Experience creating a home Wi-Fi router. Part 2. Installing and configuring software

Hello again!

In the first part of the article, I talked about the “iron” component of the future router. Since without the software, even the most wonderful hardware, naturally, will not work, therefore, it was necessary to provide the device with the appropriate software "stuffing".
')
When I started all this movement, I assumed that it would be difficult. But did not imagine that so. In one of the comments to the previous part of the article, I vowed to tell about the following “by the weekend”. Wisely kept silent about which ones. :-) There still managed to get sick at the wrong time, but still keep my promise.

So…


I will remind a complete set:

• Intel D2500CC motherboard with dual-core 64-bit Intel Atom D2500 processor, two gigabit network interfaces
• SO-DIMM DDR-3 1066 4Gb Corsair RAM
• SSD Crucial M500 120 GB
• 1000 Mbit D-Link DGE-528T network card
• mini-PCI-E Wi-Fi Intel 7260.HMWWB 802.11 a / b / g / n / ac card + Bluetooth 4.0
• All this farm is packaged in a body Morex T-3460 60W

First of all, I determined for myself the range of tasks that the router will perform, so that in the future it would be easier for me to administer it.

Once again, I’ll clarify that these your Internet sites come to me through the 100 Mbit channel (the tariff, of course, gives a slightly lower speed, but not the essence). Actually, this is what happened:

• Internet access from all devices available at home to + n devices appearing sporadically or even once
• Home LAN
• Respectively, traffic routing from / to internet / local network
• File storage (FTP or Samba access)
• Torrentokachalka
• ed2k network (for the provider is very well developed)
• web server

In perspective:

• domain
• CCTV
• elements of "smart home"
• damn it in a mortar a lot of interesting things

It was natural in this situation to choose from * nix-based systems. Some time had to be spent on studying the materiel, rska on the network. In the end, I did the following way ...

---

1. FreeBSD 10.1-RELEASE

I really wanted to implement everything in the fryahe. Its advantages in managing network devices, servers / gateways / routers are obvious, indisputable and repeatedly sung by the guru.
Since I hadn’t closely dealt with cases before, I had to cool up the FreeBSD Handbook , accompanying the reading process with a parallel installation process on the device of the last stable release 10.1.

Everything was great, the system got up, but an unpleasant surprise was waiting for me, which I, frankly, knew, but I decided to test it in practice: FreeBSD refused to see the Wi-Fi card. Or rather, she saw it, but only the address and the name of the vendor, and she didn’t want to understand what it was and what it was eaten with (device driver was listed as none1 ). In addition, further reading of the manual revealed that, in the access point mode, FreeBSD only has Wi-Fi cards based on Prism chipsets. Pechalbeda ... Yes, I also found the information that my card currently has no driver at all. Even ported.

10. Debian 7.7.0

I did not get upset for long: the fryakh did not take place - take the good old Debian. Installed from a netinstall-image base system without a graphical environment. For a long time trying to understand what is wrong. The stable release of Debian is currently 7.7.0, has a kernel version 3.2. In this core, again, there is no support for my long-suffering Wi-Fi network card. I climbed on the ENT to look for an answer, in the end I received disappointing conclusions: it is necessary to put a fresher kernel (in the case of Debian, he still has hemorrhoids), dances with tambourine cores, in the opinion of the gurus, don’t trump the Debian-way (you just said: you want to re-core choose another distribution).

11. Ubuntu Server 14.04 LTS

Having spat on attempts to have a good time to redden eyes , I took a familiar and respected distribution kit. For more than a year, he (although version 12.04 LTS ) has been spinning on my server distributing buns on the provider's network.

From the pros: stability, ease of installation, configuration and administration, a lot of documentation.
Of the minuses: the need to refine the file, since the "snarves" turns out to be thick and somewhat clumsy.

Installation

In fact, it is nothing complicated and is similar to that in Debian. Produced in a text-mode dialog. I see no point in describing in detail, because All this has already been chewed dozens of times and lies on a variety of resources (starting with the official websites in different languages ​​and ending with small-town forums).

