From bc9e22849ca260dd08f74e3f63c7ac5be10b5f29 Mon Sep 17 00:00:00 2001 From: Fincer Date: Wed, 17 Oct 2018 21:05:01 +0300 Subject: [PATCH] Initial commit --- README.md | 199 ++++++++++++++++++++++++++++++++++ conf-templates/hostapd.conf | 88 +++++++++++++++ conf-templates/iptables.rules | 23 ++++ snic.sh | 119 ++++++++++++++++++++ snic/dhcpd4-eth0.conf | 21 ++++ snic/dhcpd4-wlan0.conf | 21 ++++ snic/snic-eth0.conf | 29 +++++ snic/snic-wlan0.conf | 33 ++++++ systemd/snic-dhcpd4@.service | 28 +++++ systemd/snic-dynamic@.service | 18 +++ systemd/snic-static@.service | 19 ++++ 11 files changed, 598 insertions(+) create mode 100644 README.md create mode 100644 conf-templates/hostapd.conf create mode 100644 conf-templates/iptables.rules create mode 100755 snic.sh create mode 100644 snic/dhcpd4-eth0.conf create mode 100644 snic/dhcpd4-wlan0.conf create mode 100644 snic/snic-eth0.conf create mode 100644 snic/snic-wlan0.conf create mode 100644 systemd/snic-dhcpd4@.service create mode 100644 systemd/snic-dynamic@.service create mode 100644 systemd/snic-static@.service diff --git a/README.md b/README.md new file mode 100644 index 0000000..327b799 --- /dev/null +++ b/README.md @@ -0,0 +1,199 @@ +# snic - Switch network interface mode + +Toggle between client and router mode on network interface (Linux) + +Switch client network interface (NIC), such as eth0 or wlan0, from the default +client mode to router mode. Basically, you can use the selected interface to act as a +router for your other network devices. + +In client mode, the interface acts normally, as it does in your daily usage. + +In router mode, a DHCP server kicks in and allocated IPv4 addresses for any connected devices which use a DHCP client. This is equivalent to normal home router behavior. + +---------------------- + +## Requirements + +- Linux OS + +- Software: + + - sudo + + - root permissions required to configure NIC settings + + - bash + + - the main script uses bash environment + + - systemd + + - the core functionality is implemented partly into systemd service files + + - iproute2 + + - 'ip' command which is required for NIC configuration + + - dhcp (server) + + - DHCP server is required to allocate IPv4 addresses for connected clients + + - hostapd (for wireless router) + + - hostapd is required to establish a Wi-Fi hotspot (wireless interfaces) + +**NOTE:** Although this repository includes PKGBUILD + tar.xz files, this is not dependent on Arch Linux. You can use this repository on other Linux distributions as well. However, you should adapt the settings properly as configuration and file locations may differ. + +---------------------- + +## Files + +- snic.sh = main script. See section "Snic main script" below + +- snic/ = Snic configuration files. See section "Snic configuration files" below + +- systemd/ = Snic systemd service files. See section "systemd service files" below + +- conf-templates/ = Snic templates for iptables & hostapd. See section "Templates folder" below + +---------------------- + +## Pre-configuration + +### Find your network interfaces + +First you need to know which network interfaces you have in your system. You can check the output of `ip address` or `ifconfig` commands or simply take a look into `/sys/class/net` folder. + +### Snic main script + +Snic main script is a bourne shell script (bash) `snic.sh`. It can be run individually, but for global purposes location such as `/usr/bin/` or `/usr/local/bin` is recommended. If you put the script in these locations (in your $PATH), it is recommended to rename the script from `snic.sh` to `snic` for convenience. + +Make sure the main script file is executable, i.e. run `chmod +x snic.sh` + +### Snic configuration files + +This repository includes some sample configurations for wlan0 and eth0. Please be aware that these network interface names may not be the same you have in your system. + +Configuration files of snic should be placed at `/etc/snic/` folder on a Linux system. The *required* files are: + +- `/etc/snic/dhcpd4-.conf` + + - e.g. `/etc/snic/dhcpd4-eth0.conf` + +- `/etc/snic/snic-.conf` + + - e.g. `/etc/snic/snic-eth0.conf` + +Please take a look into these files to find correct configuration for your Linux system. + +### systemd service files + +Additionally, `systemd` service files are usually placed at `/usr/lib/systemd/system/` on a Linux system. + +**NOTE:** It is not recommended to `enable` (read: autostart) systemd service files provided by snic! These service files are used by the snic main script for its internal operations. + +### Templates folder + +This repository includes templates for `iptables.rules` and `hostapd` configuration. + +#### iptables.rules + +This is a sample `iptables` ruleset file. Change contents as you want. This file includes basic configuration to route traffic from network interface to another one. + +#### hostapd.conf + +This is a sample `hostapd` configuration file. Change contents as you want. Usually this file is located at `etc/hostapd/hostapd.conf` on Linux system. On some Linux systems, different locations are used. + +---------------------- + +## Usage + +The script syntax is as follows: + +- `snic ` + + parameter is required only for wireless interfaces. + +For instance: + +- `snic eth0 router` + + - Set eth0 interface to router mode + + - Set a static IPv4 address for eth0, defined in `/etc/snic/snic-eth0.conf` + + - Start DHCP server on subnet where eth0 belongs to. + + - Disable NetworkManager for this interface because it interferes the connection + +- `snic eth0 client` + + - Set eth0 interface to client mode + + - Do not set any IPv4 address, let a DHCP server in our network to give one (requires DHCP client daemon on the computer for which eth0 belongs to. Common clients on Linux are `dhcpcd` and `dhclient`) + + - Enable NetworkManager for this interface, let it handle the connection + +- `snic wlan0 router wireless` + + - Set wlan0 interface to router mode. + + - Tell snic script that this is a wireless interface (starts hostapd service) + + - Set a static IPv4 address for eth0, defined in `/etc/snic/snic-wlan0.conf` + + - Start DHCP server on the subnet where wlan0 belongs to. + + - Disable NetworkManager for this interface because it interferes the connection + +- `snic wlan0 client wireless` + + - Set wlan0 interface to client mode + + - Tell snic script that this is a wireless interface (stops hostapd service) + + - Do not set any IPv4 address, let a DHCP server in our network to give one (requires DHCP client daemon on the computer for which eth0 belongs to. Common clients on Linux are `dhcpcd` and `dhclient`) + + - Enable NetworkManager for this interface, let it handle the connection + +---------------------- + +## Issues + +For any connectivity issues, please check the output of following programs/commands: + +- program: Wireshark (check traffic of relevant network interfaces) + + - Any weird network traffic such as ARP broadcast requests flooding the whole subnet + +- command: `journalctl -xe` + + - Any weird log entries + +- command: `route` + + - Network route tables + +- command (router mode): `systemctl status snic-dhcpd4@` + + - Any weird DHCP server log entries + +- command (wireless router mode): `systemctl status hostapd` + + - Any weird hostapd log entries + +- `ip addr` and/or `ifconfig` + + - Network interface misconfigurations (missing IPv4 addresses or interfaces, etc.) + +And double check contents of all relevant snic configuration files described above in "Pre-configuration" section. + +## Do not use if... + +- **Snic? WTF is it? Useless crap!