Technologie

Using raspberry pi 3 as wifi bridge and repeater and firewall

Hi again,

following my raspberry 3 router project (http://blog.inforeseau.com/2018/06/raspberry-3-point-dacces-wifi-avec-filtrage-pub-tracking-access-point-add-tracking-filtering) and the repeater project (http://blog.inforeseau.com/2019/01/raspberry-3-create-a-wifi-repeater-with-usb-wifi-dongle) , i decided to fork these into a wifi repeater and bridge.

The goal is to use this approach in hotels or public wifi, where you wish to use your own router with its pi-hole and firewall. Any device connected behind the raspberry, will be hidden behind a totally blocking firewall.

So, let’s make it simple, i assume you took the image of the router project : http://blog.inforeseau.com/2018/06/raspberry-3-point-dacces-wifi-avec-filtrage-pub-tracking-access-point-add-tracking-filtering
I also assume you have the needed hardware ( a raspberry 3 and a wifi adapter like the canakit or panda as recommended into the linked original post)

You then replace the file /etc/rc.local (available as zip file here rc.local ) in the SD CARD rootfs partition, by the following one, in which you customize the following values :
wifissid which is your access point name, the SSID on which you will connect
wifipass which is the password you’ll have to use to this access point
existingwifissid which is the existing wifi on which the raspberry will connect to (the hotel or public wifi SSID)
existingwifipass which is the existing password of the wifi on which the raspberry will connect to (the hotel or public wifi password)

#!/bin/sh
# removed -e option above, because below command returns some warnings that must be ignored
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

# Print the IP address
_IP=$(hostname -I) || true
if [ "$_IP" ]; then
printf "My IP address is %s\n" "$_IP"
fi

# Create Access point wifi raspap other USB adapter
#/usr/bin/create_ap --isolate-clients --daemon --ieee80211n --ht_capab '[HT40+]' -c 44 -w 2 wlxe84e0651e6f6 enxb827eb9446d8 raspappriv welcomepriv2

#in this version, we connect to wan through wifi, so the onboard ethernet will be another LAN
onboardlan=`/root/get-nic.sh`
#since we'll connect to an existing wifi
#if using panda wifi, device is called wlan1, if using canakit, device is called wlx......
#we need to know if we have a wlan1
iswlan1=`/sbin/ifconfig -a|/bin/grep wlan1`;
#defining USB wifi interface name
if [ ! -z "${iswlan1}" ]; then
onboardwan="wlan1"
else
#we need to extract it
onboardwan=`/sbin/ifconfig -a|/bin/grep wlx|/usr/bin/awk -F ":" '{print $1}'`;
fi

#using the canakit wifi, only 2.4Ghz is supported, check before entering SSID in here
existingwifissid="my-wifi-ssid"
existingwifipass="my-wifi-password"
#we make sure default wpa-supplicant is empty
/bin/echo "" > /etc/wpa_supplicant/wpa_supplicant.conf
#we now create the one we need to be used with wlan1
#cleanup of the file
/bin/echo "" > /home/pi/wpa_supplicant.conf
#Populate the file
/bin/echo "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev" > /home/pi/wpa_supplicant.conf
/bin/echo "update_config=1" >> /home/pi/wpa_supplicant.conf
/bin/echo "network={" >> /home/pi/wpa_supplicant.conf
/bin/echo 'ssid="'${existingwifissid}'"' >> /home/pi/wpa_supplicant.conf
/bin/echo 'psk="'${existingwifipass}'"' >> /home/pi/wpa_supplicant.conf
/bin/echo "}" >> /home/pi/wpa_supplicant.conf
#initiate wifi connection
/bin/echo "" > /home/pi/start-wifi.sh
/bin/echo "#!/bin/bash" >> /home/pi/start-wifi.sh
/bin/echo "/sbin/wpa_supplicant -B -c/home/pi/wpa_supplicant.conf -i${onboardwan} -Dnl80211,wext" >> /home/pi/start-wifi.sh
/bin/chmod +x /home/pi/start-wifi.sh;
/home/pi/start-wifi.sh &

#Identify an other NIC in the raspberry (USB plugged one, to be used as LAN, aside of wifi)
usbnic=`/root/get-2nd-nic.sh`

