Child pages
  • 802.1X secured wifi installation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
systemctl disable network-manager.service
systemctl disable NetworkManager.service

unlink /etc/resolv.conf
echo nameserver 192.168.10.1 > /etc/resolv.conf
mkdir /etc/ltsp
root@server.lastschl:~# scp /etc/dhcp/dhcpd.conf 192.168.10.52:/etc/dhcp/
Code Block
root@debian9-base:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The external interface
auto enp0s3
iface enp0s3 inet static
address 192.168.10.52
network 192.168.10.0
netmask 255.255.255.0
broadcast 192.168.10.255
gateway 192.168.10.1
  
# The wifi interface
auto enp0s8
iface enp0s8 inet static
address 192.168.9.1
netmask 255.255.255.0
broadcast 192.168.9.255
 
# Some of the following lines are there by default and are probably not required
root@debian9-base:~# cat /etc/dhcp/dhcpd.conf | grep -v "^#" | grep -v "^$"
# Some of the following lines are there by default and are probably not required
ddns-update-style none;
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
include "/etc/ltsp/dhcpd.conf";
 
root@debian9-base:~# cat /etc/ltsp/dhcpd.conf 
#
# Default LTSP dhcpd.conf config file.
#

authoritative;

subnet 192.168.9.0 netmask 255.255.255.0 {
    range 192.168.9.40 192.168.9.250;
    option domain-name "test.av";
    option domain-name-servers 192.168.9.1;
    option broadcast-address 192.168.9.255;
    option routers 192.168.9.1;
    option subnet-mask 255.255.255.0;
    option root-path "/opt/ltsp/amd64";
    if substring( option vendor-class-identifier, 0, 9 ) = "PXEClient" {
        filename "/ltsp/amd64/pxelinux.0";
    } else {
        filename "/ltsp/amd64/nbi.img";
    }

}


 

 

 

Code Block
apt-get install isc-dhcp-server

...

Code Block
wifi1 enp0s8:dynamic


Added to Modified /etc/shorewall/policy:

Code Block
.... # Just after '@@@'
wifi1 net ACCEPT INFO
wifi1 $FW ACCEPT : wifi		all		REJECT
# Added:
wifi1		net		ACCEPT		INFO
wifi1		$FW		ACCEPT		INFO(uid)
$FW 		wifi1 		ACCEPT 		INFO(uid)
.... # and before '@@@'Before: net		all		DROP		INFO


Added to /etc/shorewall/zones:

...