Bonjour,
je viens d’installer Debian Squeeze sur un PC qui servira de routeur (Ethernet et Wi-Fi), et j’ai quelques questions.
Le PC a deux interfaces réseau, une carte eth0 qui est connectée à un modem PPPoE, et une deuxième carte (eth1) connectée à un switch (sur lequel sont connectés les autres PCs ainsi qu’une imprimante). La configuration PPPoE a été faite avec pppoeconf, voilà mon fichier “/etc/ppp/peers/dsl-provider” :
[code]# Minimalistic default options file for DSL/PPPoE connections
noipdefault
defaultroute
replacedefaultroute
hide-password
#lcp-echo-interval 30
#lcp-echo-failure 4
noauth
persist
mtu 1452
#persist
#maxfail 0
#holdoff 20
plugin rp-pppoe.so eth0
user "debian@ovh.ipadsl"
usepeerdns[/code]
Voilà également mon fichier “etc/ppp/chap-secrets” :
[code]# Secrets for authentication using CHAP
client server secret IP addresses
“debian@ovh.ipadsl” * “debianpassword”[/code]
L’interface “ppp0” est crée une fois que la connexion PPPoE est établie. Voilà mon fichier “/etc/network/interfaces” :
[code]# This file describes the network interfaces available on your system
and how to activate them. For more information, see interfaces(5).
The loopback network interface
auto lo
iface lo inet loopback
The primary network interface
auto eth0
iface eth0 inet manual
post-up iptables-restore < /etc/iptables.up.rules
auto dsl-provider
iface dsl-provider inet ppp
pre-up /sbin/ifconfig eth0 up # line maintained by pppoeconf
provider dsl-provider
auto eth1
iface eth1 inet static
address 192.168.1.1
netmask 255.255.255.0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
auto wlan0
iface wlan0 inet static
address 192.168.2.1
netmask 255.255.255.0[/code]
(ne faites pas attention à la config de wlan0, j’y reviendrais plus tard)
- est-ce que vous voyez des erreurs (noob inside) dans ce fichier ?
- est-ce le bon endroit pour mettre “echo 1 > /proc/sys…” ?
Ensuite, voilà mon fichier de config IPtables :
[code]
Generated by iptables-save v1.4.8 on Thu Nov 24 12:52:48 2011
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
Completed on Thu Nov 24 12:52:48 2011
Generated by iptables-save v1.4.8 on Thu Nov 24 12:52:48 2011
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
masquerade connections from eth1, allowing the internal network to access the internet.
-A POSTROUTING -s 192.168.1.0/24 -o ppp0 -j MASQUERADE
COMMIT
Completed on Thu Nov 24 12:52:48 2011
Generated by iptables-save v1.4.8 on Thu Nov 24 12:52:48 2011
*filter
:FORWARD DROP [0:0]
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
accept all traffic from internal network (eth1)
-A INPUT -i eth1 -j ACCEPT
accept all traffic from loopback interface (lo)
-A INPUT -i lo -j ACCEPT
Allow incoming data that is part of a connection we established
-A INPUT -m state -i ppp0 --state ESTABLISHED -j ACCEPT
Allow data that is related to existing connections
-A INPUT -m state -i ppp0 --state RELATED -j ACCEPT
accept connection to port 22 (ssh) from ppp0
-A INPUT -p tcp -m tcp -i ppp0 --dport 22 -j ACCEPT
accept connection to port 81 (webmin) from ppp0
-A INPUT -p tcp -m tcp -i ppp0 --dport 81 -j ACCEPT
forward everything from eth1
-A FORWARD -i eth1 -j ACCEPT
forward packets from ppp0 if it’s a established connection
-A FORWARD -m state -i ppp0 --state ESTABLISHED -j ACCEPT
forward packets from ppp0 if it’s a related to a established connection
-A FORWARD -m state -i ppp0 --state RELATED -j ACCEPT
COMMIT
Completed on Thu Nov 24 12:52:48 2011[/code]
- est-ce que vous voyez des erreurs dans ce fichier ? (noob toujours inside…)
- est-ce qu’il y a des choses inutiles ou des choses qui présentent un risque de sécurité ?
