綾小路龍之介の素人思考

[debian] HP ProLiant MicroServer N54L

初期設定のメモを残しておく。

事前準備

無線LANアクセスポイントになるための LAN カード (TP-LINK TL-WDN4800) を PCI Express x1 ポートにつけておく。

別マシンで SystemRescueCd の USB メモリを作る。

# wget \
        --content-disposition \
        https://sourceforge.net/projects/systemrescuecd/files/sysresccd-x86/4.7.3/systemrescuecd-x86-4.7.3.iso/download \
;
# echo 'f3a30a11ade9c5dd631522a9bfad4b2d5b7e5b14d9ba65ec94d1cf441635bc7a  systemrescuecd-x86-4.7.3.iso' >> systemrescuecd-x86-4.7.3.iso.sha256sum
# sha256sum --check systemrescuecd-x86-4.7.3.iso.sha256sum
systemrescuecd-x86-4.7.3.iso: OK
# mkdir --parent /mnt/cdrom
# mount --options loop,exec systemrescuecd-x86-2.8.0.iso /mnt/cdrom
# cd /mnt/cdrom
# bash ./usb_inst.sh
# cd
# umount /mnt/cdrom

同じ USB メモリの中に debian-installer と grub2 の設定ファイルを仕込んでおく。Super Grub2 Disk のメニューから設定ファイルを探させる場合、検索先がハードコードされているので適切な場所に grub.cfg を配置する必要がある (configfile を自分でタイプするならどこでもOK)。

# mount /dev/sda1 /mnt/usb
# mkdir /mnt/usb/d-i
# cd /mnt/usb/d-i
# wget \
        http://ftp.debian.org/debian/dists/stable/main/installer-amd64/current/images/netboot/debian-installer/amd64/initrd.gz \
        http://ftp.debian.org/debian/dists/stable/main/installer-amd64/current/images/netboot/debian-installer/amd64/linux \
;
# cat << 'EOT' >> /mnt/boot/grub/grub.cfg
menuentry "debian stable amd64 netboot" {
   set root='(hd0,msdos1)'
   linux /d-i/linux
   initrd /d-i/initrd.gz
}
EOT
# cd
# umount /mnt/usb
# shutdown -h

できた USB メモリでブート。Super Grub2 Disk を起動して、Escキーでメニューからコンソールに移動。メニューから Detect any GRUB2 configuration file (grub.cfg) を選べば先に仕込んだ grub.cfg が読み込まれるのでメニューから debian-installer を起動。

または configfile で先に仕込んだ grub.cfg を読み込ませて debian-installer を起動。

grub> configfile (hd0,msdos1)/boot/grub/grub.cfg

または直接コマンドを叩いて (必要なら linux /d-i/linux modules=ppp-udeb などのようにカーネルオプションをつける) debian-installer を起動。

grub> set root=(hd0,msdos1)
grub> linux /d-i/linux
grub> initrd /d-i/initrd.gz
grub> boot

GRUB2 からキック

設定を行って

# cat << EOT >> /etc/grub.d/40_custom
menuentry "debian stable amd64 netboot" {
   set root='(hd0,msdos1)'
   linux /d-i/linux
   initrd /d-i/initrd.gz
}
EOT

設定を永続化して

# update-grub

設定の反映確認。

# vi /boot/grub/grub.cfg

BIOS でデフォルト設定に

F10 で BIOS 画面。Exit -> Load Optimal Default -> [OK]。

起動ディスクの設定

この処理は起動ディスクの取り付け位置を変えた際にやり直す必要がある。BIOS側で起動順位を変える項目がある。ここで grub をインストールしたディスクを選択しておく。エンクロージャにつけられたHDDの0番にGRUBをインストールしていない場合は、GRUBをインストールしたHDDの順位を0番に変更する項目があるので、これを変えてから同ディスクを選ぶ。

F10 で BIOS 画面。Boot -> Hard Disk Devices -> 1st Device -> HDD:(GRUB をインストールしたHDD)。 この後、Boot -> Boot Device Priority -> 1st Boot Device -> HDD:(GRUB をインストールしたHDD)。こんな感じ。

debian 側設定

openssh-server パッケージのインストール

インストールと初期設定 (パスワード認証禁止) 作業は以下のページ参照。

apt で Recommends と Suggests パッケージの自動インストールを禁止

設定と反映状態確認作業は以下のページ参照。

共通で必要なパッケージのインストール

# apt-get install vim screen
(snip)
# echo -e 'syntax on\nset hlsearch\n' >> ~/.vimrc

getty の数を減らす

設定と状態確認作業は以下のページ参照。

ntp パッケージのインストール

インストールと確認作業は以下のページ参照。

ddclient パッケージのインストール

インストールと確認作業は以下のページ参照。

nfs-common パッケージのインストール

別の nfs サービスを使ってこのマシンにディレクトリをマウントする際に必要。

# apt-get install nfs-common
(snip)

logwatch パッケージのインストール

サービスのログを適当に抽出してまとめてメールしてくれるパッケージを導入しておく。

# apt-get install logwatch
(snip)

samba パッケージのインストール

パッケージをインストールすると、自動的に smbd と nmbd サービスが実行される

# apt-get --no-install-recommends install samba
(snip)
# systemctl status smbd nmbd
● smbd.service - LSB: start Samba SMB/CIFS daemon (smbd)
   Loaded: loaded (/etc/init.d/smbd)
   Active: active (running) since *** ****-**-** **:**:** ***; 1min 36s ago
   CGroup: /system.slice/smbd.service
           ├─4108 /usr/sbin/smbd -D
           └─4167 /usr/sbin/smbd -D

*** ** **:**:** ************** smbd[4099]: Starting SMB/CIFS daemon: smbd.

● nmbd.service - LSB: start Samba NetBIOS nameserver (nmbd)
   Loaded: loaded (/etc/init.d/nmbd)
   Active: active (running) since *** ****-**-** **:**:** ***; 1min 36s ago
   CGroup: /system.slice/nmbd.service
           └─4169 /usr/sbin/nmbd -D