** Basically, you don't know what the hell snic does, you don't care to find out or you don't find it useful in your setup. + +- **Predefined network configuration** Do not use snic for absolutely static Linux network interfaces, in environments where client/router mode switching for a single computer is not required/allowed/recommended + +- **DHCP settings are in danger** Be aware that this script may alter your current DHCP server setup. However, your current *DHCP server setup configuration files are **NOT** overwritten (or even touched)* but snic configuration may cause conflicts in your setup, anyway. + +Just be careful when adapting snic settings, thank you. Debug your setup if needed. diff --git a/conf-templates/hostapd.conf b/conf-templates/hostapd.conf new file mode 100644 index 0000000..5e18691 --- /dev/null +++ b/conf-templates/hostapd.conf @@ -0,0 +1,88 @@ +############################# + +interface=wlan0 +#bridge=br0 + +############################# + +# Name of the Wireless Access Point (SSID) +ssid=WAP + +############################# + +# Driver interface type (hostap/wired/none/nl80211/bsd) +driver=nl80211 + +# Country code (ISO/IEC 3166-1) +country_code=US + +# Limit frequencies to those allowed in the country +#ieee80211d=1 + +############################# + +# 802.11n support +#ieee80211n=1 + +# 802.11ac support +#ieee80211ac=1 + +# QoS support +#wmm_enabled=1 + +############################# + +# Operation mode +# a = IEEE 802.11a (5 GHz), g = IEEE 802.11b (2.4 GHz) +hw_mode=g + +# Channel number +# Channel 0 means that hostapd tries to find out the best channel to use +# Channel 0 may fail on some configurations +# Usually channel 0 sets the best channel available, but not on all configurations +# If channel 0 causes troubles, change the channel to a fixed one +channel=7 + +# Maximum number of connected clients (stations) allowed +max_num_sta=5 + +############################# + +# 1 = WPA1, 2 = WPA2 +wpa=2 + +# 1 = WPA, 2 = WEP, 3 = both +auth_algs=1 + +############################# + +# Set of accepted cipher suites +rsn_pairwise=CCMP + +# Set of accepted key management algorithms +wpa_key_mgmt=WPA-PSK + +############################# + +# Alternative A: Hashed password (recommended) + +wpa_psk=45f4df5c5afedcacb396d9ac95be210babd26150343da6ae7507364306b843bf + +# Generate this with wpa_passphrase +# wpa_passphrase + +############################# + +# Alternative B: Plain text password (not recommended) + +#wpa_passphrase=mitmWireBand12 + +############################# + +#ap_isolate=1 + +############################## + +# hostapd event logger configuration +logger_stdout=-1 +logger_stdout_level=2 diff --git a/conf-templates/iptables.rules b/conf-templates/iptables.rules new file mode 100644 index 0000000..70c6bf2 --- /dev/null +++ b/conf-templates/iptables.rules @@ -0,0 +1,23 @@ +*filter +:INPUT ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] + +-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +-A FORWARD -o eth0 -j ACCEPT +-A FORWARD -o usb0 -j ACCEPT +-A FORWARD -o wlan0 -j ACCEPT + +COMMIT + +*nat +#:PREROUTING ACCEPT [0:0] +#:POSTROUTING ACCEPT [0:0] + +## Use this interface to route traffic from other interfaces to internet +## E.g. traffic from eth0 -> wlan0 -> internet +-A POSTROUTING -o wlan0 -j MASQUERADE +-A POSTROUTING -o eth0 -j MASQUERADE +-A POSTROUTING -o usb0 -j MASQUERADE + +COMMIT diff --git a/snic.sh b/snic.sh new file mode 100755 index 0000000..fe77d60 --- /dev/null +++ b/snic.sh @@ -0,0 +1,119 @@ +#!/bin/env bash + +# Toggle between client/router mode on selected network interface +# Copyright (C) 2018 Pekka Helenius +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +######################## + +# Usage: + +# chmod +x snic.sh + +# and then + +# Wired network interface, example: + +# snic.sh eth0 router // Switch eth0 to router mode +# snic.sh eth0 client // Switch eth0 to client mode + +# snic.sh wlan0 router wireless // Switch wlan0 to router (Wi-Fi hotspot) mode +# snic.sh wlan0 client wireless // Switch wlan0 to client mode + +# snic.sh + +# should be used only for wireless interfaces! + +######################## + +# This script is for network interfaces which do NOT support +# simultanous