Aug 31, 2021
Technology目的
将闲置的RPI变为一个AP,有线转无线,用于快速连接网络开发。
准备材料
下载2021-05-07-raspios-buster-armhf-lite.zip, 解压并写入SD卡,之后用SD卡启动RPI3, 默认用户名及密码是pi/raspberry, 写入后使用rpi-config扩充文件系统:
pi@raspberrypi:~ $ uname -a
Linux raspberrypi 5.10.52-v7+ #1441 SMP Tue Aug 3 18:10:09 BST 2021 armv7l GNU/Linux
pi@raspberrypi:~ $ cat /etc/issue
Raspbian GNU/Linux 10 \n \l
步骤
更改为tsinghua的源以加速:
# 编辑 `/etc/apt/sources.list` 文件,删除原文件所有内容,用以下内容取代:
deb http://mirrors.tuna.tsinghua.edu.cn/raspbian/raspbian/ buster main non-free contrib rpi
deb-src http://mirrors.tuna.tsinghua.edu.cn/raspbian/raspbian/ buster main non-free contrib rpi
# 编辑 `/etc/apt/sources.list.d/raspi.list` 文件,删除原文件所有内容,用以下内容取代:
deb http://mirrors.tuna.tsinghua.edu.cn/raspberrypi/ buster main ui
下载hostapd及dhcp服务器:
# sudo apt-get update -y
# sudo apt-get upgrade -y
# sudo apt-get install hostapd isc-dhcp-server iptables-persistent
配置DHCP服务器:
$ sudo vim /etc/dhcp/dhcpd.conf
找到以下行(这里需要注释掉默认的选项):
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
替换为:
#option domain-name "example.org";
#option domain-name-servers ns1.example.org, ns2.example.org;
找到以下行(这里是激活authoritative选项):
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
替换为:
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
在文件的末尾添加以下定义:
subnet 172.16.42.0 netmask 255.255.255.0 {
range 172.16.42.10 172.16.42.50;
option broadcast-address 172.16.42.255;
option routers 172.16.42.1;
default-lease-time 600;
max-lease-time 7200;
option domain-name "local";
option domain-name-servers 8.8.8.8, 8.8.4.4;
}
现在保存后退出。
现在编辑isc-dhcp-server的默认定义文件,配置其监听的端口:
# sudo vim /etc/default/isc-dhcp-server
.....
INTERFACESv4="wlan0"
INTERFACESv6="wlan0"
编辑wlan0的静态地址(这里我们顺便设置了eth0的静态地址):
# sudo vim /etc/network/interfaces
auto wlan0
iface wlan0 inet static
address 172.16.42.1
netmask 255.255.255.0
auto eth0
iface eth0 inet static
address 192.168.1.117
netmask 255.255.255.0
gateway 192.168.1.33
配置hostapd:
# sudo vim /etc/hostapd/hostapd.conf
country_code=US
interface=wlan0
driver=nl80211
ssid=Pi_AP
country_code=US
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=xxxxxxxxxxxx
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
wpa_group_rekey=86400
ieee80211n=1
wme_enabled=1
配置hostapd的默认配置文件:
# sudo vim /etc/default/hostapd
Find the line #DAEMON_CONF="" and edit it so it says DAEMON_CONF="/etc/hostapd/hostapd.conf"
配置NAT(网络地址转换) :
# sudo vim /etc/sysctl.conf
pi@raspberrypi:~ $ cat /etc/sysctl.conf | grep ip_forward
net.ipv4.ip_forward=1
最后保存iptables:
sudo iptables -t nat -S
sudo iptables -S
sudo sh -c "iptables-save > /etc/iptables/rules.v4"
iptables-persistent会在启动的时候自动载入保存的规则。
如此则可以将RPi3作为一个无线接入点来使用。
Aug 26, 2021
Technology步骤
Install CentOS 7.4 :
With route:
[root@intelandroid ctctest]# ip route
default via 192.168.91.254 dev enp61s0f0 proto static metric 100
192.168.89.0/24 dev enp61s0f0 proto kernel scope link src 192.168.89.108 metric 100
192.168.91.254 dev enp61s0f0 proto static scope link metric 100
[root@intelandroid ctctest]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp61s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq portid 3cd2e55e05da state UP qlen 1000
link/ether 3c:d2:e5:5e:05:da brd ff:ff:ff:ff:ff:ff
inet 192.168.89.108/24 brd 192.168.89.255 scope global enp61s0f0
valid_lft forever preferred_lft forever
inet6 fe80::1e1f:7e4d:5f9f:a2ab/64 scope link
valid_lft forever preferred_lft forever
Update grub:
# vim /etc/default/grub
...
