内核版本:
# uname -a
FreeBSD XMAN 12.0-RELEASE FreeBSD 12.0-RELEASE r341666 GENERIC amd64驱动设置
找到要使用的驱动程序ath0
# sysctl net.wlan.devices
net.wlan.devices: ath0可以通过下面的命令找到相应的硬件:
# pciconf -lv ath0
ath0@pci0:2:0:0: class=0x028000 card=0xe052105b chip=0x0034168c rev=0x01 hdr=0x00
vendor = 'Qualcomm Atheros'
device = 'AR9462 Wireless Network Adapter'
class = network 加载模块,修改 /boot/loader.conf 后reboot重启
# cat /boot/loader.conf
if_ath_load="YES"
if_wi_load="YES"
if_ath_pci_load="YES"
wlan_wep_load="YES"
wlan_ccmp_load="YES"
wlan_tkip_load="YES"无线AP设置
加载无线网络支持后,检查无线设备是否支持基于主机的接入点模式,也称为hostap模式:
# ifconfig wlan0 create wlandev ath0
# ifconfig wlan0 list caps
drivercaps=4f8def41<STA,FF,IBSS,PMGT,HOSTAP,AHDEMO,TXPMGT,SHSLOT,SHPREAMBLE,MONITOR,MBSS,WPA1,WPA2,BURST,WME,WDS,TXFRAG>
cryptocaps=1f<WEP,TKIP,AES,AES_CCM,TKIPMIC>
htcaps=20701ef<LDPC,CHWIDTH40,SHORTGI20,SHORTGI40,TXSTBC> 这里打印了 HOSTAP,证实了这张无线网卡可以充当AP。还列出了各种支持的加密方式:WEP, TKIP和AES。此信息指示可以在AP上使用哪些安全协议。
无线设备只能在创建网络设备时进入hostap模式,因此必须首先销毁先前创建的设备:
# ifconfig wlan0 destroy然后在设置其他参数之前使用正确的选项重新生成:
# ifconfig wlan0 create wlandev ath0 wlanmode hostap
# ifconfig wlan0 inet 10.10.10.1 netmask 255.255.255.0 ssid freebsdap mode 11g channel 1再次通过ifconfig 查看wlan0接口状态:
# ifconfig wlan0
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 3c:77:e6:50:2a:69
inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255
groups: wlan
ssid freebsdap channel 1 (2412 MHz 11g ht/20) bssid 3c:77:e6:50:2a:69
regdomain 108 indoor ecm authmode OPEN privacy OFF txpower 20
scanvalid 60 protmode CTS ampdulimit 64k ampdudensity 8 shortgi wme
burst dtimperiod 1 -dfs
media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng <hostap>
status: running
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> 将下面的参数添加到 /etc/rc.conf ,在引导时自动完成配置:
wlans_ath0="wlan0"
hostapd_enable="YES"
create_args_wlan0="wlanmode hostap"
ifconfig_wlan0="inet 10.10.10.1 netmask 255.255.255.0 ssid freebsdap mode 11g channel 1" 还需要配置WPA2安全协议,这样才能安全运行AP
配置 /etc/hostapd.conf :
# vim /etc/hostapd.conf
interface=wlan0
debug=1
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=freebasap
wpa=2
wpa_passphrase=freebsdmall #password
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP启动hostapd服务
# service hostapd forcestart
Starting hostapd.
Configuration file: /etc/hostapd.conf
Using interface wlan0 with hwaddr 3c:77:e6:50:2a:69 and ssid "freebasap"
wlan0: interface state UNINITIALIZED->ENABLED
wlan0: AP-ENABLED到了这一步移动设备应该可以看到SSID了,也可以对接入点进行身份验证,但是只能通过设置静态IP连接,并且无法连接公网
无线DHCP服务设置
设置DHCP服务器,需要使用DHCPd守护程序监听wlan0接口的ip地址
安装ISC的dhcpd服务器
cd usr/ports/net/isc-dhcp44-server/
make install clean执行上述指令后将出现如下画面
使用默认设置即可
安装完后,在 /usr/local/etc/ 生成dhcpd.conf.sample 和 dhcpd.conf 我们对dhcpd.conf进行修改
# cat usr/local/etc/dhcpd.conf
option domain-name "freebsd.org";
option domain-name-servers 8.8.8.8;
default-lease-time 86400;
max-lease-time 86400;
log-facility local7;
ddns-update-style none;
subnet 10.10.10.0 netmask 255.255.255.0 {
range 10.10.10.100 10.10.10.150;
option domain-name-servers 8.8.8.8;
option domain-name "freebsd.org";
option routers 10.10.10.1;
option broadcast-address 10.10.10.255;
default-lease-time 3600;
max-lease-time 7200;
} 启动服务 service isc-dhcpd start 后连接AP,移动设备可以自动获取到ip,但还不能访问网络
# service isc-dhcpd start
Starting dhcpd.
Internet Systems Consortium DHCP Server 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Config file: /usr/local/etc/dhcpd.conf
Database file: /var/db/dhcpd/dhcpd.leases
PID file: /var/run/dhcpd/dhcpd.pid
Wrote 0 leases to leases file.
Listening on BPF/wlan0/3c:77:e6:50:2a:69/10.10.10.0/24
Sending on BPF/wlan0/3c:77:e6:50:2a:69/10.10.10.0/24
Sending on Socket/fallback/fallback-netFreeBSD PF防火墙设设置
启动FreeBSD的网关模式,允许数据包从wifi转发到lan口,修改配置 /etc/rc.conf
## allow packets to be passed from one network interface to another
gateway_enable="YES" # Enable as LAN gateway
## PF firewall
pf_enable="YES" # Enable PF (load module if required)
pf_rules="/etc/pf.conf" # rules definition file for pf
pf_flags="" # additional flags for pfctl start up
pflog_enable="YES" # To enable logging support
pflog_logfile="/var/log/pflog" # where pflogd should store the logfile
pflog_flags="" # additional flags for pflogd start up保存所需的编辑后,可以通过键入以下内容 来启动PF以获取日志记录支持:
# service pf start
# service pflog start启用网关数据转发,转发IPV4数据包:
# sysctl net.inet.ip.forwarding=1 #forward IPv4 packets
# sysctl net.inet6.ip6.forwarding=1 ##IPV6 注意如果要转发IPV6,在 /etc/rc.conf 中需要添加 ipv6_gateway_enable =“YES”
FreeBSD安装包 示例文件路径: /usr/share/examples/pf/
以下是个简单的Pf防火墙配置,允许所有通过无线网卡的数据包到有线网卡LAN。有线网卡是igb0接口,无线网卡是wlan0接口。
# vim etc/pf.conf
#block in all
#pass out all keep state #allows all
#interfaces
lan_if="igb0"
wifi_if="wlan0"
localnet=$wifi_if:network
#NAT
nat on $lan_if from $localnet to any -> ($lan_if)
block all
block in log all
pass out log quick
#pass inet4 and inet6 traffic in on wifi and lan
pass in log on $wifi_if inet
pass in log on $lan_if inet
pass from {lo0, $localnet} to any keep state 执行 pfctl -f /etc/pf.conf 刷新过滤器,连接WIFI就可以访问网络了。
参考文档1:https://www.freebsd.org/doc/handbook/network-wireless.html
参考文档2:https://calomel.org/freebsd_wireless_access_point.html