#Force dhcp on interface
/sbin/dhclient ${onboardwan}

#update the NIC interface in the pi-hole config
#drop interface (last line)
/bin/cat /etc/dnsmasq.d/01-pihole.conf| grep -v interface > /root/01-pihole.conf.tmp
#update file without interface
/bin/cat /root/01-pihole.conf.tmp > /etc/dnsmasq.d/01-pihole.conf
#Add interface
/bin/echo "interface="${onboardwan} >> /etc/dnsmasq.d/01-pihole.conf

#restart the service
#systemctl restart dnsmasq

#Define wifi SSID
wifissid="raspappriv"

#Define wifi password
wifipass="welcomepriv2"

#Define wifi ip-net /24 by default
wifinetip="192.168.12.1"
# For home we keep subnet isolated (no bridge) to be able to force web filtering via pi-hole and we allow communication between devices (default IP for the AP is 192.168.12.1 and we run a pi-hole on it for DNS fo we force DNS server to be itself) using embedded wifi
/usr/bin/create_ap --daemon --dhcp-dns ${wifinetip} --ieee80211n --ht_capab '[HT20+]' -c 11 -w 2 wlan0 ${onboardwan} ${wifissid} ${wifipass}

#Now we want to protect the connected interface assuming this is WAN, and nothing from there should come in
#create_ap brings its own rules already
#I accept only packets that were initiated by the device
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#If you want to allow ping from outside to your device, uncomment below
#iptables -A INPUT -p icmp -j ACCEPT
#We fix slowlyness due to pi-hole as explained here : https://pi-hole.net/2018/02/02/why-some-pages-load-slow-when-using-pi-hole-and-how-to-fix-it/
iptables -A INPUT -p tcp --destination-port 443 -j REJECT --reject-with tcp-reset
iptables -A INPUT -p udp --destination-port 80 -j REJECT --reject-with icmp-port-unreachable
iptables -A INPUT -p udp --destination-port 443 -j REJECT --reject-with icmp-port-unreachable
#If you want to route/NAT a port from outside to an internal machine (which has static IP or reserved IP in /root/udhcpd.conf.master like 192.168.12.200 for the example below) to export a service (if you host nextcloud on a machine in your lan and want to make it available) :
#iptables -t nat -A PREROUTING -j DNAT -i ${onboardwan} -p tcp --dport 9443 --to-destination 192.168.12.200:9443

#now, while your service above is available from outside, like https://your-public-ip:9443, it is sadly not responding from internal wifi, so we allow it as well this way
#iptables -t nat -A PREROUTING -j DNAT -i wlan0 -p tcp --deport 9443 --to-destination 192.168.12.200:9443

#if you want to allow SSH to your device from outside (be careful, you'll get a lot of dictionary attacks and hacking attempts), you may want to uncomment below to open port 22 from outside
#iptables -A INPUT -p tcp -m state --state NEW -m tcp --deport 22 -j ACCEPT

#If we have a second interface (usbnic) then, we assign an IP to it, and we start dhcp server, and add propoer firewall rules
if [ ! -z "${usbnic}" ]; then
#we have an USB NIC, we set it up to handle the LAN connections as well
#defining IP
/sbin/ifconfig ${usbnic} 192.168.13.1 netmask 255.255.255.0 broadcast 192.168.13.255
#starting dhcp server on it
#copy the master config file as base (no interface designed)
/bin/cp /root/udhcpd.conf.master /root/udhcpd.conf
#adding the proper interface
/bin/echo "interface ${usbnic}">>/root/udhcpd.conf
#sending DNS request to the pi-hole on pi-hole proper IP
iptables -t nat -A PREROUTING -j DNAT -i ${usbnic} -p tcp --dport 53 --to-destination ${wifinetip}:5353
iptables -t nat -A PREROUTING -j DNAT -i ${usbnic} -p udp --dport 53 --to-destination ${wifinetip}:5353
#Assuming you opened the port 9443 above on wan and wifi, you also want, if connected your LAN machines to be able to access the service, so you would uncomment
#iptables -t nat -A PREROUTING -j DNAT -i ${usbnic} -p tcp --dport 9443 --to-destination 192.168.12.200:9443
#allow ip forward from this LAN
iptables -A FORWARD -s 192.168.13.0/24 -i ${usbnic} -j ACCEPT
#We NAT the traffic from this LAN
iptables -t nat -A POSTROUTING -s 192.168.13.0/24 -j MASQUERADE
#starting udhcpd
/usr/sbin/udhcpd -S /root/udhcpd.conf