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos/root rhgb quiet modprobe.blacklist=ast"
...
# grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg
# reboot
After reboot, check ast module is not loaded:
# lsmod | grep ast
Should be nothing here.
Aug 23, 2021
TechnologyHardware & OS
Refers to:
https://www.h3c.com/en/Support/Resource_Center/EN/Severs/Catalog/Optional_Parts/GPU/Technical_Documents/Install/User_Guide/H3C_XG310_GPU_UG-5W100/
# cat /etc/issue
Ubuntu 20.04.1 LTS \n \l
# uname -a
Linux xxxxxxxxxxxxxxxxxx 5.4.48+ #1 SMP Wed Feb 3 10:57:04 CST 2021 x86_64 x86_64 x86_64 GNU/Linux
CPU and memory:
# cat /proc/cpuinfo
...
processor : 95
vendor_id : GenuineIntel
cpu family : 6
model : 85
model name : Intel(R) Xeon(R) Gold 6248R CPU @ 3.00GHz
...
# free -g
total used free shared buff/cache available
Mem: 503 3 496 0 3 497
Swap: 1 0 1
Steps
Steps:
# mkdir IntelAndroid
# tar xzvf xxxxxxxxxxxx.tar.gz
Aug 17, 2021
Technology硬件配置
2核2G, 虚拟机,
其磁盘文件为openwrt-21.02.0-rc3-x86-64-generic-ext4-combined.img.
网络配置
隔离网络:
NAT网络:
启动完毕后,安装以下opkg包:
# opkg install redsocks
OpenWRT中配置:
Wan:
LAN:
Enable dhcp server:
Devices:
DNS:
redsocks items
/etc/redsocks.conf:
base {
// debug: connection progress & client list on SIGUSR1
log_debug = off;
// info: start and end of client session
log_info = on;
/* possible `log' values are:
* stderr
* "file:/path/to/file"
* syslog:FACILITY facility is any of "daemon", "local0"..."local7"
*/
// log = stderr;
// log = "file:/path/to/file";
log = "syslog:local7";
// detach from console
daemon = on;
/* Change uid, gid and root directory, these options require root
* privilegies on startup.
* Note, your chroot may requre /etc/localtime if you write log to syslog.
* Log is opened before chroot & uid changing.
*/
// user = nobody;
// group = nobody;
// chroot = "/var/chroot";
/* possible `redirector' values are:
* iptables - for Linux
* ipf - for FreeBSD
* pf - for OpenBSD
* generic - some generic redirector that MAY work
*/
redirector = iptables;
}
redsocks {
/* `local_ip' defaults to 127.0.0.1 for security reasons,
* use 0.0.0.0 if you want to listen on every interface.
* `local_*' are used as port to redirect to.
*/
local_ip = 192.168.89.254;
local_port = 12345;
// listen() queue length. Default value is SOMAXCONN and it should be
// good enough for most of us.
// listenq = 128; // SOMAXCONN equals 128 on my Linux box.
// `max_accept_backoff` is a delay to retry `accept()` after accept
// failure (e.g. due to lack of file descriptors). It's measured in
// milliseconds and maximal value is 65535. `min_accept_backoff` is
// used as initial backoff value and as a damper for `accept() after
// close()` logic.