*** ** **:**:** ************** nmbd[4155]: Starting NetBIOS name server: nmbd.

初期設定状態の設定ファイルを参照。

# grep -v -e '^$' -e '^#' -e '^;' /etc/samba/smb.conf
[global]
   workgroup = WORKGROUP
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   server role = standalone server
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   map to guest = bad user
   usershare allow guests = yes
[homes]
   comment = Home Directories
   browseable = no
   read only = yes
   create mask = 0700
   directory mask = 0700
   valid users = %S
[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no

samba ユーザを作成して、内容の確認。

# smbpasswd -a **************
New SMB password:
Retype new SMB password:
Added user **************.
# pdbedit -L -v **************
Unix username:        **************
NT username:
Account Flags:        [U          ]
User SID:             ?-?-?-??-??????????-??????????-??????????-????
Primary Group SID:    ?-?-?-??-??????????-??????????-??????????-???
Full Name:            **************
Home Directory:       \\??????????????\**************
HomeDir Drive:
Logon Script:
Profile Path:         \\??????????????\**************\profile
Domain:               ??????????????
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          ***, ** *** **** **:**:** ***
Kickoff time:         ***, ** *** **** **:**:** ***
Password last set:    ***, ** *** **** **:**:** ***
Password can change:  ***, ** *** **** **:**:** ***
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

別マシンからマウント実行テスト。上記設定だと[homes]はreadonly になっているので、マウントしたマシンからの書き込みには失敗するはず。OK。

cronの設定

crontab を使って適当なスケジュールを記入

$ crontab -e
$ crontab -l | grep --invert-match --regex '^#' --invert-match --regex '^$'
*/10 * * * * date; 2>&1

この状態で実行確認すると以下のメッセージが得られる。MTA がインストールされていないので、date コマンドの出力は捨てられる。

# systemctl status cron
● cron.service - Regular background program processing daemon
   Loaded: loaded (/lib/systemd/system/cron.service; enabled)
   Active: active (running) since *** ****-**-** **:**:** ***; 4h 6min ago
     Docs: man:cron(8)
 Main PID: 649 (cron)
   CGroup: /system.slice/cron.service
           └─649 /usr/sbin/cron -f

(snip)
*** ** **:20:01 ************** CRON[9718]: pam_unix(cron:session): session opened for user ************ by (uid=0)
*** ** **:20:01 ************** CRON[9719]: (************) CMD (date; 2>&1)
*** ** **:20:01 ************** CRON[9718]: (CRON) info (No MTA installed, discarding output)

ということで、exim4 パッケージをインストール。

# apt-get install exim4
(snip)

インストール後には件のメッセージは消える

# systemctl status cron
● cron.service - Regular background program processing daemon
   Loaded: loaded (/lib/systemd/system/cron.service; enabled)
   Active: active (running) since *** ****-**-** **:**:** ***; 4h 16min ago
     Docs: man:cron(8)
 Main PID: 649 (cron)
   CGroup: /system.slice/cron.service
           └─649 /usr/sbin/cron -f

(snip)
*** ** **:30:01 ************** CRON[10877]: pam_unix(cron:session): session opened for user ************ by (uid=0)
*** ** **:30:01 ************** CRON[10878]: (************) CMD (date; 2>&1)

さらにプロンプトで以下の様なメッセージが出てくる。この状態はすなわち、mbox 形式で保存されているということ。

You have mail in /var/mail/************

ホームディレクトリに maildir 形式で保存させたい場合は exim4 の設定を変えないとダメ。まずは設定状態の確認。ここで注目すべきは dc_localdelivery。

$ grep --invert-match --regex '^#' --invert-match --regex '^$' /etc/exim4/update-exim4.conf.conf
dc_eximconfig_configtype='local'
dc_other_hostnames='**************.**************'
dc_local_interfaces='127.0.0.1 ; ::1'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'

このファイルを直接編集するか、dpkg-reconfigure exim4-config を行う。今回は前者で。dc_localdelivery に設定できる値は man update-exim4.conf に書かれている。exim4の設定ファイルは update-exim4.conf コマンドを実行することで /var/lib/exim4/config.autogenerated に生成される。デーモンの再起動直前にこのコマンドを実行する必要がある。

$ man update-exim4.conf | grep 'dc_localdelivery' -A 3
       dc_localdelivery
              name  of  the  default  transport  for  local  mail  delivery.
              Defaults to mail_spool if unset, use maildir_home for delivery
              to ~/Maildir/. Sets macro LOCAL_DELIVERY.
# sed \
    --in-place='.orig' \
    --expression="s/\(dc_localdelivery\)=.*/\1='maildir_home'/" \
    /etc/exim4/update-exim4.conf.conf \
;
# diff /etc/exim4/update-exim4.conf.conf.orig /etc/exim4/update-exim4.conf.conf
31c31
< dc_localdelivery='mail_spool'
---
> dc_localdelivery='maildir_home'
# update-exim4.conf
# cat /var/lib/exim4/config.autogenerated
(snip)
# systemctl restart exim4

firmware-linux-nonfree をインストール

dmesg を確認すると以下のエラーが出ている。最後のエラーを解決するために firmware-linux-nonfree パッケージが必要。

$ dmesg --decode --level err
kern  :err   : [    1.597930] ERST: Failed to get Error Log Address Range.
kern  :err   : [    2.660774] i8042: No controller found
kern  :err   : [    7.044749] [drm:radeon_pci_probe] *ERROR* radeon kernel modesetting for R600 or later requires firmware-linux-nonfree.

non-free コンポーネントをセクション部分に追加、データベースを更新、パッケージをインストール、再起動。

# sed \
        --in-place='.orig' \
        --expression='/^deb/{ /non-free/!{ s/$/ non-free/ }}' \
        /etc/apt/sources.list
# apt-get update
(snip)
# apt-get install firmware-linux-nonfree
(snip)
# systemctl reboot

再起動後にエラーの内容を確認。OK。

$ dmesg --decode --level err
kern  :err   : [    1.606395] ERST: Failed to get Error Log Address Range.
kern  :err   : [    2.662259] i8042: No controller found