fi

####################
#Because we use the WIFI as WAN, we can use the onbard NIC ($onboardlan) as second LAN CARD
####################
#configure onboard LAN IP
/sbin/ifconfig ${onboardlan} 192.168.15.1 netmask 255.255.255.0 broadcast 192.168.15.255
#create dedicated dhcp server config file
/bin/echo "" > /root/udhcpd2.conf
/bin/echo "start		192.168.15.10" >> /root/udhcpd2.conf
/bin/echo "end		192.168.15.254" >> /root/udhcpd2.conf
/bin/echo "lease_file	/var/lib/misc/udhcpd2.leases" >> /root/udhcpd2.conf
/bin/echo "pidfile	/var/run/udhcpd2.pid" >> /root/udhcpd2.conf
/bin/echo "opt	dns	192.168.15.1" >> /root/udhcpd2.conf
/bin/echo "option	subnet	255.255.255.0" >> /root/udhcpd2.conf
/bin/echo "opt	router	192.168.15.1" >> /root/udhcpd2.conf
/bin/echo "option	domain	local" >> /root/udhcpd2.conf
/bin/echo "option	lease	864000" >> /root/udhcpd2.conf
/bin/echo "# Static leases map" >> /root/udhcpd2.conf
/bin/echo "#static_lease 00:60:08:11:CE:4E 192.168.15.54" >> /root/udhcpd2.conf
/bin/echo "#static_lease 00:60:08:11:CE:3E 192.168.15.44" >> /root/udhcpd2.conf
/bin/echo "interface ${onboardlan}" >> /root/udhcpd2.conf
iptables -t nat -A PREROUTING -j DNAT -i ${onboardlan} -p tcp --dport 53 --to-destination ${wifinetip}:5353
iptables -t nat -A PREROUTING -j DNAT -i ${onboardlan} -p udp --dport 53 --to-destination ${wifinetip}:5353
iptables -A FORWARD -s 192.168.15.0/24 -i ${onboardlan} -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.15.0/24 -j MASQUERADE
/usr/sbin/udhcpd -S /root/udhcpd2.conf

#If you decided to open the port for your service on 9443 above (NAT), you need to accept it on the router too, so uncomment below
#iptables -A INPUT -p tcp -m tcp --dport 9443 -j ACCEPT

#I refuse any connection otherwise
iptables -A INPUT -i ${onboardwan} -j DROP

#We also load all the iptables helpers modules
/sbin/modprobe ip_nat_ftp nf_conntrack_netbios_ns xt_conntrack xt_multiport ip_nat_sip ip_conntrack_sip nf_conntrack_ftp nf_nat_ftp

exit 0

Then, when the raspberry boots, it will connect to the existing wifi with the information you’ve configure in the file, and will broadcast your own SSID.
You’ll also be able to connect a device on the LAN port, AND the USB LAN adapter if you have the one used for the router project. It means, 2 clients in ethernet (or more if using a switch) and wifi.

From there, you may consider the use of a VPN on the raspberry itself, yet to be tested, i’ll add comments later on, planning to test sshuttle, openvpn (compatibles with protonvpn), and potentially expressvpn. All are working, just to be tested against existing iptables rules basically.

As usual, this is a post to keep a track, and it should work for you as well.

lundi, janvier 21st, 2019 Technologie Pas de commentaire

Raspberry 3 – create a wifi repeater with USB wifi dongle

Updated on 2019 Jan 11 – tested and working from scratch

What you need to do this :

You need a raspberry pi 3 or raspberry pi 3 B+ if you want to handle wifi 5Ghz.
We need an extra wifi adapter (panda 005 or canakit wifi or any kernel supported adapter) – listed below are 2.4Ghz only
https://www.amazon.ca/gp/product/B00EQT0YK2/ref=oh_aui_search_detailpage?ie=UTF8&psc=1
https://www.amazon.ca/CanaKit-Raspberry-Wireless-Adapter-Dongle/dp/B00GFAN498/ref=sr_1_4?s=electronics&ie=UTF8&qid=1546365634&sr=1-4&keywords=raspberry+pi+wifi
or that
https://www.canakit.com/raspberry-pi-wifi.html

What you need to do then

Deploy original raspbian lite on it (this is a network management device, we don’t want or need a GUI on it). SSH to it or connect on the raspberri pi itself. User pi, password raspberry, sudo bash to be root.