Client/Router mode defined in +# https://archlinux.org/index.php/software_access_point + +######################## + +nic=${1} + +for niccheck in $(ls /sys/class/net); do + if [[ ${nic} == ${niccheck} ]]; then + nicfound= + fi +done + +if [[ ! -v nicfound ]]; then + echo "No such network interface. Aborting." + exit 1 +fi + +######################## + +if [[ ${2} != "router" ]] || [[ ${2} != "client" ]]; then + echo "Invalid mode. Use either 'router' or 'client'. Aborting." + exit 1 +fi + +######################## + +# This mode removes dynamically allocated IPv4 address from NIC interface +# After that we allocate a fixed IPv4 address, defined in +# /etc/vnic/vnic-.conf file. + +# After setting up a fixed IPv4 address +# DHCP server is enabled for the NIC interface + +# Wired: Enable Ethernet router mode +# Wireless: Enable Wi-Fi hotspot router mode + +# + +if [[ ${2} == "router" ]]; then + + #Do not let NetworkManager interfere our connection on this interface + sudo nmcli device set ${nic} managed no 2>/dev/null + + sudo systemctl stop snic-dynamic@${nic} + sudo systemctl restart snic-static@${nic} + + sudo systemctl restart snic-dhcpd4@${nic} + + if [[ ${3} == "wireless" ]]; then + sudo systemctl restart hostapd + fi +fi + +############### + +# This mode removes fixed IPv4 address from NIC interface +# and reserves the interface for dynamic IPv4 retrieved +# from a DHCP server +# Additionally, we stop running DHCP server on the NIC interface + +# Wired: Enable Ethernet client mode +# Wireless: Enable Wlan client mode + +if [[ ${2} == "client" ]]; then + + #Let NetworkManager handle our connection on this interface + sudo nmcli device set ${nic} managed yes 2>/dev/null + + sudo systemctl stop snic-static@${nic} + sudo systemctl restart snic-dynamic@${nic} + + sudo systemctl stop snic-dhcpd4@${nic} + + if [[ ${3} == "wireless" ]]; then + sudo systemctl stop hostapd + fi +fi diff --git a/snic/dhcpd4-eth0.conf b/snic/dhcpd4-eth0.conf new file mode 100644 index 0000000..73cea3b --- /dev/null +++ b/snic/dhcpd4-eth0.conf @@ -0,0 +1,21 @@ +DHCPARGS="eth0"; +authoritative; + +############################################## +# Fixed IP addresses for clients with the following +# MAC addresses + +host rp1-modelb { + hardware ethernet b8:27:eb:44:33:22; + fixed-address 192.168.3.4; +} + +############################################## +# DHCP server for network interface eth0 + +subnet 192.168.3.0 netmask 255.255.255.0 { + range 192.168.3.4 192.168.3.254; + option subnet-mask 255.255.255.0; + option routers 192.168.3.1; + +} diff --git a/snic/dhcpd4-wlan0.conf b/snic/dhcpd4-wlan0.conf new file mode 100644 index 0000000..592ba7a --- /dev/null +++ b/snic/dhcpd4-wlan0.conf @@ -0,0 +1,21 @@ +DHCPARGS="wlan0"; +authoritative; + +############################################## +# Fixed IP addresses for clients with the following +# MAC addresses + +host android { + hardware ethernet f4:0e:22:44:33:22; + fixed-address 192.168.2.4; +} + +############################################## +# DHCP server for network interface wlan0 + +subnet 192.168.2.0 netmask 255.255.255.0 { + range 192.168.2.4 192.168.2.254; + option subnet-mask 255.255.255.0; + option routers 192.168.2.1; + +} diff --git a/snic/snic-eth0.conf b/snic/snic-eth0.conf new file mode 100644 index 0000000..278acaa --- /dev/null +++ b/snic/snic-eth0.conf @@ -0,0 +1,29 @@ +############################################################## +# snic_dyn_mac = Use this MAC address for the NIC (dynamic) + +# snic_sta_mac = Use this MAC address for the NIC (static) +# snic_sta_addr = Use this IPv4 for the NIC (static) +# snic_sta_mask = Use this subnet mask for the NIC (static) + +# NOTE: MAC address configuration is disabled/not required + +############################################################## + +# NETWORK INTERFACE DYNAMIC CONFIGURATION + +# snic_dyn_mac=aa:e1:34:3f:8b:c8 + +############################################################## + +# NETWORK