ハードウェアの認識確認

追加したデバイスが認識されているかを仕様書と見比べる。

$ lspci
00:00.0 Host bridge: Advanced Micro Devices, Inc. [AMD] RS880 Host Bridge
00:01.0 PCI bridge: Hewlett-Packard Company Device 9602
00:02.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] RS780 PCI to PCI bridge (ext gfx port 0)
00:04.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] RS780/RS880 PCI to PCI bridge (PCIE port 0)
00:06.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] RS780 PCI to PCI bridge (PCIE port 2)
00:11.0 SATA controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 SATA Controller [AHCI mode] (rev 40)
00:12.0 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
00:12.2 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB EHCI Controller
00:13.0 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
00:13.2 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB EHCI Controller
00:14.0 SMBus: Advanced Micro Devices, Inc. [AMD/ATI] SBx00 SMBus Controller (rev 42)
00:14.1 IDE interface: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 IDE Controller (rev 40)
00:14.3 ISA bridge: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 LPC host controller (rev 40)
00:14.4 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] SBx00 PCI to PCI Bridge (rev 40)
00:16.0 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
00:16.2 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB EHCI Controller
00:18.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor HyperTransport Configuration
00:18.1 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor Address Map
00:18.2 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor DRAM Controller
00:18.3 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor Miscellaneous Control
00:18.4 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor Link Control
01:05.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] RS880M [Mobility Radeon HD 4225/4250]
02:00.0 Ethernet controller: Intel Corporation 82575EB Gigabit Network Connection (rev 02)
02:00.1 Ethernet controller: Intel Corporation 82575EB Gigabit Network Connection (rev 02)
03:00.0 Network controller: Qualcomm Atheros AR93xx Wireless Network Adapter (rev 01)
04:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5723 Gigabit Ethernet PCIe (rev 10)
$ lspci
00:00.0 Host bridge: Advanced Micro Devices, Inc. [AMD] RS880 Host Bridge
00:01.0 PCI bridge: Hewlett-Packard Company Device 9602
00:02.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] RS780 PCI to PCI bridge (ext gfx port 0)
00:04.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] RS780/RS880 PCI to PCI bridge (PCIE port 0)
00:06.0 PCI bridge: Advanced Micro Devices, Inc. [AMD] RS780 PCI to PCI bridge (PCIE port 2)
00:11.0 SATA controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 SATA Controller [AHCI mode] (rev 40)
00:12.0 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
00:12.2 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB EHCI Controller
00:13.0 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
00:13.2 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB EHCI Controller
00:14.0 SMBus: Advanced Micro Devices, Inc. [AMD/ATI] SBx00 SMBus Controller (rev 42)
00:14.1 IDE interface: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 IDE Controller (rev 40)
00:14.3 ISA bridge: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 LPC host controller (rev 40)
00:14.4 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] SBx00 PCI to PCI Bridge (rev 40)
00:16.0 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB OHCI0 Controller
00:16.2 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB EHCI Controller
00:18.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor HyperTransport Configuration
00:18.1 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor Address Map
00:18.2 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor DRAM Controller
00:18.3 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor Miscellaneous Control
00:18.4 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 10h Processor Link Control
01:05.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] RS880M [Mobility Radeon HD 4225/4250]
02:00.0 PCI bridge: Integrated Device Technology, Inc. [IDT] PES12N3A PCI Express Switch (rev 0e)
03:02.0 PCI bridge: Integrated Device Technology, Inc. [IDT] PES12N3A PCI Express Switch (rev 0e)
03:04.0 PCI bridge: Integrated Device Technology, Inc. [IDT] PES12N3A PCI Express Switch (rev 0e)
04:00.0 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet Controller (Copper) (rev 06)
04:00.1 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet Controller (Copper) (rev 06)
05:00.0 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet Controller (Copper) (rev 06)
05:00.1 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet Controller (Copper) (rev 06)
06:00.0 Network controller: Qualcomm Atheros AR93xx Wireless Network Adapter (rev 01)
07:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5723 Gigabit Ethernet PCIe (rev 10)

ネットワーク・インターフェイスとサービス

有線インターフェイスは eth0 eth1 eth2 eth3 eth4。eth0 は home10 ネットワーク、eth1 は global ネットワークにつながっている。

interface network service
sshd pppd ntpd dhcpd vpnd
lo local OK NG OK NG NG
eth0 home10 OK NG NG NG NG
ppp0 (eth1) global OK OK NG NG NG
eth1
eth2 home20 OK NG NG OK NG
eth3
eth4
wlan0

PPPoE の設定

現在の (インストール後のデフォルト) ネットワークインターフェイス設定は以下。

$ grep -v -e '^$' -e '#' /etc/network/interfaces
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
allow-hotplug eth0
iface eth0 inet dhcp

eth1 が PPPoE サービスを提供するネットワークに繋がれているならば、以下のようにすることで設定できる。

# apt-get install pppoeconf
(snip)
# pppoeconf -nox eth1
+-------------------| SCANNING DEVICE |--------------------+
| Looking for PPPoE Access Concentrator on eth1...         |
|                                                          |
|                            36%                           |
|                                                          |
+----------------------------------------------------------+

+-------------------------| OKAY TO MODIFY |-------------------------+
|                                                                    |
| If you continue with this program, these configuration files will  |
| be modified : /etc/ppp/peers/dsl-provider /etc/network/interfaces  |
| and /etc/ppp/*-secrets. Please make sure that you have a backup    |
| copy before saying Yes.                                            |
|                                                                    |
| Continue with configuration?                                       |
|                                                                    |
|                  <Yes>                     <No>                    |
|                                                                    |
+--------------------------------------------------------------------+

+------------------------| POPULAR OPTIONS |-------------------------+
|                                                                    |
| Most people using popular dialup providers prefer the options      |
| 'noauth' and 'defaultroute' in their configuration and remove the  |
| 'nodetach' option. Should I check your configuration file and      |
| change these settings where neccessary?                            |
|                                                                    |
|                  <Yes>                     <No>                    |
|                                                                    |
+--------------------------------------------------------------------+

+--------------------| ENTER USERNAME |--------------------+
| Please enter the username which you usually need for the |
| PPP login to your provider in the input box below. If    |
| you wish to see the help screen, delete the username and |
| press OK.                                                |
|                                                          |
| ________________________________________________________ |
|                                                          |
|                          <Ok>                            |
|                                                          |
+----------------------------------------------------------+

+--------------------| ENTER PASSWORD |--------------------+
| Please enter the password which you usually need for the |
| PPP login to your provider in the input box below.       |
|                                                          |
| NOTE: you can see the password in plain text while       |
| typing.                                                  |
|                                                          |
| ________________________________________________________ |
|                                                          |
|                          <Ok>                            |
|                                                          |
+----------------------------------------------------------+

+---------------------| USE PEER DNS |---------------------+
|                                                          |
| You need at least one DNS IP address to resolve the      |
| normal host names. Normally your provider sends you      |
| addresses of useable servers when the connection is      |
| established. Would you like to add these addresses       |
| automatically to the list of nameservers in your local   |
| /etc/resolv.conf file? (recommended)                     |
|                                                          |
|               <Yes>                  <No>                |
|                                                          |
+----------------------------------------------------------+