Update the system and install requirements as follow :

apt-get update
apt upgrade
apt-get update
apt-get install git bash util-linux procps hostapd iproute2 iw haveged dnsmasq iptables vim
git clone https://github.com/oblique/create_ap
cd create_ap/
make install
cd ..

The above does apply all the latest updates, and clone the create_ap script that allows easy wifi access point creation.

You might want to change keyboard layout, which by default is UK. I do use US layout, so to change, run « raspi-config » -> « 4 – Localisation Options » -> « I3 – change keyboard layout » -> »Generic 103… » -> « Other » -> « English (US) » -> « ok » -> « default » -> « ok » -> « no compose key » -> « ok » -> « finish »
(use TAB to switch between buttons)

We want to handle wpa_supplicant manually, because otherwise we can’t assign proper interface. There is a configuration menu on the raspi-config command, but this is NOT what we want. The default wpa_supplicant use any of the wifi adapters to connect, sometime both. But in our case, we want 1 connected, and 1 access point.

mv /etc/wpa_supplicant/wpa_supplicant.conf /home/pi/wpa_supplicant.conf

Content of wpa_supplicant.conf have to be :


ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
ssid="yourexistingwifi"
psk="existingwifipassword"
}

In the above, you have to put the SSID of your main / existing wifi, and the password of it as psk. This will allow the raspberry to connect to this network with 1 of its adapters.

We then create a little script that will do what wee need. Create the file /home/pi/start-relaywifi.sh with the following content :

#!/bin/bash
wpa_supplicant -B -c/home/pi/wpa_supplicant.conf -iwlan0 -Dnl80211,wext
create_ap -g 172.20.0.1 -c 10 -w 2 wlan1 wlan0 relaywifi relaywifipassword

The above use the wlan0 interface to connect to your existing wifi (using most likely the onboard wifi of the raspberry), and the second line create an access point on the second wifi adapter (the USB one) that shares the connection of the first one.

We then set this to be called at boot from /etc/rc.local by adding the following lines before the last line of rc.local :

 /home/pi/start-relaywifi.sh

We then set the executable bit on our little script :

chmod +x /home/pi/start-relaywifi.sh

All good. Reboot the pi, and it should :

Boot raspbian, execute rc.local which call our script, connect to existing wifi, and appear as access point.

Sidenote : The onboard wifi driver does not support full A/P or bridging mode. Therefore, the extended wifi is using its own IP range, which must be different from the main one.
The IP range used in this example is 172.20.0.x, but you can pick any private IP range and adjust the create_ap command accordingly.
Device on extended wifi can speak to the main wifi, but main most likely won’t be able to see the devices on extended. If you have a printer, or so, it should be on the one.
If you want this to happen you should :
– reserve an IP on your main wifi for the raspberry MAC, so as it always gets the same IP
– add a route on your main router, that state, network 172.20.0.x can be reached via IP-YOU-RESERVED for the raspberry
I won’t go more in details, since the point was to get wifi network extended, and connect your wifi devices from bigger range.

I might add french later one, and will test this and adjust if need be, as i said, i have it running, but did not redo everything from scratch 😀

Happy new year 2019 😀

mardi, janvier 1st, 2019 Technologie Pas de commentaire

raspberry 3 – routeur pare feu point d’acces wifi avec filtrage pub et tracking – router firewall access point with add and tracking filtering

Liens mis a jour le 9 Novembre 2018 (version 8GB avec firewall sur ethernet et prise en charge du LAN sur USB, explications dans rc.local) – Links updated on 2018 Nov 9  ( 8GB version with firewall on ethernet port and LAN connectivity on USB adapter)

FAQ and more : http://blog.inforeseau.com/raspberry-3-router-project-faq

English below french.

Celui ci va être Français anglais (Compter 1h30 au total : 15min pour telecharger le fichier, 30 min pour extraire le .img du bz2, 30 min pour flasher la carte avec etcher) – routeur, firewall, filtre a publicite et tracage, point d’acces wifi and LAN (raspberry pi 3 + adaptateur USB cable matters pour le LAN)
This one will be in french and english (Count 1h30 total : 15min to download the file, 30 min to extract the .img file from bz2 archive, 30 min to flash the card with etcher) – router, firewall, adds filtering, tracking blocker, wifi access point and LAN (raspberry pi 3 + USB LAN adapters from cable matters)

Étant très sensible a la vie privée, et ne supportant pas les mensonges permanents du marketing, j’avais mis en place une instance « Pi-Hole » sur mon routeur maison, qui s’est avérée très efficace, voir indispensable.
Mais, pour des personnes moins techniques, la mise en place peut etre un peu complexe (meme juste changer les DNS dans un routeur), alors23 j’ai décidé de préparer une solution plus facile a mettre en place, et peu invasive.

