vitouXY/wlanap.sh

## wlanap.sh
#!/bin/sh
[ $(id -u) = 0 ] || { echo "must be root" ; exit 1; }
set -o errexit
set -o nounset
set -o pipefail
set -o xtrace

#[ "$(find /sys/class/net/ -type l -name wlan0 2>&-)z" != "z" ] && exit 1

apt-get install wpa_supplicant dnsmasq
apt-get install iptables-persistent

cat << EOF | tee /etc/dnsmasq.d/wlan_ap.conf > /dev/null
#interface=wlan0,usb0
interface=wlan0
except-interface=wlan1
#no-dhcp-interface=lo
#listen-address=127.0.0.1
listen-address=127.0.0.1,10.0.0.1
#port=0
bind-interfaces
dhcp-authoritative
domain-needed
bogus-priv
filterwin2k
#cache-size=150
dhcp-lease-max=255
#log-queries
log-dhcp
#no-resolv

#no-hosts
expand-hosts
addn-hosts=/etc/hosts.wlan_ap
local=/rpi0w.local/
domain=wlan.ap

dhcp-range=10.0.0.100,10.0.0.105,255.255.255.0,12h
# ,ignore
dhcp-host=FF:FF:FF:FF:FF:FF,rpiz2,10.0.0.20,infinite
dhcp-host=ff:ff:ff:ff:ff:ff,picow,10.0.0.21,infinite

dhcp-option=option:netmask,255.255.255.0
dhcp-option=28,10.0.0.255
dhcp-option=option:router,10.0.0.1
#dhcp-option=option:dns-server,10.0.0.1
#dhcp-option=option:dns-server,8.8.8.8,1.1.1.1
dhcp-option=option:dns-server,94.140.14.15,76.76.2.2

# 8.8.8.8 8.8.4.4
# 1.1.1.1 1.0.0.1
# 94.140.14.15 94.140.15.16
# 76.76.2.1 76.76.2.2 76.76.2.3
## https://adguard-dns.io/kb/es/general/dns-providers/

#dhcp-option=option:ntp-server,ntp.shoa.cl

#address=/#/10.0.0.1
address=/gstatic.com/10.0.0.1
address=/connectivitycheck.android.com/10.0.0.1

address=/doubleclick.net/127.0.0.1
address=/outbrain.com/127.0.0.1
address=/taboola.com/127.0.0.1

#conf-file=/etc/dnsmasq.d/extra.conf
#conf-dir=conf-dir=/etc/dnsmasq.d/,*.conf

## $ dnsmasq -C /tmp/dnsmasq.conf
#dhcp-leasefile=/tmp/dnsmasq.leases
#pid-file=/tmp/dnsmasq.pid
#log-facility=-
#log-facility=/tmp/dnsmasq.log
#keep-in-foreground
#no-daemon
EOF

cat << EOF | tee /etc/hosts.wlan_ap > /dev/null
10.0.0.1 	rpi0w.local
EOF

cat << EOF | tee /etc/network/interfaces.d/wlan_ap.conf > /dev/null
#auto lo
#iface lo inet loopback

auto wlan0
#allow-hotplug wlan0
#iface wlan0 inet manual
	#wpa-driver nl80211
	#wpa-roam /etc/wpa_supplicant/wpa_supplicant-wlan0.conf

iface wlan0 inet static
#iface dhcp_server inet static
	address 10.0.0.1
	netmask 255.255.255.0
	#network 10.0.0.0
	#gateway 10.0.0.1
	## route add default gw 10.0.0.1
#iface default inet dhcp

auto wlan1
allow-hotplug wlan1
iface wlan1 inet dhcp
#iface dhcp_client inet dhcp
EOF

cat << EOF | tee /etc/wpa_supplicant/wpa_supplicant-wlan0.conf > /dev/null
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