// min_accept_backoff = 100;
// max_accept_backoff = 60000;
// `ip' and `port' are IP and tcp-port of proxy-server
// You can also use hostname instead of IP, only one (random)
// address of multihomed host will be used.
ip = 10.50.208.147;
port = 8118;
// known types: socks4, socks5, http-connect, http-relay
type = socks5;
// login = "foobar";
// password = "baz";
}
redudp {
// `local_ip' should not be 0.0.0.0 as it's also used for outgoing
// packets that are sent as replies - and it should be fixed
// if we want NAT to work properly.
local_ip = 127.0.0.1;
local_port = 10053;
// `ip' and `port' of socks5 proxy server.
ip = 10.0.0.1;
port = 1080;
login = username;
password = pazzw0rd;
// redsocks knows about two options while redirecting UDP packets at
// linux: TPROXY and REDIRECT. TPROXY requires more complex routing
// configuration and fresh kernel (>= 2.6.37 according to squid
// developers[1]) but has hack-free way to get original destination
// address, REDIRECT is easier to configure, but requires `dest_ip` and
// `dest_port` to be set, limiting packet redirection to single
// destination.
// [1] http://wiki.squid-cache.org/Features/Tproxy4
dest_ip = 8.8.8.8;
dest_port = 53;
udp_timeout = 30;
udp_timeout_stream = 180;
}
dnstc {
// fake and really dumb DNS server that returns "truncated answer" to
// every query via UDP, RFC-compliant resolver should repeat same query
// via TCP in this case.
local_ip = 127.0.0.1;
local_port = 5300;
}
// you can add more `redsocks' and `redudp' sections if you need.
/etc/init.d/redsocks content:
##### /etc/init.d/redsocks######
#!/bin/sh /etc/rc.common
# Copyright (C) 2007 OpenWrt.org
START=90
# check if configuration exists
[ -e "/etc/redsocks.conf" ] || exit 0
start() {
if [ -e "/var/run/redsocks.pid" ]; then
echo "redsocks is already running"
exit 0
fi
/bin/echo -n "running redsocks ..."
# startup the safety-wrapper for the daemon
/usr/sbin/redsocks -p /var/run/redsocks.pid
/bin/echo " done"
}
stop() {
if [ ! -e "/var/run/redsocks.pid" ]; then
echo "redsocks is not running"
exit 0
fi
/bin/echo -n "stopping redsocks ..."
# kill the process
/bin/kill $(cat /var/run/redsocks.pid)
rm /var/run/redsocks.pid
echo " done"
}
Iptables rules:
iptables -t nat -N REDSOCKS
# Ignore LANs IP address
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
# Anything else should be redirected to redsocks's local port
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
iptables -t nat -I zone_lan_prerouting -j REDSOCKS
Then with a reverse proxy you could cross gfw.
Reverse connect:
Internet machine(with 53 as its dns server):
ssh -o GatewayPorts=true -f -N -T -R *:18888:localhost:18888 docker@10.xxxxx
ssh -o GatewayPorts=true -f -N -T -R *:8118:10.10.3.19:1080 docker@10.xxxxxx
sudo socat tcp-listen:18888,reuseaddr,fork udp:127.0.0.1:53
Intranet machine:
socat -T15 udp4-recvfrom:53,bind=10.xxx.xxx.xx,fork tcp:localhost:18888
Aug 13, 2021
TechnologyVM Prepration
Download qcow2 from gitlab(arch built), then start a vm.
Update the mirrorlist from https://archlinux.org/mirrorlist/
Steps
Install yay:
$ sudo pacman -Sy git fakeroot vim pacman-mirrorlist
$ sudo pacman -Sy base-devel
$ cd /opt
$ sudo git clone https://aur.archlinux.org/yay-git.git
$ sudo chown -R arch:arch ./yay-git/
$ cd yay-git
$ makepkg -si
Install linux-mainline:
$ yay linux-mainline