+----------------------| LIMITED MSS PROBLEM |-----------------------+
|                                                                    |
| Many providers have routers that do not support TCP packets with a |
| MSS higher than 1460. Usually, outgoing packets have this MSS when |
| they go through one real Ethernet link with the default MTU size   |
| (1500). Unfortunately, if you are forwarding packets from other    |
| hosts (i.e. doing masquerading) the MSS may be increased depending |
| on the packet size and the route to the client hosts, so your      |
| client machines won't be able to connect to some sites. There is a |
| solution: the maximum MSS can be limited by pppoe. You can find    |
| more details about this issue in the pppoe documentation.          |
|                                                                    |
| Should pppoe clamp MSS at 1452 bytes?                              |
|                                                                    |
| If unsure, say yes.                                                |
|                                                                    |
| (If you still get problems described above, try setting to 1412 in |
| the dsl-provider file.)                                            |
|                                                                    |
|                  <Yes>                     <No>                    |
|                                                                    |
+--------------------------------------------------------------------+

+-------------------------| DONE |-------------------------+
|                                                          |
| Your PPPD is configured now. Would you like to start the |
| connection at boot time?                                 |
|                                                          |
|               <Yes>                  <No>                |
|                                                          |
+----------------------------------------------------------+

+----------------| ESTABLISH A CONNECTION |----------------+
|                                                          |
| Now, you can make a DSL connection with "pon             |
| dsl-provider" and terminate it with "poff". Would you    |
| like to start the connection now?                        |
|                                                          |
|               <Yes>                  <No>                |
|                                                          |
+----------------------------------------------------------+

+-----------------| CONNECTION INITIATED |-----------------+
|                                                          |
| The DSL connection has been triggered. You can use the   |
| "plog" command to see the status or "ip addr show ppp0"  |
| for general interface info.                              |
|                                                          |
|                          <Ok>                            |
|                                                          |
+----------------------------------------------------------+

設定は /etc/network/interfaces と /etc/ppp/peers/dsl-provider と /etc/ppp/chap-secrets と /etc/ppp/pap-secrets に書き込まれる。パスワードやユーザ名は *-secrets に平文で書き込まれる。

$ grep -v -e '^$' -e '^#' /etc/network/interfaces
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
allow-hotplug eth0
iface eth0 inet dhcp
auto dsl-provider
iface dsl-provider inet ppp
pre-up /bin/ip link set eth1 up # line maintained by pppoeconf
provider dsl-provider
auto eth1
iface eth1 inet manual

以前はこの状態だと再起動時にプロバイダから IP アドレスを取得できない問題があったけど、今はなぜか成功する。

有線 LAN ネットワーク用設定

eth2 eth3 eth4 wlan0 に対して dhcp サービスを提供するための設定を行う。デフォルトで使われる dhcp クライアントは isc 製なので、dhcp サーバも同じ isc 製の物を使う。

# dpkg -l | grep dhcp
ii  isc-dhcp-client  4.3.1-6+deb8u2  amd64  DHCP client for automatically obtaining an IP address
ii  isc-dhcp-common  4.3.1-6+deb8u2  amd64  common files used by all of the isc-dhcp packages
# apt-get install isc-dhcp-server
(snip)

dhcpd を動かすポートはipアドレスを静的に割り当てる。dhcpd の設定で割り当てるip アドレス範囲を設定する。

$ grep -v -e '^$' -e '#' /etc/network/interfaces.d/eth2.cfg
allow-hotplug eth2
auto eth2
iface eth2 inet static
        address 192.168.22.1
        netmask 255.255.255.240
        up route add -net 192.168.22.0 netmask 255.255.255.240 gw 192.168.22.1
        pre-down route del -net 192.168.22.0 netmask 255.255.255.240 gw 192.168.22.1
$ grep -v -e '^$' -e '#' /etc/network/interfaces.d/eth3.cfg
allow-hotplug eth3
auto eth3
iface eth3 inet static
        address 192.168.23.1
        netmask 255.255.255.240
        up route add -net 192.168.23.0 netmask 255.255.255.240 gw 192.168.23.1
        pre-down route del -net 192.168.23.0 netmask 255.255.255.240 gw 192.168.23.1
$ grep -v -e '^$' -e '#' /etc/network/interfaces.d/eth4.cfg
allow-hotplug eth4
auto eth4
iface eth4 inet static
        address 192.168.24.1
        netmask 255.255.255.240
        up route add -net 192.168.24.0 netmask 255.255.255.240 gw 192.168.24.1
        pre-down route del -net 192.168.24.0 netmask 255.255.255.240 gw 192.168.24.1
$ grep -v -e '^$' -e '#' -R /etc/network/interfaces.d/wlan0.cfg
allow-hotplug wlan0
auto wlan0
iface wlan0 inet static
        address 192.168.120.1
        netmask 255.255.255.240
        up route add -net 192.168.120.0 netmask 255.255.255.240 gw 192.168.120.1
        pre-down route del -net 192.168.120.0 netmask 255.255.255.240 gw 192.168.120.1
$ grep -v -e '^$' -e '#' -R /etc/dhcp/dhcpd.conf
ddns-update-style none;
option domain-name-servers 8.8.8.8, 8.8.4.4;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 192.168.22.0 netmask 255.255.255.240 {
  option routers 192.168.22.1;
  range 192.168.22.2 192.168.22.14;
}
subnet 192.168.23.0 netmask 255.255.255.240 {
  option routers 192.168.23.1;
  range 192.168.23.2 192.168.23.14;
}
subnet 192.168.24.0 netmask 255.255.255.240 {
  option routers 192.168.24.1;
  range 192.168.24.2 192.168.24.14;
}
subnet 192.168.120.0 netmask 255.255.255.240 {
  option routers 192.168.120.1;
  range 192.168.120.2 192.168.120.14;
}
# shutdown -r

再起動後にネットワーク設定を確認。

$ ip route
default via 192.168.13.1 dev eth0
192.168.13.0/28 dev eth0  proto kernel  scope link  src 192.168.13.12
192.168.21.0/28 via 192.168.21.1 dev eth1  scope link
192.168.21.0/28 dev eth1  proto kernel  scope link  src 192.168.21.1
192.168.22.0/28 via 192.168.22.1 dev eth2  scope link
192.168.22.0/28 dev eth2  proto kernel  scope link  src 192.168.22.1
192.168.23.0/28 via 192.168.23.1 dev eth3  scope link
192.168.23.0/28 dev eth3  proto kernel  scope link  src 192.168.23.1
192.168.24.0/28 via 192.168.24.1 dev eth4  scope link
192.168.24.0/28 dev eth4  proto kernel  scope link  src 192.168.24.1
$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff
    inet 192.168.13.12/28 brd 192.168.13.15 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 ****::****:****:****:****/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff
    inet 192.168.21.1/28 brd 192.168.21.15 scope global eth1
       valid_lft forever preferred_lft forever
4: eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff
    inet 192.168.22.1/28 brd 192.168.22.15 scope global eth2
       valid_lft forever preferred_lft forever
5: eth3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff
    inet 192.168.23.1/28 brd 192.168.23.15 scope global eth3
       valid_lft forever preferred_lft forever
6: eth4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff
    inet 192.168.24.1/28 brd 192.168.24.15 scope global eth4
       valid_lft forever preferred_lft forever
7: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    inet6 ****::****:****:****:****/64 scope link