#country=PA # US
#eapol_version=1
#ap_scan=1
#fast_reauth=1

#network={
 ssid="to_RPi0W"
 #bssid=FF:0F:0F:0F:0F:0F
 #scan_ssid=1
 #proto=WPA
 #key_mgmt=NONE
 #key_mgmt=WPA-PSK
 #psk="p455W0rd"
 #scan_freq=2412 2437 2462
 #id_str="dhcp_client"
 #priority=90
#}

network={
 #ssid="from_RPi0W"
 # echo -n 🔓 | hexdump   # echo -e "\xF0\x9F\x94\x93"
 ssid=F09F9493
 mode=2
 key_mgmt=NONE
 #key_mgmt=WPA-PSK
 #psk="p455W0rd"
 frequency=2412
 # (1)2412 (2)2417 (3)2422 (4)2427 (5)2432 (6)2437
 # (7)2442 (8)2447 (9)2452 (10)2457 (11)2462 (12)2467 (13)2472
 id_str="dhcp_server"
}

# wpa_supplicant -B -c/tmp/wpa_supplicant-wlan0.conf -iwlan0 -Dnl80211 -P /tmp/wpa_supplicant-wlan0.pid -f /tmp/wpa_supplicant-wlan0.log
EOF

cat << EOF | tee /etc/wpa_supplicant/wpa_supplicant-wlan0.conf > /dev/null
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

#country=PA # US
#eapol_version=1
fast_reauth=1
ap_scan=1
autoscan=periodic:30

network={
 ssid="to_RPi0W"
 #bssid=FF:0F:0F:0F:0F:0F
 scan_ssid=1
 proto=WPA
 #key_mgmt=NONE
 key_mgmt=WPA-PSK
 psk="p455W0rd"
 #scan_freq=2412 2437 2462
 # (1)2412 (2)2417 (3)2422 (4)2427 (5)2432 (6)2437
 # (7)2442 (8)2447 (9)2452 (10)2457 (11)2462 (12)2467 (13)2472
 id_str="dhcp_client"
 priority=90
}

#network={
 #key_mgmt=NONE
 #priority=-999
#}

#wpa_cli scan && wpa_cli scan_results
#iw dev wlan0 scan | grep SSID
#wpa_passphrase SSID >> SSID_wpa_supplicant.cfg
# reading passphrase from stdin

# wpa_supplicant -B -c/tmp/wpa_supplicant-wlan1.conf -iwlan1 -Dnl80211 -P /tmp/wpa_supplicant-wlan1.pid -f /tmp/wpa_supplicant-wlan1.log
EOF

cat << EOF | tee /etc/sysctl.d/wlan_ap.conf > /dev/null
net.ipv4.ip_forward=1
EOF


iptables --flush
iptables -t nat --flush

iptables --table nat --append POSTROUTING --out-interface wlan1 -j MASQUERADE
iptables --append FORWARD --in-interface wlan1 --out-interface wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables --append FORWARD --in-interface wlan0 --out-interface wlan1 -j ACCEPT
iptables --append FORWARD --in-interface wlan0 -j ACCEPT

#iptables -t nat -A PREROUTING -i wlan0 -p udp -m udp --dport 53 -j DNAT --to-destination 10.0.0.1:53

#iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.0.0.1:80
#iptables -t nat -A PREROUTING -i wlan0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.0.1:80
#iptables -t nat -A PREROUTING -i wlan0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.0.0.1:80

iptables -t nat -A POSTROUTING -j MASQUERADE

iptables-save > /etc/iptables/rules.v4


systemctl enable dnsmasq
systemctl enable wpa_supplicant@wlan0
systemctl enable wpa_supplicant@wlan1
systemctl disable wpa_supplicant

#reboot
systemctl restart dnsmasq
systemctl stop wpa_supplicant
systemctl start wpa_supplicant@wlan0
systemctl start wpa_supplicant@wlan1
	#!/bin/sh
	[ $(id -u) = 0 ] \|\| { echo "must be root" ; exit 1; }
	set -o errexit
	set -o nounset
	set -o pipefail
	set -o xtrace