Ensuite, j’ai un problème : je veux configurer une clé Wi-Fi 802.11n (D-Link DWA-140) en tant que point d’accès. J’ai installé les paquets “ralink-firmware” et “wireless-tools”. Lorsque je fais “sudo iwconfig wlan0 mode master”, voilà ce que j’obtiens :
administrator@debianserver:~$ sudo iwconfig wlan0 mode master
Error for wireless request "Set Mode" (8B06) :
SET failed on device wlan0 ; Invalid argument.
et quand je fais “sudo iw list” pour lister tous les modes supportés par la carte, voilà ce que j’obtiens :
administrator@debianserver:~$ sudo iw list
nl80211 not found.
enfin, si je crée un fichier de test pour Hostapd comme ceci :
interface=wlan0
driver=nl80211
ssid=test
channel=1
et que je fais “sudo hostapd <fichier_que_j’ai_fait_pour_tester>”, voilà ce que j’obtiens :
administrator@debianserver:~$ sudo hostapd hostapd.conf
Configuration file: hostapd.conf
nl80211 not found.
nl80211 driver initialization failed.
pouvez-vous m’aider pour ce problème ? voici quelques infos qui vous seront peut-être utiles :
lsusb :
administrator@debianserver:~$ lsusb
Bus 001 Device 003: ID 07d1:3c0a D-Link System DWA-140 RangeBooster N Adapter(rev.B2) [Ralink RT2870]
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
lsmod :
administrator@debianserver:~$ lsmod
Module Size Used by
rt2870sta 326811 0
crc_ccitt 1039 1 rt2870sta
xt_TCPMSS 2303 1
xt_tcpmss 1017 1
pppoe 6849 2
pppox 1242 1 pppoe
ppp_generic 16359 6 pppoe,pppox
slhc 3691 1 ppp_generic
xt_tcpudp 1743 3
xt_state 927 4
iptable_filter 1790 1
ipt_MASQUERADE 1134 1
iptable_nat 3551 1
nf_nat 10568 2 ipt_MASQUERADE,iptable_nat
nf_conntrack_ipv4 7597 7 iptable_nat,nf_nat
nf_conntrack 38075 5 xt_state,ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_defrag_ipv4 779 1 nf_conntrack_ipv4
iptable_mangle 2325 1
ip_tables 7706 3 iptable_filter,iptable_nat,iptable_mangle
x_tables 8327 7 xt_TCPMSS,xt_tcpmss,xt_tcpudp,xt_state,ipt_MASQUERADE,iptable_nat,ip_tables
loop 9769 0
snd_wavefront 24702 0
snd_cs4236 21379 0
snd_cmipci 22455 0
snd_wss_lib 16653 2 snd_wavefront,snd_cs4236
snd_opl3_lib 6022 3 snd_wavefront,snd_cs4236,snd_cmipci
snd_hwdep 4054 2 snd_wavefront,snd_opl3_lib
snd_mpu401 3604 0
snd_mpu401_uart 4067 4 snd_wavefront,snd_cs4236,snd_cmipci,snd_mpu401
snd_pcm 47226 3 snd_cs4236,snd_cmipci,snd_wss_lib
snd_rawmidi 12513 2 snd_wavefront,snd_mpu401_uart
snd_timer 12270 3 snd_wss_lib,snd_opl3_lib,snd_pcm
ns558 1599 0
snd_seq_device 3673 2 snd_opl3_lib,snd_rawmidi
gameport 6061 3 snd_cmipci,ns558
snd 34423 12 snd_wavefront,snd_cs4236,snd_cmipci,snd_wss_lib,snd_opl3_lib,snd_hwdep,snd_mpu401,snd_mpu401_uart,snd_pcm,snd_rawmidi,snd_timer,snd_seq_device
snd_page_alloc 5045 2 snd_wss_lib,snd_pcm
shpchp 21220 0
intel_rng 1965 0
parport_pc 15799 0
soundcore 3450 1 snd
parport 22554 1 parport_pc
evdev 5609 4
pcspkr 1207 0
serio_raw 2916 0
rng_core 2178 1 intel_rng
pci_hotplug 18545 1 shpchp
processor 26327 1
button 3598 0
ext3 94396 1
jbd 32317 1 ext3
mbcache 3762 1 ext3
usbhid 28008 0
hid 50909 1 usbhid
sg 19937 0
sr_mod 10770 0
sd_mod 26005 3
crc_t10dif 1012 1 sd_mod
cdrom 26487 1 sr_mod
ata_generic 2247 0
uhci_hcd 16057 0
fan 2586 0
ata_piix 17736 2
ehci_hcd 28693 0
8139too 14949 0
