is%3Aopen+label%3Aenhancement)
- 🙋‍♂️ Contributions are not limited to coding. There're [some posts and questions](https://github.com/garywill/linux-router/issues) that need more people to answer
- bash
- procps or procps-ng
- iproute2
- dnsmasq
- iptables (or nftables with `iptables-nft` translation linked)
- WiFi hotspot dependencies
- hostapd
- iw
- iwconfig (you only need this if 'iw' can not recognize your adapter)
- haveged (optional)
## TODO
Sooner is better:
- Detect firewalld and make sure it won't interfere our interface
Future:
- WPA3
- Global IPv6
- Explictly ban forwarding if not needed
- Bring bridging method back
## License
@ -534,4 +496,14 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
</details>
## Meet developer(s) and become one of them
Visit [**my homepage** 🏡](https://garywill.github.io) to see **more tools and projects** 🛠️.
> [❤️ Buy me a coffee](https://github.com/garywill/receiving/blob/master/receiving_methods.md) , this project took me lots of time! ([❤️ 扫码领红包并打赏一个!](https://github.com/garywill/receiving/blob/master/receiving_methods.md))
>
> 🥂 ( ^\_^) o自自o (^_^ ) 🍻
🤝 Bisides, thank [create_ap](https://github.com/oblique/create_ap) by [oblique](https://github.com/oblique). This script was forked from create\_ap. Now they are quite different. (See `history` branch for how I modified create_ap). 🤝 Also thank those who contributed to that project.
👨‍💻 You can be contributor, too! 🍃 There're some TO-DOs listed, at both [above](#todo) and [in the code file](https://github.com/garywill/linux-router/search?q=TODO&type=code). 🍃 Also some [unfulfilled enhancements in the Issues](https://github.com/garywill/linux-router/issues?q=is%3Aissue+is%3Aopen+label%3Aenhancement). Your name can be here!

1079
lnxrouter
View File

File diff suppressed because it is too large Load Diff