J’ai préparé une image pour raspberry 3 (Micro SD 8GB – mais je recommande une taille supérieure, selon le modèle, l’image va refuser de restaurer pour cause de carte trop petite) qui vient pre-configuree avec raspbian + create_ap + pi-hole + listes de blockage en plus + mise a jour automatique des listes noire + gestion d’un LAN via adaptateur USB,  disponible ici : https://owncloud.mayahtt.com/index.php/s/fA2j57KcrzsFN29
Voici un lien alternatif sur google drive, potentiellement plus rapide : https://drive.google.com/open?id=1ATRAB7kXEHxMxlo-ER-eNrl_Hc8D-3yv
md5sum de l’image est : 3dcb8679db2cdb905a789c8768d78ae5

Action a suivre :
– Acheter un kit raspberry3 modèle B (comme ici https://www.newegg.ca/Product/Product.aspx?Item=N82E16813300009&cm_re=raspberry_pi_3-_-13-300-009-_-Product ou sur amazon https://www.amazon.ca/LANDZO-Raspberry-Completed-Kits/dp/B01IOVOQ38/ref=sr_1_14?ie=UTF8&qid=1529416642&sr=8-14&keywords=raspberry+pi+3+starter+kit – si le lien expire, chercher un raspberry starter kit) Il faut une carte micro SD > 16GB pour restaurer l’image (8GO est le format que j’utilise, mais certaines cartes sont legerement plus petites et ne permettent pas de restaurer simplement, c’est plus sur de prendre plus gros, meme si le systeme ne consomme que 2.5GB)
– Acheter cet adaptateur cable matters si vous souhaitez brancher votre LAN (reseau local) pour un usage comme routeur : https://www.amazon.ca/gp/product/B00BBD7NFU/ref=oh_aui_detailpage_o00_s00?ie=UTF8&psc=1
– downloader l’image (ici ou la ) que l’on met sur la carte avec etcher (disponible ici https://etcher.io/ )
Note : décompresser le fichier bz2 pour l’utiliser avec etcher (bunzip2 sous linux, ou 7zip sous windows)
– optionnel : éditer les paramètres dans rc.local (idéalement, comme c’est un système de fichier linux ext4, il faut monter la carte sur une machine linux, ou ajouter le support ext4 pour windows), et changer les valeurs « wifissid » et « wifipass » (sous rootfs/etc/rc.local)
– mettre la carte dans le raspberry, le brancher sur votre réseau maison (ou modem, car il y a maintenant un firewall sur le port ethernet), et hop, un nouveau point d’accès wifi, qui gère son propre réseau, avec filtrage pi-hole, est disponible. Si utilisation comme routeur : Le port reseau du raspberry est le port « WAN » (brancher internet dessus, le modem ou access internet en RJ45), tout peut sortir, rien ne peut entrer. Le pors USB est le port « LAN », a utiliser pour le reseau interne (vos PCs etc. Brancher directement un PC ou par un switch).

– SSID par defaut : raspappriv

– password par defaut : welcomepriv2

J’espère que vous aimerez ce petit outil (le mot de passe par défaut « welcomepriv2 » est également le mot de passe du compte « pi » accessible en ssh pour ceux qui veulent jouer.
En se connectant en wifi a ce réseau, on obtient des adresses en 192.168.12.x sur le wifi, et en 192.168.13.x sur le LAN USB, et l’interface d’admin du pi-hole est joignable sur http://192.168.12.1/admin.