別のマシンからこのマシンに対してdhcp要求を出して正しく設定されるか確認。

$ ip addr list eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
    link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff
    inet 192.168.24.2/28 brd 192.168.24.15 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 ****::***:****:****:****/64 scope link
       valid_lft forever preferred_lft forever
$ cat /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4

このままだとこのマシンからIPアドレスを貰ったマシンで外に出られないので、このマシンを NAT ルータ化ために、パケット転送を許可する。

# sysctl --all | grep ip_forward
net.ipv4.ip_forward = 0
net.ipv4.ip_forward_use_pmtu = 0
# echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.d/01-nat.conf
# shutdown -r

再起動後に状態確認。

# sysctl --all | grep ip_forward
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_use_pmtu = 0

iptables-persistent をインストールして iptables の状態を再起動後に自動反映させる。反映させたい状態を保存するには ip6tables-save と iptables-save の結果を適当な場所に保存する。

# apt-get install iptables-persistent
# iptables -t nat -A POSTROUTING -j MASQUERADE
(snip)
# dpkg-reconfigure iptables-persistent
(snip)
# iptables-save > /etc/iptables/rules.v4
# ip6tables-save > /etc/iptables/rules.v6
# shutdown -r

別のマシンから外に出れるか確認。

$ ping -c 4 google.com
PING google.com (172.217.25.238) 56(84) bytes of data.
64 bytes from nrt12s14-in-f14.1e100.net (172.217.25.238): icmp_seq=1 ttl=54 time=15.3 ms
64 bytes from nrt12s14-in-f14.1e100.net (172.217.25.238): icmp_seq=2 ttl=54 time=14.9 ms
64 bytes from nrt12s14-in-f14.1e100.net (172.217.25.238): icmp_seq=3 ttl=54 time=16.2 ms
64 bytes from nrt12s14-in-f14.1e100.net (172.217.25.238): icmp_seq=4 ttl=54 time=14.0 ms

--- google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 14.085/15.150/16.217/0.774 ms

無線LANホスト用設定

無線LAN用に必要なツールのインストール。

# apt-get install iw hostapd wpasupplicant

lspci を使ってデバイスの詳細を確認

#  lspci | grep Atheros
06:00.0 Network controller: Qualcomm Atheros AR93xx Wireless Network Adapter (rev 01)
# lspci -s 06:00.0 -vv
06:00.0 Network controller: Qualcomm Atheros AR93xx Wireless Network Adapter (rev 01)
        Subsystem: Qualcomm Atheros Device 3112
        Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx-
        Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
        Latency: 0, Cache Line Size: 64 bytes
        Interrupt: pin A routed to IRQ 16
        Region 0: Memory at fe8e0000 (64-bit, non-prefetchable) [size=128K]
        Expansion ROM at fe8d0000 [disabled] [size=64K]
        Capabilities: [40] Power Management version 3
                Flags: PMEClk- DSI- D1+ D2- AuxCurrent=375mA PME(D0+,D1+,D2-,D3hot+,D3cold-)
                Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
        Capabilities: [50] MSI: Enable- Count=1/4 Maskable+ 64bit+
                Address: 0000000000000000  Data: 0000
                Masking: 00000000  Pending: 00000000
        Capabilities: [70] Express (v2) Endpoint, MSI 00
                DevCap: MaxPayload 128 bytes, PhantFunc 0, Latency L0s <1us, L1 <8us
                        ExtTag- AttnBtn- AttnInd- PwrInd- RBE+ FLReset-
                DevCtl: Report errors: Correctable- Non-Fatal- Fatal- Unsupported-
                        RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
                        MaxPayload 128 bytes, MaxReadReq 512 bytes
                DevSta: CorrErr+ UncorrErr- FatalErr- UnsuppReq+ AuxPwr- TransPend-
                LnkCap: Port #0, Speed 2.5GT/s, Width x1, ASPM L0s L1, Exit Latency L0s <2us, L1 <64us
                        ClockPM- Surprise- LLActRep- BwNot-
                LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk+
                        ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
                LnkSta: Speed 2.5GT/s, Width x1, TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
                DevCap2: Completion Timeout: Not Supported, TimeoutDis+, LTR-, OBFF Not Supported
                DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled
                LnkCtl2: Target Link Speed: 2.5GT/s, EnterCompliance- SpeedDis-
                         Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
                         Compliance De-emphasis: -6dB
                LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
                         EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
        Capabilities: [100 v1] Advanced Error Reporting
                UESta:  DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
                UEMsk:  DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
                UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
                CESta:  RxErr- BadTLP- BadDLLP- Rollover- Timeout- NonFatalErr+
                CEMsk:  RxErr- BadTLP- BadDLLP- Rollover- Timeout- NonFatalErr+
                AERCap: First Error Pointer: 00, GenCap- CGenEn- ChkCap- ChkEn-
        Capabilities: [140 v1] Virtual Channel
                Caps:   LPEVC=0 RefClk=100ns PATEntryBits=1
                Arb:    Fixed- WRR32- WRR64- WRR128-
                Ctrl:   ArbSelect=Fixed
                Status: InProgress-
                VC0:    Caps:   PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
                        Arb:    Fixed- WRR32- WRR64- WRR128- TWRR128- WRR256-
                        Ctrl:   Enable+ ID=0 ArbSelect=Fixed TC/VC=ff
                        Status: NegoPending- InProgress-
        Capabilities: [300 v1] Device Serial Number 00-00-00-00-00-00-00-00
        Kernel driver in use: ath9k

