Arch Linux

Duologic

Member

From: Belgium

Registered: 2007-11-11

Posts: 249

Server/Router Configuration (dnsmasq,iptables,hostapd,ssh)

I have this configuration here for some time now, recently switched from dhcpd to dnsmasq. Thought I should share it for the ones interested. I was (and still) thinking of writing a little manual for this on my blog, but that has been postponed a few times. Any questions may be asked, but I can't promise that I know the answer.

Mind the censorship for some personal stuff like passphrases and mac addresses. There are also some minor things like hosts.allow and ip_forward that might need configuration.

# cat /etc/dnsmasq.conf
interface=wlan0
bind-interfaces
dhcp-range=192.168.6.50,192.168.6.100,24h
dhcp-host=XX:XX:XX:XX:XX:XX,192.168.6.50
dhcp-host=XX:XX:XX:XX:XX:XX,192.168.6.51

# cat /etc/iptables/iptables.rules
# Generated by iptables-save v1.4.5 on Wed Feb  3 00:59:02 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A OUTPUT -o eth1 -j LOG --log-level 3 
COMMIT
# Completed on Wed Feb  3 00:59:02 2010
# Generated by iptables-save v1.4.5 on Wed Feb  3 00:59:02 2010
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o eth1 -j MASQUERADE 
COMMIT
# Completed on Wed Feb  3 00:59:02 2010

# cat /etc/hostapd/hostapd.conf
interface=wlan0
driver=nl80211
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=SomeAccessPoint
hw_mode=g
channel=6
max_num_sta=255
macaddr_acl=0
auth_algs=3
wmm_enabled=1
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0
wpa=2
wpa_passphrase=###passphrase###
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
wpa_group_rekey=600
wpa_gmk_rekey=86400

# cat /etc/ssh/sshd_config 
Port 44022
ListenAddress 0.0.0.0
Protocol 2
LogLevel INFO
PermitRootLogin no
ChallengeResponseAuthentication no
UsePAM yes
TCPKeepAlive yes
ClientAliveInterval 30
ClientAliveCountMax 99999
Subsystem    sftp    internal-sftp
AllowUsers you 
Match Group sftpusers
    ChrootDirectory %h
    ForceCommand internal-sftp

# cat /etc/ssh/ssh_config 
Host *
Protocol 2
HashKnownHosts yes
StrictHostKeyChecking ask
ServerAliveInterval 15
ServerAliveCountMax 3

Last edited by Duologic (2010-05-06 14:43:49)