r8169 31333 0
libata 115869 2 ata_generic,ata_piix
usbcore 98969 5 rt2870sta,usbhid,uhci_hcd,ehci_hcd
thermal 9206 0
floppy 40923 0
8139cp 13421 0
mii 2714 3 8139too,r8169,8139cp
scsi_mod 104853 4 sg,sr_mod,sd_mod,libata
nls_base 4541 1 usbcore
thermal_sys 9378 3 processor,fan,thermal
lspci :
administrator@debianserver:~$ lspci
00:00.0 Host bridge: Intel Corporation 82810 GMCH (Graphics Memory Controller Hub) (rev 03)
00:01.0 VGA compatible controller: Intel Corporation 82810 (CGC) Chipset Graphics Controller (rev 03)
00:1e.0 PCI bridge: Intel Corporation 82801AA PCI Bridge (rev 02)
00:1f.0 ISA bridge: Intel Corporation 82801AA ISA Bridge (LPC) (rev 02)
00:1f.1 IDE interface: Intel Corporation 82801AA IDE Controller (rev 02)
00:1f.2 USB Controller: Intel Corporation 82801AA USB Controller (rev 02)
01:04.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
01:05.0 Ethernet controller: D-Link System Inc DGE-528T Gigabit Ethernet Adapter (rev 10)
01:0a.0 Multimedia audio controller: C-Media Electronics Inc CM8738 (rev 10)
01:0a.1 Communication controller: C-Media Electronics Inc CM8738 (rev 10)
ifconfig :
[code]administrator@debianserver:~$ sudo ifconfig
eth0 Link encap:Ethernet HWaddr 00:e0:4c:e0:bb:1c
adr inet6: fe80::2e0:4cff:fee0:bb1c/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:484853 errors:0 dropped:0 overruns:0 frame:0
TX packets:279778 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:1000
RX bytes:630148351 (600.9 MiB) TX bytes:32014078 (30.5 MiB)
Interruption:12 Adresse de base:0xc000
eth1 Link encap:Ethernet HWaddr 1c:7e:e5:1e:19:89
inet adr:192.168.1.1 Bcast:192.168.1.255 Masque:255.255.255.0
adr inet6: fe80::1e7e:e5ff:fe1e:1989/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:281490 errors:0 dropped:0 overruns:0 frame:0
TX packets:485173 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:1000
RX bytes:29801719 (28.4 MiB) TX bytes:626103720 (597.0 MiB)
Interruption:11 Adresse de base:0x4000
lo Link encap:Boucle locale
inet adr:127.0.0.1 Masque:255.0.0.0
adr inet6: ::1/128 Scope:Hôte
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:228 errors:0 dropped:0 overruns:0 frame:0
TX packets:228 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:23811 (23.2 KiB) TX bytes:23811 (23.2 KiB)
ppp0 Link encap:Protocole Point-Ã -Point
inet adr:debian_ip_address P-t-P:debian_ip_address Masque:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1452 Metric:1
RX packets:484209 errors:0 dropped:0 overruns:0 frame:0
TX packets:279162 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:3
RX bytes:619116233 (590.4 MiB) TX bytes:25834722 (24.6 MiB)[/code]
iwconfig :
[code]administrator@debianserver:~$ sudo iwconfig
lo no wireless extensions.
eth1 no wireless extensions.
eth0 no wireless extensions.
ppp0 no wireless extensions.
wlan0 Ralink STA ESSID:"" Nickname:"RT2870STA"
Mode:Auto Frequency=2.462 GHz Access Point: 6A:17:33:2E:0C:4D
Bit Rate=1 Mb/s
RTS thr:off Fragment thr:off
Encryption key:off
Link Quality=46/100 Signal level:0 dBm Noise level:-91 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0[/code]
Merci de votre aide 
, bonne journée/soirée.
PS: désolé pour ce message très long.