iw list でネットワークアダプタの機能詳細を確認。

# iw list
Wiphy phy0
        max # scan SSIDs: 4
        max scan IEs length: 2257 bytes
        Retry short limit: 7
        Retry long limit: 4
        Coverage class: 0 (up to 0m)
        Device supports RSN-IBSS.
        Device supports AP-side u-APSD.
        Device supports T-DLS.
        Supported Ciphers:
                * WEP40 (00-0f-ac:1)
                * WEP104 (00-0f-ac:5)
                * TKIP (00-0f-ac:2)
                * CCMP (00-0f-ac:4)
                * CMAC (00-0f-ac:6)
        Available Antennas: TX 0x7 RX 0x7
        Configured Antennas: TX 0x7 RX 0x7
        Supported interface modes:
                 * IBSS
                 * managed
                 * AP
                 * AP/VLAN
                 * WDS
                 * monitor
                 * mesh point
                 * P2P-client
                 * P2P-GO
        Band 1:
                Capabilities: 0x11ef
                        RX LDPC
                        HT20/HT40
                        SM Power Save disabled
                        RX HT20 SGI
                        RX HT40 SGI
                        TX STBC
                        RX STBC 1-stream
                        Max AMSDU length: 3839 bytes
                        DSSS/CCK HT40
                Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
                Minimum RX AMPDU time spacing: 8 usec (0x06)
                HT TX/RX MCS rate indexes supported: 0-23
                Bitrates (non-HT):
                        * 1.0 Mbps
                        * 2.0 Mbps (short preamble supported)
                        * 5.5 Mbps (short preamble supported)
                        * 11.0 Mbps (short preamble supported)
                        * 6.0 Mbps
                        * 9.0 Mbps
                        * 12.0 Mbps
                        * 18.0 Mbps
                        * 24.0 Mbps
                        * 36.0 Mbps
                        * 48.0 Mbps
                        * 54.0 Mbps
                Frequencies:
                        * 2412 MHz [1] (23.0 dBm)
                        * 2417 MHz [2] (23.0 dBm)
                        * 2422 MHz [3] (23.0 dBm)
                        * 2427 MHz [4] (23.0 dBm)
                        * 2432 MHz [5] (23.0 dBm)
                        * 2437 MHz [6] (23.0 dBm)
                        * 2442 MHz [7] (23.0 dBm)
                        * 2447 MHz [8] (23.0 dBm)
                        * 2452 MHz [9] (23.0 dBm)
                        * 2457 MHz [10] (23.0 dBm)
                        * 2462 MHz [11] (23.0 dBm)
                        * 2467 MHz [12] (disabled)
                        * 2472 MHz [13] (disabled)
                        * 2484 MHz [14] (disabled)
        Band 2:
                Capabilities: 0x11ef
                        RX LDPC
                        HT20/HT40
                        SM Power Save disabled
                        RX HT20 SGI
                        RX HT40 SGI
                        TX STBC
                        RX STBC 1-stream
                        Max AMSDU length: 3839 bytes
                        DSSS/CCK HT40
                Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
                Minimum RX AMPDU time spacing: 8 usec (0x06)
                HT TX/RX MCS rate indexes supported: 0-23
                Bitrates (non-HT):
                        * 6.0 Mbps
                        * 9.0 Mbps
                        * 12.0 Mbps
                        * 18.0 Mbps
                        * 24.0 Mbps
                        * 36.0 Mbps
                        * 48.0 Mbps
                        * 54.0 Mbps
                Frequencies:
                        * 5180 MHz [36] (16.0 dBm) (no IR)
                        * 5200 MHz [40] (16.0 dBm) (no IR)
                        * 5220 MHz [44] (16.0 dBm) (no IR)
                        * 5240 MHz [48] (16.0 dBm)
                        * 5260 MHz [52] (13.0 dBm) (no IR, radar detection)
                          DFS state: usable (for 2645 sec)
                          DFS CAC time: 0 ms
                        * 5280 MHz [56] (14.0 dBm) (no IR, radar detection)
                          DFS state: usable (for 2645 sec)
                          DFS CAC time: 0 ms
                        * 5300 MHz [60] (14.0 dBm) (no IR, radar detection)
                          DFS state: usable (for 2645 sec)
                          DFS CAC time: 0 ms
                        * 5320 MHz [64] (13.0 dBm) (no IR, radar detection)
                          DFS state: usable (for 2645 sec)
                          DFS CAC time: 0 ms
                        * 5500 MHz [100] (disabled)
                        * 5520 MHz [104] (disabled)
                        * 5540 MHz [108] (disabled)
                        * 5560 MHz [112] (disabled)
                        * 5580 MHz [116] (disabled)
                        * 5600 MHz [120] (disabled)
                        * 5620 MHz [124] (disabled)
                        * 5640 MHz [128] (disabled)
                        * 5660 MHz [132] (disabled)
                        * 5680 MHz [136] (disabled)
                        * 5700 MHz [140] (disabled)
                        * 5745 MHz [149] (20.0 dBm) (no IR)
                        * 5765 MHz [153] (20.0 dBm) (no IR)
                        * 5785 MHz [157] (20.0 dBm) (no IR)
                        * 5805 MHz [161] (20.0 dBm) (no IR)
                        * 5825 MHz [165] (20.0 dBm) (no IR)
        Supported commands:
                 * new_interface
                 * set_interface
                 * new_key
                 * start_ap
                 * new_station
                 * new_mpath
                 * set_mesh_config
                 * set_bss
                 * authenticate
                 * associate
                 * deauthenticate
                 * disassociate
                 * join_ibss
                 * join_mesh
                 * remain_on_channel
                 * set_tx_bitrate_mask
                 * frame
                 * frame_wait_cancel
                 * set_wiphy_netns
                 * set_channel
                 * set_wds_peer
                 * tdls_mgmt
                 * tdls_oper
                 * probe_client
                 * set_noack_map
                 * register_beacons
                 * start_p2p_device
                 * set_mcast_rate
                 * Unknown command (104)
                 * connect
                 * disconnect
        Supported TX frame types:
                 * IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                 * managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                 * AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                 * AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                 * mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                 * P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                 * P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                 * P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
        Supported RX frame types:
                 * IBSS: 0x40 0xb0 0xc0 0xd0
                 * managed: 0x40 0xd0
                 * AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
                 * AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
                 * mesh point: 0xb0 0xc0 0xd0
                 * P2P-client: 0x40 0xd0
                 * P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
                 * P2P-device: 0x40 0xd0
        software interface modes (can always be added):
                 * AP/VLAN
                 * monitor
        valid interface combinations:
                 * #{ managed } <= 2048, #{ AP, mesh point } <= 8, #{ P2P-client, P2P-GO } <= 1,
                   total <= 2048, #channels <= 1, STA/AP BI must match
                 * #{ WDS } <= 2048,
                   total <= 2048, #channels <= 1, STA/AP BI must match
        HT Capability overrides:
                 * MCS: ff ff ff ff ff ff ff ff ff ff
                 * maximum A-MSDU length
                 * supported channel width
                 * short GI for 40 MHz
                 * max A-MPDU length exponent
                 * min MPDU start spacing
        Device supports TX status socket option.
        Device supports HT-IBSS.
        Device supports SAE with AUTHENTICATE command
        Device supports low priority scan.
        Device supports scan flush.
        Device supports AP scan.
        Device supports per-vif TX power setting
        Driver supports a userspace MPM
        Device supports active monitor (which will ACK incoming frames)
        Driver/device bandwidth changes during BSS lifetime (AP/GO mode)

hostapd のインストール。/usr/share/doc/hostapd/README.Debian の内容に従って、例を /etc/hostapd/hostapd.conf にインストール、編集。/etc/default/hostapd の中でデーモンとして起動する場合に参照する設定ファイルを指定。

