wlanstart.sh

#!/bin/bash


# Check if running in privileged mode
if [ ! -w "/sys" ] ; then
    echo "[Error] Not running in privileged mode."
    exit 1
fi

# Check environment variables
if [ ! "${INTERFACE}" ] ; then
    echo "[Error] An interface must be specified."
    exit 1
fi

echo "### Setup started" 

# Default values
true ${SUBNET:=192.168.254.0}
true ${AP_ADDR:=192.168.254.1}
true ${PRI_DNS:=8.8.8.8}
true ${SEC_DNS:=8.8.4.4}
true ${SSID:=raspberry}
true ${CHANNEL:=11}
true ${WPA_PASSPHRASE:=passw0rd}
true ${HW_MODE:=g}
true ${ETHERNET:=eth0}          # interface of RPi hardware ethernet port, used for iptables
true ${MODEM_INTERFACE:=eth1}   # used to get MODEM_IP, assuming that network mask is 24 and IP is always HostMin
true ${FIX_DEFAULT_GW:=0}


if [ ! -f "/etc/hostapd.conf" ] ; then
    cat > "/etc/hostapd.conf" <<EOF
interface=${INTERFACE}
${DRIVER+"driver=${DRIVER}"}
ssid=${SSID}
hw_mode=${HW_MODE}
channel=${CHANNEL}
wpa=2
wpa_passphrase=${WPA_PASSPHRASE}
wpa_key_mgmt=WPA-PSK
# TKIP is no secure anymore
#wpa_pairwise=TKIP CCMP
wpa_pairwise=CCMP
rsn_pairwise=CCMP
wpa_ptk_rekey=600
wmm_enabled=1

# Activate channel selection for HT High Througput (802.11an)

${HT_ENABLED+"ieee80211n=1"}
${HT_CAPAB+"ht_capab=${HT_CAPAB}"}

# Activate channel selection for VHT Very High Througput (802.11ac)

${VHT_ENABLED+"ieee80211ac=1"}
${VHT_CAPAB+"vht_capab=${VHT_CAPAB}"}
EOF

fi

# Setup interface and restart DHCP service
ip link set ${INTERFACE} up
ip addr flush dev ${INTERFACE}
ip addr add ${AP_ADDR}/24 dev ${INTERFACE}

# NAT settings
echo "NAT settings ip_dynaddr, ip_forward"


for i in ip_dynaddr ip_forward ; do
  if [ $(cat /proc/sys/net/ipv4/$i) -eq 1 ] ; then
    echo $i already 1
  else
    echo "1" > /proc/sys/net/ipv4/$i
  fi
done

cat /proc/sys/net/ipv4/ip_dynaddr
cat /proc/sys/net/ipv4/ip_forward

if [ "${ETHERNET_IP}" ] ; then
    echo "Setting static ip ${ETHERNET_IP} for ${ETHERNET}..."
    ETHERNET_SUBNET="${ETHERNET_IP%.*}.0/24" # needed further for iptables, default mask is 24
    ip addr flush dev ${ETHERNET}
    ip addr add "${ETHERNET_IP}/24" dev ${ETHERNET}
    cat >> "/etc/resolv.conf" <<EOF
nameserver ${PRI_DNS}
nameserver ${SEC_DNS}
EOF
    
    if [ "${FIX_DEFAULT_GW}" = true ] ; then
        # GATEWAY_IP="$(ip a show ${GW_INTERFACE} | grep -Po 'inet \K[\d.]+')"
        IP_IN_MODEM_NET="$(ip a show ${MODEM_INTERFACE} | grep -o -e "inet [0-9]\{1,3\}[\.][0-9]\{1,3\}[\.][0-9]\{1,3\}[\.][0-9]\{1,3\}" | awk '{print $2}')"
        MODEM_IP="${IP_IN_MODEM_NET%.*}.1"  # assuming is always HostMin
        echo "FIX_DEFAULT_GW: ip route add default via ${IP_IN_MODEM_NET} dev ${ETHERNET}"
        ip route add default via ${IP_IN_MODEM_NET} dev ${ETHERNET}
        echo "From now all outgoing traffic will go via ${MODEM_INTERFACE} (${IP_IN_MODEM_NET}, HostMin ${MODEM_IP})"
    fi
    
fi

if [ "${OUTGOINGS}" ] ; then
   ints="$(sed 's/,\+/ /g' <<<"${OUTGOINGS}")"
   for int in ${ints}
   do
      echo "Setting iptables for outgoing traffics on ${int}..."

      iptables -t nat -D POSTROUTING -s ${SUBNET}/24 -o ${int} -j MASQUERADE > /dev/null 2>&1 || true
      iptables -t nat -A POSTROUTING -s ${SUBNET}/24 -o ${int} -j MASQUERADE

      iptables -D FORWARD -i ${int} -o ${INTERFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT > /dev/null 2>&1 || true
      iptables -A FORWARD -i ${int} -o ${INTERFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT

      iptables -D FORWARD -i ${INTERFACE} -o ${int} -j ACCEPT > /dev/null 2>&1 || true
      iptables -A FORWARD -i ${INTERFACE} -o ${int} -j ACCEPT
      
      if [ "${ETHERNET_IP}" ] ; then
         echo "+ETHERNET ${int} <-> ${ETHERNET} (${ETHERNET_SUBNET})"
         iptables -t nat -A POSTROUTING -s ${ETHERNET_SUBNET} -o ${int} -j MASQUERADE
         iptables -t nat -D POSTROUTING -s ${ETHERNET_SUBNET} -o ${int} -j MASQUERADE > /dev/null 2>&1 || true
         iptables -D FORWARD -i ${int} -o ${ETHERNET} -m state --state RELATED,ESTABLISHED -j ACCEPT > /dev/null 2>&1 || true
         iptables -A FORWARD -i ${int} -o ${ETHERNET} -m state --state RELATED,ESTABLISHED -j ACCEPT 
         iptables -D FORWARD -i ${ETHERNET} -o ${int} -j ACCEPT > /dev/null 2>&1 || true
         iptables -A FORWARD -i ${ETHERNET} -o ${int} -j ACCEPT
      fi
      
   done
else
   echo "Setting iptables for outgoing traffics on all interfaces..."