“Pi-hole® est une marque déposée de Pi-hole LLC”
En utilisant l’image fournie, vous décidez de le faire a vos propres risque. Bien que je n’ai utilisé que les sources libres citée ci dessous, si un défaut ou tout autre problème survenait, je ne pourrais être tenu pour responsable (décharge de toute responsabilité ici).
Il vous incombe de mettre a jour le système pour corriger les problèmes de sécurité qui pourraient apparaître (comme la mise a jour des firmware de votre routeur etc).
Liste des composants utilises :
Rasbpian de raspberry.org : https://www.raspberrypi.org/downloads/raspbian/
create_ap : https://github.com/oblique/create_ap
Pi-hole : https://pi-hole.net/

#############
Since i’m privacy oriented person, and i can’t stand permanent marketing lies, i had setup a « pi-hole » on my home router,which became so efficient that i can’t browse without it.
But, for less technical persons, the setup might look a bit complex (even changing the DNS in your router can be), so i decided to preapre an easy to deploy solution, not invasive.

I made an image for raspberry3  (Micro SD 8GB – but i do recommend a bigger one, since sometimes the restore will state the target is too small to fit the image) which comes pre configured with raspbian + create_ap + pi-hole + additional add blocking list + auto blacklist updates + LAN management via USB ethernet adapter , available here : https://owncloud.mayahtt.com/index.php/s/fA2j57KcrzsFN29
Here is an alternative download link from google drive potentially faster : https://drive.google.com/open?id=1ATRAB7kXEHxMxlo-ER-eNrl_Hc8D-3yv
md5sum of the image should be : 3dcb8679db2cdb905a789c8768d78ae5

Actions to take :
– buy a raspberry 3 model B kit (like this one  https://www.newegg.ca/Product/Product.aspx?Item=N82E16813300009&cm_re=raspberry_pi_3-_-13-300-009-_-Product  or on amazon https://www.amazon.ca/LANDZO-Raspberry-Completed-Kits/dp/B01IOVOQ38/ref=sr_1_14?ie=UTF8&qid=1529416642&sr=8-14&keywords=raspberry+pi+3+starter+kit  if the link expire, look for raspberry 3 starter kit) You’ll need a micro SD 16GB to restore the image (8GB is the format i use to create the image, BUT some manufacturer produce slightly smaller size which would not allow the image to restore properly, so you should get a bigger one to be on the safe side even if the system only use about 2.5 GB in the end).
– buy this USB Ethernet adapter from « cable matters » if you want the device to be your LAN router as well :  https://www.amazon.ca/gp/product/B00BBD7NFU/ref=oh_aui_detailpage_o00_s00?ie=UTF8&psc=1
– download the image (here or there) and you place it on the SD card with etcher (available here https://etcher.io/ )
Note : extract the bz2 image file to use with etcher (bunzip2 under linux, or 7zip under windows)
– Optional : tweak the settings in rc.local (ideally, since this is an ext4 linux based file system, you should mount the card on a GNU/Linux machine, or add ext4 support on windows), and then change the values of « wifissid » and « wifipass » (under rootfs/etc/rc.local)
– place the card in the raspberry, plug it on your personal network (or on modem, since ethernet port now has firewall enabled), and you have a new wifi access point that managed its own subnet, with pi-hole filtering.
– If you plan to use it as your main router, the onboard ethernet port is the WAN (to be connected to internet via modem or direct connection RJ45), all output is allowed, all incoming denied. The USB port to be used as LAN port, to connect your local devices (PCs, etc, use a switch to connect more).

– Default SSID : raspappriv

– Default password : welcomepriv2

I hope you’ll enjoy this little project. (the default password is « welcomepriv2 » which is also the password for the account « pi » reachable by SSH for anyone who wants to play.
When you connect to this network on wifi, you’ll get an IP in the 192.168.12.x range, and the pi-hole admin interface is reachble at http://192.168.12.1/admin.
You’ll get IPs on the range 192.168.13.x if you connect to the USB Ethernet LAN connection. BOTH internat networks can see each other and communicate.

“Pi-hole® is a registered trademark of Pi-hole LLC”
By using the provided image, you decide to use it at your own risks.
While i used the free/open-source resources listed below, if anything wrong would come to happen, i could not be liable to this.
It is up to you to update the system to keep it safe from security vulnerabilities than may appear in time (pretty much like it is your duty to update your router firmware)
List of used softwares to build this image :
Rasbpian from raspberry.org : https://www.raspberrypi.org/downloads/raspbian/
create_ap : https://github.com/oblique/create_ap
Pi-hole : https://pi-hole.net/

vendredi, juin 15th, 2018 GNU - Linux, Paranoïa, Reseau, Technologie Un commentaire
Not f'd — you won't find me on Facebook
avril 2019
L M M J V S D
« Jan    
1234567
891011121314
15161718192021
22232425262728
2930  
 