# apt-get install hostapd
# less /usr/share/doc/hostapd/README.Debian
# zcat /usr/share/doc/hostapd/examples/hostapd.conf.gz > /etc/hostapd/hostapd.conf
# cat << EOF >> /etc/default/hostapd
DAEMON_CONF="/etc/hostapd/hostapd.conf"
EOF

hostapd を再スタートして、状態を確認。適当な端末で ssid が test のものが存在するか確認。

# systemctl restart hostapd
# systemctl status hostapd
● hostapd.service - LSB: Advanced IEEE 802.11 management daemon
   Loaded: loaded (/etc/init.d/hostapd)
   Active: active (running) since *** ****-**-** **:**:** ***; 2s ago
  Process: 2225 ExecStop=/etc/init.d/hostapd stop (code=exited, status=0/SUCCESS)
  Process: 2230 ExecStart=/etc/init.d/hostapd start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/hostapd.service
           └─2234 /usr/sbin/hostapd -B -P /run/hostapd.pid /etc/hostapd/hostapd.conf

*** ** **:**:** ************** hostapd[2230]: Starting advanced IEEE 802.11 management: hostapd.

認証系の設定。wpa_passphrase を使って接続用の MAC アドレスとパスワードの対応表を作成し、設定に反映。

# wpa_passphrase ***** ********
network={
        ssid="*****"
        #psk="********"
        psk=****************************************************************
}
# cat << EOF >> /etc/hostapd.wpa_psk
**:**:**:**:**:** ****************************************************************
EOF
#  grep --invert-match --regex='#' --regex='^$' /etc/hostapd/hostapd.conf
interface=wlan0
driver=nl80211
ssid=********************
country_code=JP
channel=8
wpa=2
wpa_psk_file=/etc/hostapd.wpa_psk
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
hw_mode=g
wmm_enabled=1
ieee80211n=1
ht_capab=[HT20][HT40-][SHORT-GI-40][RX-STBC1][TX-STBC][AMPDU][DSSS_CCK-40]
# systemctl restart hostapd

接続すると以下の様なログが流れる。

# systemctl status hostapd
● hostapd.service - LSB: Advanced IEEE 802.11 management daemon
   Loaded: loaded (/etc/init.d/hostapd)
   Active: active (running) since *** ****-**-** **:**:** ***; 6min ago
  Process: 3507 ExecStop=/etc/init.d/hostapd stop (code=exited, status=0/SUCCESS)
  Process: 3512 ExecStart=/etc/init.d/hostapd start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/hostapd.service
           └─3517 /usr/sbin/hostapd -B -P /run/hostapd.pid /etc/hostapd/hostapd.conf

*** ** **:**:** ************** hostapd[3517]: wlan0: STA **:**:**:**:**:** IEEE 802.11: authenticated
*** ** **:**:** ************** hostapd[3517]: wlan0: STA **:**:**:**:**:** IEEE 802.11: associated (aid 1)
*** ** **:**:** ************** hostapd[3517]: wlan0: STA **:**:**:**:**:** RADIUS: starting accounting session 576073B8-00000002
*** ** **:**:** ************** hostapd[3517]: wlan0: STA **:**:**:**:**:** WPA: pairwise key handshake completed (RSN)
*** ** **:**:** ************** hostapd[3517]: wlan0: STA **:**:**:**:**:** IEEE 802.11: authenticated
*** ** **:**:** ************** hostapd[3517]: wlan0: STA **:**:**:**:**:** IEEE 802.11: associated (aid 1)
*** ** **:**:** ************** hostapd[3517]: wlan0: STA **:**:**:**:**:** RADIUS: starting accounting session 576073B8-00000003
*** ** **:**:** ************** hostapd[3517]: wlan0: STA **:**:**:**:**:** WPA: pairwise key handshake completed (RSN)

パスワードが間違っている場合、以下。

# systemctl status hostapd
● hostapd.service - LSB: Advanced IEEE 802.11 management daemon
   Loaded: loaded (/etc/init.d/hostapd)
   Active: active (running) since *** ****-**-** **:**:** ***; 43s ago
  Process: 3551 ExecStop=/etc/init.d/hostapd stop (code=exited, status=0/SUCCESS)
  Process: 3677 ExecStart=/etc/init.d/hostapd start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/hostapd.service
           └─3680 /usr/sbin/hostapd -B -P /run/hostapd.pid /etc/hostapd/hostapd.conf

*** ** **:**:** ************** hostapd[3677]: Starting advanced IEEE 802.11 management: hostapd.
*** ** **:**:** ************** hostapd[3680]: wlan0: STA **:**:**:**:**:** IEEE 802.11: authenticated
*** ** **:**:** ************** hostapd[3680]: wlan0: STA **:**:**:**:**:** IEEE 802.11: associated (aid 1)
*** ** **:**:** ************** hostapd[3680]: wlan0: STA **:**:**:**:**:** IEEE 802.11: deauthenticated due to local deauth request
*** ** **:**:** ************** hostapd[3680]: wlan0: STA **:**:**:**:**:** IEEE 802.11: authenticated
*** ** **:**:** ************** hostapd[3680]: wlan0: STA **:**:**:**:**:** IEEE 802.11: associated (aid 1)
*** ** **:**:** ************** hostapd[3680]: wlan0: STA **:**:**:**:**:** IEEE 802.11: deauthenticated due to local deauth request

ネットワークインターフェイスにIPアドレスを割り当てる。

# cat << EOF >> /etc/network/interfaces
allow-hotplug wlan0
auto wlan0
iface wlan0 inet static
        address 192.168.110.1
        netmask 255.255.255.248
        network 192.168.110.0
        up route add -net 192.168.110.0 netmask 255.255.255.248 gw 192.168.110.1
        pre-down route del -net 192.168.110.0 netmask 255.255.255.248 gw 192.168.110.1
EOF

dhcpdでipアドレスを割り当て、さらにMACアドレスで割り当てるIPアドレスを指定する例

# cat << EOF >> /etc/dhcp/dhcpd.conf
subnet 192.168.100.0 netmask 255.255.255.248 {
        option routers 192.168.100.1;
        range 192.168.100.2 192.168.100.5;
}
host foobar {
        hardware ethernet **:**:**:**:**:**
        fixed-address 192.168.100.2;
        option host-name "foobar";
}
EOF
# hostapd /etc/hostapd/hostapd.conf

