From 5a6df6263fb1ee820fd5117ae3392d9dedd1d35d Mon Sep 17 00:00:00 2001
From: Artem Smirnov <urpylka@gmail.com>
Date: Tue, 24 Nov 2020 17:01:57 +0400
Subject: [PATCH] Fix network & add docs

https://askubuntu.com/questions/62166/siocsifflags-operation-not-possible-due-to-rf-kill
http://alexkutsan.blogspot.com/2012/03/siocsifflags-operation-not-possible-due.html
http://dragonflybsd.blogspot.com/2013/10/debian-allow-hotplug-auto.html
https://forum.ubuntu.ru/index.php?topic=297273.0
---
 assets/make-setup.sh           | 19 -----------
 assets/network/interfaces.conf | 61 ++++++++++++++++------------------
 assets/network/iptables.sh     | 25 --------------
 build.sh                       |  1 -
 docs/README.md                 |  4 +++
 docs/network.md                | 21 ++++++++++++
 6 files changed, 53 insertions(+), 78 deletions(-)
 delete mode 100755 assets/network/iptables.sh
 create mode 100644 docs/network.md

diff --git a/assets/make-setup.sh b/assets/make-setup.sh
index 19e9e89..58fcd2f 100755
--- a/assets/make-setup.sh
+++ b/assets/make-setup.sh
@@ -6,25 +6,6 @@ set -e # Exit immidiately on non-zero result
 systemctl disable wpa_supplicant
 systemctl disable dhcpcd
 
-# Настройка NAT (если нужен интернет)
-# sudo nano /etc/sysctl.conf
-# Найдем и раскомментируем строку net.ipv4.ip_forward=1
-# Сохраняем и закрываем файл.
-
-# Далее, создадим правила iptables для организации раздачи интернет.
-
-# Выполним в терминале:
-# sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-# sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-# sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
-# sudo sh -c "iptables-save > /etc/iptables.rules"
-
-# Добавим в автозагрузку правила iptables: sudo nano /etc/rc.local
-# Идем в самый конец файла и перед exit 0 добавим строку:iptables-restore < /etc/iptables.rules
-
-SCRIPT="sudo /root/iptables.sh"
-sed -i "20a${SCRIPT}" /etc/rc.local
-
 mkdir /var/log/dnsmasq
 touch /var/log/dnsmasq/dnsmasq.leases
 
diff --git a/assets/network/interfaces.conf b/assets/network/interfaces.conf
index 79093b1..3b00fd8 100644
--- a/assets/network/interfaces.conf
+++ b/assets/network/interfaces.conf
@@ -5,51 +5,46 @@ source-directory /etc/network/interfaces.d
 
 auto lo
 iface lo inet loopback
-# pre-up sh -c `echo 1 > /proc/sys/net/ipv4/ip_forward`
-# It doesn't work
 
 auto eth0
 allow-hotplug eth0
 iface eth0 inet manual
 
 # iface eth0 inet dhcp
-#     post-up sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
-#     post-up iptables -A FORWARD -i br0 -o eth0 -j ACCEPT
-#     post-up iptables -A FORWARD -i eth0 -o br0 -j ACCEPT
-#     post-up iptables -A POSTROUTING -o eth0 -t nat -j MASQUERADE
+# post-up sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
+# post-up iptables -A FORWARD -i br0 -o eth0 -j ACCEPT
+# post-up iptables -A FORWARD -i eth0 -o br0 -j ACCEPT
+# post-up iptables -A POSTROUTING -o eth0 -t nat -j MASQUERADE
 
 auto wlan0
 allow-hotplug wlan0
 iface wlan0 inet manual
+pre-up rfkill unblock wifi
 