 
Suivez moi sur twitter - follow me on twitter
[FSF Associate Member]
 
Free Software, Free Society
VIRTUALISATION :
Compacter une image virtualbox VDI
Bon petit tutoriel esxi
Marche d'appliances vmware
Installer ESXi sur un disque IDE
Installer ESXi 3.5 sur un disque USB
Installer proxmox avec DRBD et migration / réplication à chaud
Installer OSSEC avec VMware
Information sur le VDI
SECURITE - FIREWALL :
Ouvrir des ports dynamiquement iptables - knockd
Autre tres bon tuto knockd
Docs Arp poisoning - Anglais
Metasploit test de pénétration
Zone H - sites piratés en temps réel
Blog invisible things
Tips protection sécurité wordpress
Pfsense - distribution firewall opensource - adsl internet failover
Iproute 2 mini how to - linux advanced routing
ClearOS - la passerelle sécuritaire lan - wan
HAUTE DISPONIBILITE :
CDN - Accélération de la distribution de données
drbd iscsi ocfs2 dm multipath tutoriel
Load balancing LVS
Load balancing opensource list
HA-Proxy :
HAproxy - http load balancer
Simple tutoriel HAproxy
HAproxy - debian tutoriel
Centos - Ip failover
Configuratoin DM-Multipath Redhat
VMware Doubletake - continuité
Quelques liens sur la réplication MySQL : Manuel MySQL, chapitre sur la réplication
Manuel MySQL, Tutoriel clair sur la mise en place
Autre tuto sur la mise en place de la réplication MySQL
Références pour optimisation du serveur MySQL
Utilisation de EXPLAIN mysql pour optimiser vos bases
optimiser vos bases - requetes et index
STOCKAGE RESEAU :
Un outil de clonage disque en reseau
Internet NAS 250Go 250 accès VPN
Server ISCSI avec Ubuntu tuto
ISCSI centos redhat tutoriel
Gérer et étendre un LVM
Créer sa piratebox ! trop cool
Deaddrops, les clés USB dans les murs, aussi cool !
OPTIMISATION WORDPRESS :
Télécharger Xenu
Comment utiliser Xenu
optimisation hébergement wordpress
Super howto wordpress (En)
Test de charge serveur web - Load impact
VPN - ROUTEUR - LAN:
Zeroshell - le mini-routeur wifi tout en un
Retroshare, votre réseau d'échange crypté!
Openvpn sur centos redhat
Intégrer Linux dans active directory
Routage inter-vlan avec Linux
Routage avec OSPF
Network Weathermap
TENDANCES - WEB:
Boutons twitter
Analyser les tendances des recherches Google
Protocole sitemap - robots.txt
Creer des animations CSS3
Code php pour interagir avec twitter
E reputation
Jquery
TRUCS ET ASTUCES GNU/LINUX :
Tuxmachines.org - Actus et tips linux
Configurer GRUB2 et grub2 ici
Panoet - en anglais - tips & tricks
Readylines tips and trick pertinents
Squid Clamav - proxy antivirus
Apprendre Unix en 10 minutes
13 tips sur les expressions régulières
IE Sous linux IES
LDAP 2.4 Quickstart guide
Tutoriel LDAP
Installation annuaire LDAP
Serveur Mail Postfix - Dovecot - LDAP - MDS
Créer un linux personnalisé en ligne - custom linux
Super site sur linux - en
Capistrano - déploiement automatisé
MONITORING :
Nagios tutoriel et doc
Nagios plugin NRPE tuto
Nagios plugin NRPE autre tuto
Nagios plugin NRPE officiel
Zabbix - fonctionnalités
Zabbix - installation
Guide MRTGsys - grapher la charge locale
MRTGsys - ajouter des graphs
MRTGsys - interpréter les données
Shinken - Monitoring
Thruk Monitoring webinterface
Shinken - Tutoriel
Shinken - Référence chez Nicolargo
AUTRES LIENS :
RemixJobs IT jobs
USB Multiboot
Reset mot de passe windows
Java python et autres tips, intéressant !
Forum inforeseau
Open Clipart
Excellent comic en ligne
Inforeseau.fr
 
Contrat Creative Commons
This création is licensed under a Creative Commons Paternité - Pas d'Utilisation Commerciale - Partage des Conditions Initiales à l'Identique 2.0 France License.