	#[ "$(find /sys/class/net/ -type l -name wlan0 2>&-)z" != "z" ] && exit 1

	apt-get install wpa_supplicant dnsmasq
	apt-get install iptables-persistent

	cat << EOF \| tee /etc/dnsmasq.d/wlan_ap.conf > /dev/null
	#interface=wlan0,usb0
	interface=wlan0
	except-interface=wlan1
	#no-dhcp-interface=lo
	#listen-address=127.0.0.1
	listen-address=127.0.0.1,10.0.0.1
	#port=0
	bind-interfaces
	dhcp-authoritative
	domain-needed
	bogus-priv
	filterwin2k
	#cache-size=150
	dhcp-lease-max=255
	#log-queries
	log-dhcp
	#no-resolv

	#no-hosts
	expand-hosts
	addn-hosts=/etc/hosts.wlan_ap
	local=/rpi0w.local/
	domain=wlan.ap

	dhcp-range=10.0.0.100,10.0.0.105,255.255.255.0,12h
	# ,ignore
	dhcp-host=FF:FF:FF:FF:FF:FF,rpiz2,10.0.0.20,infinite
	dhcp-host=ff:ff:ff:ff:ff:ff,picow,10.0.0.21,infinite

	dhcp-option=option:netmask,255.255.255.0
	dhcp-option=28,10.0.0.255
	dhcp-option=option:router,10.0.0.1
	#dhcp-option=option:dns-server,10.0.0.1
	#dhcp-option=option:dns-server,8.8.8.8,1.1.1.1
	dhcp-option=option:dns-server,94.140.14.15,76.76.2.2

	# 8.8.8.8 8.8.4.4
	# 1.1.1.1 1.0.0.1
	# 94.140.14.15 94.140.15.16
	# 76.76.2.1 76.76.2.2 76.76.2.3
	## https://adguard-dns.io/kb/es/general/dns-providers/

	#dhcp-option=option:ntp-server,ntp.shoa.cl

	#address=/#/10.0.0.1
	address=/gstatic.com/10.0.0.1
	address=/connectivitycheck.android.com/10.0.0.1

	address=/doubleclick.net/127.0.0.1
	address=/outbrain.com/127.0.0.1
	address=/taboola.com/127.0.0.1

	#conf-file=/etc/dnsmasq.d/extra.conf
	#conf-dir=conf-dir=/etc/dnsmasq.d/,*.conf

	## $ dnsmasq -C /tmp/dnsmasq.conf
	#dhcp-leasefile=/tmp/dnsmasq.leases
	#pid-file=/tmp/dnsmasq.pid
	#log-facility=-
	#log-facility=/tmp/dnsmasq.log
	#keep-in-foreground
	#no-daemon
	EOF

	cat << EOF \| tee /etc/hosts.wlan_ap > /dev/null
	10.0.0.1 rpi0w.local
	EOF

	cat << EOF \| tee /etc/network/interfaces.d/wlan_ap.conf > /dev/null
	#auto lo
	#iface lo inet loopback

	auto wlan0
	#allow-hotplug wlan0
	#iface wlan0 inet manual
	#wpa-driver nl80211
	#wpa-roam /etc/wpa_supplicant/wpa_supplicant-wlan0.conf

	iface wlan0 inet static
	#iface dhcp_server inet static
	address 10.0.0.1
	netmask 255.255.255.0
	#network 10.0.0.0
	#gateway 10.0.0.1
	## route add default gw 10.0.0.1
	#iface default inet dhcp

	auto wlan1
	allow-hotplug wlan1
	iface wlan1 inet dhcp
	#iface dhcp_client inet dhcp
	EOF

	cat << EOF \| tee /etc/wpa_supplicant/wpa_supplicant-wlan0.conf > /dev/null
	ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
	update_config=1