The important point is the correct layout and preparation of the SSD . Everyone knows that solid-state drives are built on flash-memory technology and have a limited write resource. For the sake of justice, I would note that in the vastness of the World Wide Web, verbs are said about the sufficient reliability of modern solid-state emitters (comparable to classic hard disks). Nevertheless, it would be foolish to spit on the elementary recommendations for the operation of SSD.

Before starting any manipulations with the drive, it is recommended to update the firmware, but it turned out to be the most recent on mine, so I missed this step.

The first necessary manipulation when marking the drive is the alignment of the disk partitions . In short, each section should begin with a sector of a multiple of 8. The first section is recommended to begin with sector 2048 (this is due to the location at the beginning of the MBR or GPT drive, and the “indent” of 1 MB is taken with a margin.

When marking I created 3 sections:

• boot - ext2
• root - ext4
• home - ext4

$ sudo fdisk -l  /dev/sda: 120.0 , 120034123776  255 , 63 /, 14593 ,  234441648  Units =  of 1 * 512 = 512 bytes   (/): 512  / 4096  I/O size (minimum/optimal): 4096 bytes / 4096 bytes  : 0x000ea779 -     Id  /dev/sda1 * 2048 1050623 524288 83 Linux /dev/sda2 1050624 42993663 20971520 83 Linux /dev/sda3 42993664 234440703 95723520 83 Linux 

As you can see, all partitions start with sectors that are multiples of 8. Thus, access will be carried out with reference to the correct sector, which will help preserve the delicate resource of the drive.

Further, in the partition mounting options in / etc / fstab , add discard - to enable TRIM and noatime - to disable writing to the metadata of the last file access time.


All the other tips, coagulated in the open spaces of the network, such as the increase in time between flushing buffers to disk (option = time, sec. ), Disabling the “barrier” ( barrier option = 0 ) and others did not inspire me with confidence in terms of utility acquired at the expense of data integrity and security.
In addition, I did not allocate a separate section for the swap, having decided that I should have enough RAM for the tasks. If, however, there is a need to swap, nothing prevents to make a swap as a file and mount it as a partition.

It was also a volitional decision to render temporary files (/ tmp) in tmpfs.

During the installation, common parameters are set, such as: locale, time / geolocation parameters, system name, as well as creating a new user and password to it. What follows is the choice of software to be installed, in which I marked the following for installation:

• OpenSSH server
• DNS server
• LAMP server
• Print server
• Samba file server

After booting into a freshly installed system, one extremely unpleasant feature showed up (by the way, Debian had the same thing): after initializing the drivers, the video was cut down, the monitor went into standby mode, and it became unclear how the system hung or just something was wrong with the output. It was found that there is ssh access, and it would be possible to stop there, but there can always be a situation when you need to get physical access to the router (for example, playful admin hands digging into the network settings, and access through the console is completely gone%)). Surfing the forums I came across a solution (it turns out the bug is known and manifests itself on this motherboard):

add to /etc/modprobe.d/blacklist.conf:
blacklist gma500_gfx

run
sudo update-initramfs -u
sudo reboot

Proof
In the case of Debian, /etc/modprobe.d/fbdev-blacklist.conf .
After the reboot, everything worked.

Network configuration

During the installation process, I chose the D-Link card as the network interface to be used for the installation. She was able to connect the patchcord to one of the LANs of my old router (this was done in order to have SSH access before configuring the network interfaces, and since Asus’s DHCP server was also running, there were no connection problems) Internet access will not be any problem.
Also in the fresh system, another glitch appeared:

no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory

The problem is related to the libpam-smbpass authorization library, you can simply demolish it, or you can do more elegantly:

 $ sudo pam-auth-update 

Uncheck SMB password synchronization , which disables the synchronization of passwords of system users and Samba users.
Install all available updates:

 $ sudo apt-get update $ sudo apt-get upgrade $ sudo apt-get dist-upgrade 

And proceed to configure the network interfaces. The router has 4 physical interfaces and loopback:

• eth0 - “looks” on the Internet, receives settings via DHCP
• eth1 and em0 - network adapters integrated into the motherboard
• wlan0 - as you might guess, the wireless interface Wi-Fi

Install hostapd and put the wireless interface into Master mode:

 $ sudo iwconfig wlan0 mode Master 

To my great regret, this method did not work, and the team fell out with an error, so I resorted to an alternative method:

 $ sudo apt-get install iw $ sudo iw dev wlan0 del $ sudo iw phy phy0 interface add wlan0 type __ap 

Then:

 $ iwconfig wlan0 IEEE 802.11abgn Mode:Master Tx-Power=0 dBm Retry long limit:7 RTS thr:off Fragment thr:off Power Management:on 

Now you need to configure all network interfaces to make it easier to work with them. I decided to integrate the built-in network cards and Wi-Fi into a bridge in order to manage this economy as a single entity when distributing IP addresses via DHCP, routing, etc. We lead to the following type of / etc / network / interfaces :

Reboot. Now we see:

All interfaces were initialized.
You can begin to configure hostapd . While we were discussing here, the version has become 2.1.
I got this config /etc/hostapd/hostapd.conf :

We enable the automatic launch of hostapd when the system boots, for this we uncomment and edit the lines in / etc / default / hostapd :

 DAEMON_CONF="/etc/hostapd/hostapd.conf" DAEMON_OPTS="-B" RUN_DAEMON="yes" 

Further, without further ado, I set up sharing. I took the script to configure iptables and ip-forwarding from here , adjusted it to fit my realities and set up autostart. As a result, iptables are filled with the necessary content when the system boots.
It is logical that you need to configure a DHCP server. Having decided to simplify the task to a minimum, I installed dnsmasq and removed the existing and conflicting bind9 with it. The config is simple:

In fact, there is a bunch of commented out options in the config that allow you to perform very fine tuning , but this set is quite enough for proper operation. In principle, from this point on, the device is already working as a home router.
After the end of the basic setup, I installed and configured the transmission-daemon , aMuled and vsftpd . As a matter of fact, setting up these services is rather trivial, I will not dwell on it in detail. Naturally, access to these resources is only available from the local network, if you want to gain access from the outside, you will need to open the corresponding ports in iptables .
Web server is a bunch of Apache 2.4.7 + MySQL Ver 14.14 Distrib 5.5.40 . I have not yet figured out what to fill it in: roll the finished engine and indulge in design or just practice html and php . In any case, this has practical significance for me. Perhaps in the future it will be possible to set up a web interface to monitor and control the router.
After all the manipulations, it remains to configure logging: if possible, bring up the settings of all processes leading to the logs, display only critical notifications and warnings in them. The idea is to reduce the number of write operations, and, accordingly, the negative impact on the SSD.
In addition, it should be strongly recommended to enable cron startup once a day fstrim (for each section separately). They say it won't be worse for sure.

Ffuh ... It turned out a somewhat messy description of my ordeals with a hand-assembled device, but the satisfaction that everything works is simply indescribable.

In the comments to the previous part of the article, the respected dmitrmax was interested in the level of energy consumption of the assembly. Well, here are some sample data that I managed to get from public sources:

• Intel Atom D2500 processor - up to 10 W
• SSD Crucial M500 - 3.6 W

For the rest of the data there was no data at once, but almost everywhere in the characteristics of the network card and the Wi-Fi module they write “low power consumption”. If you roughly throw 10 W into everything about everything (other hardware, integrated network cards, etc), then you get about 25 W - not so much, I suppose ...

It seems to have forgotten nothing, mentioned all the key points. For details, please comment. Thanks for attention! (-;

UPD: Mr. Revertis rightly remarked, and I agree with him that initially when installing the system, it was not necessary to mark the DNS server in order to demolish it later (this is bind9 ), but in the article I described exactly the path I had done - with all his mistakes and back streets. And yes, I agree that nginx is better than Apache , moreover - I will even replace it. Thanks for the advice.