最後にホストで動いているサービスにwlan0からつながるための設定

# /sbin/iptables -A INPUT -j ACCEPT -i wlan0

ブチブチ接続が切れるわけじゃないけど、RSSI値が大体-47から-45程度。リンクスピードが130Mbps。アンテナ同士が近づけばかなり改善するので、アンテナに延長ケーブルを付けたい。

実効的な速度は優先の10分の1程度になってしまった。有線(100Mbpsリンク)と無線(130Mbpsリンク)とでそれぞれsambaマウントしたディレクトリにddでファイル書き込みした場合の速度。有線はリンクスピードの8-9割出ているが、無線はリンクスピードの1割程度。結局有線のほうが早い結果になってる。

$ cd /mnt/wire
$ dd if=/dev/zero of=./test count=10 bs=10M && rm ./test
10+0 records in
10+0 records out
104857600 bytes (105 MB) copied, 9.18348 s, 11.4 MB/s
$ dd if=/dev/zero of=./test count=10 bs=100M && rm ./test
10+0 records in
10+0 records out
1048576000 bytes (1.0 GB) copied, 106.746 s, 9.8 MB/s
$ cd /mnt/wireless
$ dd if=/dev/zero of=./test count=10 bs=10M && rm ./test
10+0 records in
10+0 records out
104857600 bytes (105 MB) copied, 63.8521 s, 1.6 MB/s
$ dd if=/dev/zero of=./test count=10 bs=100M && rm ./test
10+0 records in
10+0 records out
1048576000 bytes (1.0 GB) copied, 649.335 s, 1.6 MB/s

10 分間隔で "group key handshake completed" というメッセージが出る

ログを眺めていたら、以下のようなメッセージが10分間隔で出ている。これは正常。

# tail -f /var/log/daemon.log
Jul  6 13:59:31 ****** hostapd: wlan0: STA **:**:**:**:**:** WPA: group key handshake completed (RSN)
Jul  6 14:09:31 ****** hostapd: wlan0: STA **:**:**:**:**:** WPA: group key handshake completed (RSN)
Jul  6 14:19:31 ****** hostapd: wlan0: STA **:**:**:**:**:** WPA: group key handshake completed (RSN)
Jul  6 14:29:31 ****** hostapd: wlan0: STA **:**:**:**:**:** WPA: group key handshake completed (RSN)

以下を設定ファイルに追記すれば、間隔を5分にすることも可能。hostapdを再起動。

# echo "wpa_group_rekey=300" >> /etc/hostapd/hostapd.conf
# /etc/init.d/hostapd restart
Stopping advanced IEEE 802.11 management: hostapd.
Starting advanced IEEE 802.11 management: hostapd.
# tail -f /var/log/daemon.log
Jul  6 14:59:34 ****** hostapd: wlan0: STA 00:1d:e0:31:7f:7f WPA: group key handshake completed (RSN)
Jul  6 15:04:34 ****** hostapd: wlan0: STA 00:1d:e0:31:7f:7f WPA: group key handshake completed (RSN)

さらに、時々接続が切断される様子。接続状態をキープしたい。

# echo "wmm_enabled=0" >> /etc/hostapd/hostapd.conf
# /etc/init.d/hostapd restart
Stopping advanced IEEE 802.11 management: hostapd.
Starting advanced IEEE 802.11 management: hostapd.

温度監視系設定

必要なパッケージのインストール

# apt-get install hddtemp lm-sensors
(snip)

設定と確認

$ sensors
k10temp-pci-00c3
Adapter: PCI adapter
temp1:        +34.0°C  (high = +70.0°C)
                       (crit = +100.0°C, hyst = +95.0°C)

# sensors-detect
(snip)
# cat /etc/modules
(snip)
# Generated by sensors-detect on *** *** ** **:**:** ****
# Chip drivers
jc42
# shoutdown -h
$ sensors
jc42-i2c-0-18
Adapter: SMBus PIIX4 adapter at 0b00
temp1:        +32.5°C  (low  =  +0.0°C)                  ALARM (HIGH, CRIT)
                       (high =  +0.0°C, hyst =  +0.0°C)
                       (crit =  +0.0°C, hyst =  +0.0°C)

k10temp-pci-00c3
Adapter: PCI adapter
temp1:        +37.1°C  (high = +70.0°C)
                       (crit = +100.0°C, hyst = +95.0°C)

# hddtemp /dev/sd?
/dev/sda: ***************: 37°C
/dev/sdb: ***********: 37°C
/dev/sdc: ***********************: 40°C
/dev/sdd: ***********************: 45°C

可視化と定常監視用に zabbix を導入。今回は自分自身の監視を行うので、エージェントもサーバもインストール。

# apt-get install mysql-server zabbix-agent zabbix-server-mysql zabbix-frontend-php php5-mysql
# vi \
        /usr/share/doc/zabbix-frontend-php/README.Debian \
        /etc/php5/apache2/php.ini \
;

リファレンス

  1. hostapd Atheros - Google 検索
  2. Drivers - Linux Wireless
  3. ath9k - Linux Wireless
  4. external - Linux Wireless
  5. Atheros AR9160 802.11a/b/g/n 300Mbps PCIバス用無線LANアダプター - 再生屋
  6. Amazon.co.jp: Atheros PCI 無線lanアダプタ アンテナ込 2.4GHz/5GHz 802.11a/b/g/n 300Mbps DNMA-83/AR9160+AR9106: パソコン・周辺機器
  7. DNMA-83 - 802.11n a/b/g wifi 3x3 mini-PCI module, MB82/AR9160+AR9106 | Unex Technology
  8. Unex DNMA-83 - WikiDevi
  9. TL-WN951N - Welcome to TP-LINK
  10. TL-WN851ND - Welcome to TP-LINK
  11. How to find the hardware version on a TP-Link device? - Welcome to TP-LINK
  12. TP-LINK TL-WN951N v3 - WikiDevi
  13. hostapd 10 min - Google 検索
  14. wpa_supplicant / hostapd: Developers' documentation for wpa_supplicant and hostapd
  15. supergrub/cfgdetect.cfg at master · supergrub/supergrub · GitHub

ソーシャルブックマーク

  1. はてなブックマーク
  2. Google Bookmarks
  3. del.icio.us

ChangeLog

  1. Posted: 2007-12-10T00:05:10+09:00
  2. Modified: 2007-12-10T00:05:10+09:00
  3. Generated: 2018-08-13T23:09:10+09:00