	#country=PA # US
	#eapol_version=1
	#ap_scan=1
	#fast_reauth=1

	#network={
	ssid="to_RPi0W"
	#bssid=FF:0F:0F:0F:0F:0F
	#scan_ssid=1
	#proto=WPA
	#key_mgmt=NONE
	#key_mgmt=WPA-PSK
	#psk="p455W0rd"
	#scan_freq=2412 2437 2462
	#id_str="dhcp_client"
	#priority=90
	#}

	network={
	#ssid="from_RPi0W"
	# echo -n 🔓 \| hexdump # echo -e "\xF0\x9F\x94\x93"
	ssid=F09F9493
	mode=2
	key_mgmt=NONE
	#key_mgmt=WPA-PSK
	#psk="p455W0rd"
	frequency=2412
	# (1)2412 (2)2417 (3)2422 (4)2427 (5)2432 (6)2437
	# (7)2442 (8)2447 (9)2452 (10)2457 (11)2462 (12)2467 (13)2472
	id_str="dhcp_server"
	}

	# wpa_supplicant -B -c/tmp/wpa_supplicant-wlan0.conf -iwlan0 -Dnl80211 -P /tmp/wpa_supplicant-wlan0.pid -f /tmp/wpa_supplicant-wlan0.log
	EOF

	cat << EOF \| tee /etc/wpa_supplicant/wpa_supplicant-wlan0.conf > /dev/null
	ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
	update_config=1

	#country=PA # US
	#eapol_version=1
	fast_reauth=1
	ap_scan=1
	autoscan=periodic:30

	network={
	ssid="to_RPi0W"
	#bssid=FF:0F:0F:0F:0F:0F
	scan_ssid=1
	proto=WPA
	#key_mgmt=NONE
	key_mgmt=WPA-PSK
	psk="p455W0rd"
	#scan_freq=2412 2437 2462
	# (1)2412 (2)2417 (3)2422 (4)2427 (5)2432 (6)2437
	# (7)2442 (8)2447 (9)2452 (10)2457 (11)2462 (12)2467 (13)2472
	id_str="dhcp_client"
	priority=90
	}

	#network={
	#key_mgmt=NONE
	#priority=-999
	#}

	#wpa_cli scan && wpa_cli scan_results
	#iw dev wlan0 scan \| grep SSID
	#wpa_passphrase SSID >> SSID_wpa_supplicant.cfg
	# reading passphrase from stdin

	# wpa_supplicant -B -c/tmp/wpa_supplicant-wlan1.conf -iwlan1 -Dnl80211 -P /tmp/wpa_supplicant-wlan1.pid -f /tmp/wpa_supplicant-wlan1.log
	EOF

	cat << EOF \| tee /etc/sysctl.d/wlan_ap.conf > /dev/null
	net.ipv4.ip_forward=1
	EOF



	iptables --flush
	iptables -t nat --flush

	iptables --table nat --append POSTROUTING --out-interface wlan1 -j MASQUERADE
	iptables --append FORWARD --in-interface wlan1 --out-interface wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
	iptables --append FORWARD --in-interface wlan0 --out-interface wlan1 -j ACCEPT
	iptables --append FORWARD --in-interface wlan0 -j ACCEPT

	#iptables -t nat -A PREROUTING -i wlan0 -p udp -m udp --dport 53 -j DNAT --to-destination 10.0.0.1:53

	#iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.0.0.1:80
	#iptables -t nat -A PREROUTING -i wlan0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.0.1:80
	#iptables -t nat -A PREROUTING -i wlan0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.0.0.1:80

	iptables -t nat -A POSTROUTING -j MASQUERADE

	iptables-save > /etc/iptables/rules.v4


	systemctl enable dnsmasq
	systemctl enable wpa_supplicant@wlan0
	systemctl enable wpa_supplicant@wlan1
	systemctl disable wpa_supplicant

	#reboot
	systemctl restart dnsmasq
	systemctl stop wpa_supplicant
	systemctl start wpa_supplicant@wlan0
	systemctl start wpa_supplicant@wlan1