Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

The use of dnsmasq and Raspberry Pi AP functions to improve systemd service encapsulation

2025-01-27 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/03 Report--

Today, the editor will bring you an article on the use of dnsmasq and Raspberry Pi AP features to improve systemd service encapsulation. The editor thinks it's pretty good, so I'll share it for you as a reference. Let's follow the editor and have a look.

Start using the command line without encapsulating the startup itself as a fixed "service"

The names of the internal network cards of the third generation raspberry pie and the external network cards used by the author are both wlan*, which may cause numbering confusion when the system is started.

In the configuration file of the udhcpd service, you need to specify the address of the upstream DNS manually, which makes it difficult to adjust.

Because the Kali system used by the author is a relatively new Kali rolling, like Debian 9 Personality Ubuntu 16.04 and CentOS/RHEL 7.x, systemd has been used instead of init. Therefore, in view of the first defect, the author uses systemd to encapsulate the service to facilitate management.

Systemd can not only manage system services, but also manage the network. In view of the second defect, the author uses systemd-networkd to rename the network card device, so as to avoid confusion with the built-in network card name.

For the third problem, the static specification of DNS for udhcpd, the author will use dnsmasq instead, so that the AP client uses the upstream DNS of raspberry pie for name resolution.

Note: init and systemd will be described in detail in other blog posts. This article focuses on practical application.

Modification of network card name

In the Debian whezzy version and CentOS/RHEL6.x, we used to write udev rules to modify the name of the network card device, but now we can use systemd-networkd to modify the name of the network card by writing .link files.

We need to query the hardware information we want by using the following command:

Jc@kali:~$ sudo udevadm info-a-p / sys/class/net/wlan1.ATTR {address} = "00 DRIVERS== 11 rt2800usb 22 22 14 33 44 15 55" DRIVERS== "rt2800usb".

Create a .link file under the / etc/systemd/network directory with the following contents:

Jc@kali:~$ sudo cat / etc/systemd/network/10- ethusb0.link[Match] MACAddress=00:11:22:33:44: 55[Link] Description=USB to Ethernet AdapterName=ethusb0

After that, restart the systemd-networkd service (if it has been enabled, you can ignore the above operation), and remount the Nic driver. Using the ip command, you can see that the name of the Nic has changed:

Jc@kali:~$ sudo systemctl enable systemd-networkd.servicejc@kali:~$ sudo systemctl start systemd-networkd.servicejc@kali:~$ modprobe-r rt2800usbjc@kali:~$ modprobe rt2800usbjc@kali:~$ sudo ip l sh | grep ethusb06: ethusb0: mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000

After that, modify the configuration file of hostapd (for the installation and configuration process of hostapd, please see the previous blog post mentioned in the preface). The modified content is as follows:

Interface=ethusb0ssid=raspberry_APhw_mode=gchannel=11macaddr_acl=0auth_algs=1ignore_broadcast_ssid=0wpa=2wpa_passphrase=PASSWORDwpa_key_mgmt=WPA-PSKwpa_pairwise=TKIPrsn_pairwise=CCMP

Installation and configuration of dnsmasq

Here's how to use dnsmasq, a lightweight application, to use raspberry pie as a DHCP server as well as a local DNS server. First of all, a brief introduction to dnsmasq. This is a lightweight tool for configuring DNS agents and DHCP and TFTP, suitable for small networks, often used in embedded systems, and the DHCP distribution function for virtual machine instances in Openstack is also completed by dnsmasq.

First, install dnsmasq

Jc@kali:~$ sudo apt-get dnsmasq

Check the introduction of dnsmasq and what is installed:

Jc@kali:~$ dpkg-query-l dnsmasqDesired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend | / Err?= (none) / Reinst-required (Status) Err: uppercase=bad) | | / Name Version Architecture Description+++-==-===ii dnsmasq 2.76-5 all Small caching DNS proxy and DHCP/TFTP serverjc@kali:~$ dpkg-query-L dnsmasq/./etc/etc/default/etc/default/dnsmasq/etc/dnsmasq.conf/etc/dnsmasq.d/etc/dnsmasq.d/README/etc/init.d/etc/init.d/dnsmasq/etc/insserv.conf.d/etc/insserv.conf.d/dnsmasq/etc/resolvconf/etc/resolvconf/update .d / etc/resolvconf/update.d/dnsmasq/lib/lib/systemd/lib/systemd/system/lib/systemd/system/dnsmasq.service/usr/usr/lib/usr/lib/resolvconf/usr/lib/resolvconf/dpkg-event.d/usr/lib/resolvconf/dpkg-event.d/dnsmasq/usr/share/usr/share/dnsmasq/usr/share/dnsmasq/installed-marker/usr/share/doc/usr/share/doc/dnsmasqjc@kali:~$ sudo dpkg-query-L dnsmasq-base/ . / etc/etc/dbus-1/etc/dbus-1/system.d/etc/dbus-1/system.d/dnsmasq.conf/usr/usr/sbin/usr/sbin/dnsmasq/usr/share/usr/share/dnsmasq-base/usr/share/dnsmasq-base/trust-anchors.conf/usr/share/doc/usr/share/doc/dnsmasq-base/usr/share/doc/dnsmasq-base/DBus-interface.gz/usr/share/doc/dnsmasq-base/FAQ.gz/usr/ Share/doc/dnsmasq-base/README.Debian/usr/share/doc/dnsmasq-base/changelog.Debian.gz/usr/share/doc/dnsmasq-base/changelog.archive.gz/usr/share/doc/dnsmasq-base/changelog.gz/usr/share/doc/dnsmasq-base/copyright/usr/share/doc/dnsmasq-base/doc.html/usr/share/doc/dnsmasq-base/examples/usr/share/doc/dnsmasq-base/examples/dnsmasq.conf.example/usr/share/doc/ Dnsmasq-base/setup.html/usr/share/locale/usr/share/locale/de/usr/share/locale/de/LC_MESSAGES/usr/share/locale/de/LC_MESSAGES/dnsmasq.mo/usr/share/locale/es/usr/share/locale/es/LC_MESSAGES/usr/share/locale/es/LC_MESSAGES/dnsmasq.mo/usr/share/locale/fi/usr/share/locale/fi/LC_MESSAGES/usr/share/locale/fi/LC_MESSAGES/dnsmasq. Mo/usr/share/locale/fr/usr/share/locale/fr/LC_MESSAGES/usr/share/locale/fr/LC_MESSAGES/dnsmasq.mo/usr/share/locale/id/usr/share/locale/id/LC_MESSAGES/usr/share/locale/id/LC_MESSAGES/dnsmasq.mo/usr/share/locale/it/usr/share/locale/it/LC_MESSAGES/usr/share/locale/it/LC_MESSAGES/dnsmasq.mo/usr/share/locale/no/usr/ Share/locale/no/LC_MESSAGES/usr/share/locale/no/LC_MESSAGES/dnsmasq.mo/usr/share/locale/pl/usr/share/locale/pl/LC_MESSAGES/usr/share/locale/pl/LC_MESSAGES/dnsmasq.mo/usr/share/locale/pt_BR/usr/share/locale/pt_BR/LC_MESSAGES/usr/share/locale/pt_BR/LC_MESSAGES/dnsmasq.mo/usr/share/locale/ro/usr/share/locale/ro/ LC_MESSAGES/usr/share/locale/ro/LC_MESSAGES/dnsmasq.mo/usr/share/man/usr/share/man/es/usr/share/man/es/man8/usr/share/man/es/man8/dnsmasq.8.gz/usr/share/man/fr/usr/share/man/fr/man8/usr/share/man/fr/man8/dnsmasq.8.gz/usr/share/man/man8/usr/share/man/man8/dnsmasq.8.gz/var/var/lib/var/lib/misc

As you can see from the above results, the main program is / usr/sbin/dnsmasq, the default configuration file is / etc/dnsmasq.conf, and there is also a dnsmasq service under systemd. However, in this article, in order to encapsulate dnsmasq and hostapd into a unified new service, the dnsmasq service installed by default in the package and the default configuration file are deprecated. Edit the new configuration file as shown below. In the following configuration, using dhcp-options to pass the DNS server to the client is 20.20.20.1 for the raspberry pie itself, while the raspberry pie uses the / etc/resolv.conf file as the upstream DNS server for name resolution, and this / etc/resolv.conf file is automatically obtained when dialing pon dsl-provider.

Jc@kali:~$ cat / etc/dnsmasq_AP.conf#DHCPlisten-address=20.20.20.1127.0.0.1dhcp-range=20.20.20.2,20.20.20.20,12hdhcp-option=3,20.20.20.1user=dnsmasq#DNSno-hostscache-size=500resolv-file=/etc/resolv.conf

Service encapsulation

After preparing the above process, let's uniformly encapsulate the hostapd,dnsmasq.