   iptables -t nat -D POSTROUTING -s ${SUBNET}/24 -j MASQUERADE > /dev/null 2>&1 || true
   iptables -t nat -A POSTROUTING -s ${SUBNET}/24 -j MASQUERADE

   iptables -D FORWARD -o ${INTERFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT > /dev/null 2>&1 || true
   iptables -A FORWARD -o ${INTERFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT

   iptables -D FORWARD -i ${INTERFACE} -j ACCEPT > /dev/null 2>&1 || true
   iptables -A FORWARD -i ${INTERFACE} -j ACCEPT
   
   if [ "${ETHERNET_IP}" ] ; then
      echo "+ETHERNET Setting NAT and packet forwarding between all interfaces and ${ETHERNET} (${ETHERNET_SUBNET})"
      iptables -t nat -D POSTROUTING -s ${ETHERNET_SUBNET} -j MASQUERADE > /dev/null 2>&1 || true
      iptables -t nat -A POSTROUTING -s ${ETHERNET_SUBNET} -j MASQUERADE
      iptables -D FORWARD -o ${ETHERNET} -m state --state RELATED,ESTABLISHED -j ACCEPT > /dev/null 2>&1 || true
      iptables -A FORWARD -o ${ETHERNET} -m state --state RELATED,ESTABLISHED -j ACCEPT 
      iptables -D FORWARD -i ${ETHERNET} -j ACCEPT > /dev/null 2>&1 || true
      iptables -A FORWARD -i ${ETHERNET} -j ACCEPT
   fi
   
fi

echo "Configuring DHCP server .."

cat > "/etc/dhcpd.conf" <<EOF
option domain-name-servers ${PRI_DNS}, ${SEC_DNS};
option subnet-mask 255.255.255.0;
option routers ${AP_ADDR};
subnet ${SUBNET} netmask 255.255.255.0 {
  range ${SUBNET::-1}100 ${SUBNET::-1}200;
}
EOF


echo "Starting DHCP server .."
dhcpd ${INTERFACE}

# Capture external docker signals
trap 'true' SIGINT
trap 'true' SIGTERM
trap 'true' SIGHUP

echo "Starting HostAP daemon ..."
/usr/sbin/hostapd /etc/hostapd.conf &

echo "### Setup finished" 

wait $!

echo "Removing iptables rules..."

if [ "${OUTGOINGS}" ] ; then
   ints="$(sed 's/,\+/ /g' <<<"${OUTGOINGS}")"
   for int in ${ints}
   do
      echo "Removing iptables for outgoing traffics on ${int}..."
      iptables -t nat -D POSTROUTING -s ${SUBNET}/24 -o ${int} -j MASQUERADE > /dev/null 2>&1 || true
      iptables -D FORWARD -i ${int} -o ${INTERFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT > /dev/null 2>&1 || true
      iptables -D FORWARD -i ${INTERFACE} -o ${int} -j ACCEPT > /dev/null 2>&1 || true
      
      if [ "${ETHERNET_IP}" ] ; then
        echo "-ETHERNET ${int} <-> ${ETHERNET} (${ETHERNET_SUBNET})"
        iptables -t nat -D POSTROUTING -s ${ETHERNET_SUBNET} -o ${int} -j MASQUERADE > /dev/null 2>&1 || true
        iptables -D FORWARD -i ${int} -o ${ETHERNET} -m state --state RELATED,ESTABLISHED -j ACCEPT > /dev/null 2>&1 || true
        iptables -D FORWARD -i ${ETHERNET} -o ${int} -j ACCEPT > /dev/null 2>&1 || true    
      fi
   done
else
   echo "Removing iptables for outgoing traffics on all interfaces..."
   iptables -t nat -D POSTROUTING -s ${SUBNET}/24 -j MASQUERADE > /dev/null 2>&1 || true
   iptables -D FORWARD -o ${INTERFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT > /dev/null 2>&1 || true
   iptables -D FORWARD -i ${INTERFACE} -j ACCEPT > /dev/null 2>&1 || true
   
   if [ "${ETHERNET_IP}" ] ; then
     echo "-ETHERNET Removing NAT and packet forwarding between all interfaces and ${ETHERNET} (${ETHERNET_SUBNET})"
     iptables -t nat -D POSTROUTING -s ${ETHERNET_SUBNET} -j MASQUERADE > /dev/null 2>&1 || true
     iptables -D FORWARD -o ${ETHERNET} -m state --state RELATED,ESTABLISHED -j ACCEPT > /dev/null 2>&1 || true
     iptables -D FORWARD -i ${ETHERNET} -j ACCEPT > /dev/null 2>&1 || true 
   fi
fi

if [ "${FIX_DEFAULT_GW}" = true ] ; then
    echo "Removing all added gateways..."
    ip route del default via ${MODEM_IP} dev ${ETHERNET}
fi