 auto br0
 iface br0 inet static
-    address 192.168.11.1
-    netword 192.168.11.0
-    netmask 255.255.255.0
-    gateway 192.168.11.1
-	broadcast 192.168.11.255
-# wlan0 is not needed because use bridge=wlan0 in /etc/hostapd/hostapd.conf
-    # bridge_ports eth0
-#    post-up ip addr flush dev br0
-#    pre-up ip addr flush dev br0
-#    post-up iptables -A FORWARD -i br0 -o eth1 -j ACCEPT
-#    post-up iptables -A FORWARD -i eth1 -o br0 -j ACCEPT
-#    post-up iptables -A POSTROUTING -o eth1 -t nat -j MASQERADE
-
-# мб этот скрипт нужно ставить не в отдельной секции, а вообще в файле?
-# pre-up iptables-restore < /etc/ppp/ip-up.d/iptables.rules
-
-auto eth1
+address 192.168.11.1
+netword 192.168.11.0
+netmask 255.255.255.0
+# gateway 192.168.11.1
+broadcast 192.168.11.255
+bridge_ports eth0
+# wlan0 isn't set because is used bridge=wlan0 in /etc/hostapd/hostapd.conf
+bridge_stp off
+bridge_fd 0
+bridge_maxwait 0
+
 allow-hotplug eth1
+no-auto-down eth1
 iface eth1 inet dhcp
-    post-up sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
-    post-up iptables -A FORWARD -i br0 -o eth1 -j ACCEPT
-    post-up iptables -A FORWARD -i eth1 -o br0 -j ACCEPT
-    post-up iptables -A POSTROUTING -o eth1 -t nat -j MASQUERADE
-
-#auto tun0
-#iface tun0 inet manual
-#    pre-up route del -net 0.0.0.0/1
-#    pre-up route del -net 128.0.0.0/1
-#    pre-up route del -host 255.255.255.0
+# /etc/sysctl.conf ipv4.ip_forward=1
+post-up sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
+post-up iptables -A FORWARD -i br0 -o eth1 -j ACCEPT
+post-up iptables -A FORWARD -i eth1 -o br0 -j ACCEPT
+post-up iptables -A POSTROUTING -o eth1 -t nat -j MASQUERADE
+
+allow-hotplug tun0
+iface tun0 inet manual
+pre-up route del -net 0.0.0.0/1
+pre-up route del -net 128.0.0.0/1
+pre-up route del -host 255.255.255.0
diff --git a/assets/network/iptables.sh b/assets/network/iptables.sh
deleted file mode 100755
index f80a816..0000000
--- a/assets/network/iptables.sh
+++ /dev/null
@@ -1,25 +0,0 @@
-# enable IP-forwarding
-sh -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'
-
-# for LAN
-#iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
-#iptables -A FORWARD -i eth1 -o eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-
-# for WLAN
-#iptables -A FORWARD -i wlan0 -o eth1 -j ACCEPT
-#iptables -A FORWARD -i eth1 -o wlan0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-
-# allow traffic between LAN and WLAN
-#iptables -A FORWARD -i wlan0 -o eth1 -j ACCEPT
-#iptables -A FORWARD -i eth1 -o wlan0 -j ACCEPT
-
-iptables -A FORWARD -i br0 -o eth1 -j ACCEPT
-iptables -A FORWARD -i eth1 -o br0 -j ACCEPT
-
-iptables -A POSTROUTING -o eth1 -t nat -j MASQUERADE
-
-#iptables -L -n -v
-
-#sh -c "iptables-save" > /etc/iptables.ipv4.nat
-
-#iptables-restore < /etc/iptables.ipv4.nat
diff --git a/build.sh b/build.sh
index dd72820..30da4f4 100755
--- a/build.sh
+++ b/build.sh
@@ -45,7 +45,6 @@ EXEC '/make-init.sh' "\${PROJECT}" "\${IMAGE_VERSION}" "\${IMAGE_SOURCE}"
 EXEC '/make-install.sh'
 
 COPY '/network/interfaces.conf' '/etc/network/interfaces'
-COPY '/network/iptables.sh' '/root/'
 COPY '/network/hostapd.conf' '/etc/hostapd/hostapd.conf'
 COPY '/network/dnsmasq.conf' '/etc/dnsmasq.conf'
 
diff --git a/docs/README.md b/docs/README.md
index 7a2fd6a..683bc80 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -21,3 +21,7 @@ Image version is used in the name of image and you can check it inside image in
 To set own version of the image you can set `IMAGE_VERSION` before run `./build.sh`. Otherwise will be used 7 digits of the last commit in the repo.
 
 > In Github Actions is used the tag or the branch name provided by `github.ref` env variable.
+
+## Documentation
+
+* [Network](/docs/network.md)
\ No newline at end of file
diff --git a/docs/network.md b/docs/network.md
new file mode 100644
index 0000000..564ef9c
--- /dev/null
+++ b/docs/network.md
@@ -0,0 +1,21 @@
+# Network
+
+Default network is setup as router.
+
+`wlan0` and `eth0` is combined by bridge-utils to `br0`.
+
+And if you connect USB external network card or cell modem `eth1` will nated to `br0`.
+
+> dhcp client works on `eth1`.
+
+There is `dnsmasq`. It works in `br0` network.
+
+The network has `192.168.11.0/24` addressing with `192.168.11.1` gateway. Also you can use domain name that equals the project name (by default `theimage`).
+
+There is `hostapd`. It provide Wi-Fi AP. It's called `project-1234`.
+
+Settings place in three files:
+
+1. `/etc/dnsmasq.conf`
+2. `/etc/hostapd/hostapd.conf`
+3. `/etc/network/interfaces`