Create the / lib/systemd/system/AP.service file, as shown below. The Unit segment describes and configures the service dependency; the Service segment configures the service startup, including opening the link, configuring the IP address of the network card, enabling the hostapd service, and enabling the dnsmasq service; the Install configuration segment specifies that the service uses multi-user.target, which corresponds to multi-user status.

[Unit] Description=APWants=network.targetBefore=network.targetBindsTo=sys-subsystem-net-devices-ethusb0.deviceAfter=sys-subsystem-net-devices- ethusb0.device [service] Type=oneshotRemainAfterExit=yesExecStart=/sbin/ip link set dev ethusb0 upExecStart=/sbin/ip addr add 20.20.20.1and24 broadcast 20.20.20.255 dev ethusb0ExecStart=/usr/sbin/hostapd-B / etc/hostapd/hostapd.confExecStart=/usr/sbin/dnsmasq-C / etc/dnsmasq_AP.confExecStop=/sbin/ip addr flush dev ethusb0ExecStop=/sbin/ip link set dev ethusb0 downlink [install] WantedBy=multi-user.target

Activate the service with the following command and set it to boot automatically. Observe whether the ip address, hostapd service, and dnsmasq service have been started:

Jc@kali:~$ sudo systemctl enable AP.servicejc@kali:~$ sudo systemctl start AP.servicejc@kali:~$ ps-ef | grep-E ". * hostapd |. * dnsmasq" | grep-v greproot 1337 10 19:43? 00:00:12 / usr/sbin/hostapd-B / etc/hostapd/hostapd.confdnsmasq 1340 10 19:43? 00:00:00 / usr/sbin/dnsmasq-C / etc/dnsmasq_AP.confjc@kali:~$ ip a sh dev ethusb06: ethusb0: mtu 1500 qdisc mq state UP Group default qlen 1000link/ether c8:3a:35:d3:1b:4e brd ff:ff:ff:ff:ff:ffinet 20.20.20.1/24 brd 20.20.20.255 scope global ethusb0valid_lft forever preferred_lft foreverinet6 fe80::ca3a:35ff:fed3:1b4e/64 scope linkvalid_lft forever preferred_lft forever

The output information of attempting to connect to raspberry_AP,cygwin with windows as a client is as follows:

Wireless LAN Adapter Wireless Network connection: connect to a specific DNS suffix. . . . . . . Description. . . . . . . . . . . . . . . Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC physical address. . . . . . . . . . . . . : FF-FF-FF-FF-FF-FF DHCP is enabled. . . . . . . . . . . Automatic configuration is enabled. . . . . . . . . . Is the local link IPv6 address. . . . . . . . Fe80::c011:2b50:411b:56b7%38 (preferred) IPv4 address. . . . . . . . . . . . 20.20.20.8 (preferred) subnet mask. . . . . . . . . . . . 255.255.255.0 time to obtain the lease. . . . . . . . . The expiration of the lease at 19:46:52 on May 14, 2017. . . . . . . . . 7:46:52, May 15, 2017, default gateway. . . . . . . . . . . . . : 20.20.20.1 DHCP server. . . . . . . . . . . : 20.20.20.1 DHCPv6 IAID. . . . . . . . . . . : 810821406 DHCPv6 client DUID. . . . . . . : 00-01-00-01-1C-58-D9-FD-44-8A-5B-ED-33-CF DNS server. . . . . . . . . . . : 20.20.20.1 NetBIOS on TCPIP. . . . . . . : enabled

Try ping the great Baidu:

[jiangche00.jiangche00-PC] ping www.baidu.com is Ping www.a.shifen.com [111.206.223.206] with 32 bytes of data: reply from 111.206.223.206: byte = 32 time = 7ms TTL=56 reply from 111.206.223.206: byte = 32 time = 13ms TTL=56 reply from 111.206.223.206: byte = 32 time = 12ms TTL=56 reply from 111.206.223.206: Byte = 32 time = Ping Statistics for 9ms TTL=56 111.206.223.206: packet: sent = 4 Received = 4, lost = 0 (0% lost), estimated time of round trip (in milliseconds): shortest = 7ms, longest = 13ms, average = 10ms

These are the details of the use of dnsmasq and the improvement of systemd service encapsulation by Raspberry Pi AP functions. have you learned anything after reading it? If you want to know more about it, you are welcome to follow the industry information!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report