INTERFACE STATIC CONFIGURATION + +# snic_sta_mac=2e:74:6f:7b:ae:5a + +snic_sta_addr=192.168.3.1 +snic_sta_mask=255.255.255.0 + +############################################################## + +# Generate random MAC address with the following command + +# printf '%02x' $((0x$(od /dev/urandom -N1 -t x1 -An | cut -c 2-) & 0xFE | 0x02)); od /dev/urandom -N5 -t x1 -An | sed 's/ /:/g' diff --git a/snic/snic-wlan0.conf b/snic/snic-wlan0.conf new file mode 100644 index 0000000..663122e --- /dev/null +++ b/snic/snic-wlan0.conf @@ -0,0 +1,33 @@ +############################################################## +# snic_dyn = Virtual NIC name on the system (dynamic) +# snic_dyn_mac = Use this MAC address for the NIC (dynamic) + +# snic_sta = Virtual NIC name on the system (static) +# snic_sta_mac = Use this MAC address for the NIC (static) +# snic_sta_addr = Use this IPv4 for the NIC (static) +# snic_sta_mask = Use this subnet mask for the NIC (static) + +# NOTE: MAC address configuration is disabled/not required + +############################################################## + +# NETWORK INTERFACE DYNAMIC CONFIGURATION + +# snic_dyn=wlan0_sta +# snic_dyn_mac=1e:ce:c4:42:bc:18 + +############################################################## + +# NETWORK INTERFACE STATIC CONFIGURATION + +# snic_sta=wlan0_ap +# snic_sta_mac=1e:38:00:9d:70:35 + +snic_sta_addr=192.168.2.1 +snic_sta_mask=255.255.255.0 + +############################################################## + +# Generate random MAC address with the following command + +# printf '%02x' $((0x$(od /dev/urandom -N1 -t x1 -An | cut -c 2-) & 0xFE | 0x02)); od /dev/urandom -N5 -t x1 -An | sed 's/ /:/g' diff --git a/systemd/snic-dhcpd4@.service b/systemd/snic-dhcpd4@.service new file mode 100644 index 0000000..b7e9ad8 --- /dev/null +++ b/systemd/snic-dhcpd4@.service @@ -0,0 +1,28 @@ +# Original service file by Arch Linux team +# https://git.archlinux.org/svntogit/packages.git/tree/trunk/dhcpd4.service?h=packages/dhcp + +[Unit] +Description=IPv4 DHCP server (%i) +After=snic-static@%i.service +Wants=snic-static@%i.service + +[Service] +Type=forking +ExecStart=/usr/bin/dhcpd -4 -q -cf /etc/snic/dhcpd4-%i.conf -pf /run/dhcpd4/dhcpd-%i.pid +RuntimeDirectory=dhcpd4 +PIDFile=/run/dhcpd4/dhcpd-%i.pid +User=dhcp +AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW +ProtectSystem=full +ProtectHome=on +KillSignal=SIGINT +# We pull in network-online.target for a configured network connection. +# However this is not guaranteed to be the network connection our +# networks are configured for. So try to restart on failure with a delay +# of two seconds. Rate limiting kicks in after 12 seconds. +RestartSec=2s +Restart=on-failure +StartLimitInterval=12s + +[Install] +WantedBy=multi-user.target diff --git a/systemd/snic-dynamic@.service b/systemd/snic-dynamic@.service new file mode 100644 index 0000000..6e8063d --- /dev/null +++ b/systemd/snic-dynamic@.service @@ -0,0 +1,18 @@ +[Unit] +Description=Network interface with dynamic IPv4 (%i) +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes + +EnvironmentFile=/etc/snic/snic-%i.conf + +ExecStart=/usr/bin/ip link set %i up +ExecStart=/usr/bin/ip addr flush dev %i + +ExecStop=/usr/bin/ip addr flush dev %i +ExecStop=/usr/bin/ip link set %i down + +[Install] +WantedBy=multi-user.target diff --git a/systemd/snic-static@.service b/systemd/snic-static@.service new file mode 100644 index 0000000..770f76f --- /dev/null +++ b/systemd/snic-static@.service @@ -0,0 +1,19 @@ +[Unit] +Description=Network interface with static IPv4 (%i) +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes + +EnvironmentFile=/etc/snic/snic-%i.conf + +ExecStart=/usr/bin/ip link set %i up +ExecStart=/usr/bin/ip addr flush dev %i +ExecStart=/usr/bin/ip addr add ${snic_sta_addr}/${snic_sta_mask} dev %i + +ExecStop=/usr/bin/ip addr flush dev %i +ExecStop=/usr/bin/ip link set %i down + +[Install] +WantedBy=multi-user.target