Gentoo Wifi Access Point

Mbm329 06:28, March 12, 2012 (UTC)

Pre-requisites:

 * 2 CARDs WITH AT LEAST STANDARD WPA CAPABILITY (try RSN in wpa_supplicant and hostapd if you have WPA2)
 * Gentoo Linux w/ CONFIG_CRYPTO_AES compiled into the kernel or available as a loadable module.

Install Packages
USE="madwifi" emerge -pv madwifi-ng madwifi-ng-tools wpa_supplicant

/etc/modules.autoload.d/kernel-2.6
ath_pci
 * 1) autoloads: ath_rate_sample wlan ath_hal

/etc/modules.d/ath_pci

 * 1) modules.d configuration file for ATH_PCI
 * 2) For more information please read:
 * 3)    README


 * 1) Configurable module parameters
 * 2) countrycode:  Override default country code
 * 3) outdoor:      Enable/disable outdoor use
 * 4) xchanmode:    Enable/disable extended channel mode
 * 5) rfkill:       Enable/disable RFKILL capability
 * 6) autocreate:   Create ath device in [sta|ap|wds|adhoc|ahdemo|monitor] mode. defaults to sta, use 'none' to disable
 * 7) ath_debug:    Load-time debug output enable
 * 1) ath_debug:    Load-time debug output enable

options ath_pci autocreate=none

/etc/conf.d/net
modules=( "wpa_supplicant" "!iwconfig" ) config_ath0=( "dhcp" ) mode_ath0="managed" wpa_supplicant_ath0="-Dmadwifi"

/etc/init.d/wlanconfig

 * 1) !/sbin/runscript
 * 2) Copyright 1999-2006 Gentoo Foundation
 * 3) Distributed under the terms of the GNU General Public License v2
 * 4) $Header: $

depend { before net.* }

start { local retval=0 ebegin "Creating madwifi wireless interfaces" /sbin/wlanconfig ath0 create wlandev wifi0 wlanmode sta -bssid retval=$((${retval}+$?)) eend ${retval} "Couldn't create one or more of the wireless interfaces" return ${retval} }

stop { local retval=0 ebegin "Destroying madwifi wireless interfaces" /sbin/wlanconfig ath0 destroy retval=$((${retval}+$?)) eend ${retval} "Couldn't destroy one or more of the wireless interfaces" return ${retval} }

Symlink wifi network init script to localhost init script
cd /etc/init.d ln -s net.lo net.ath0

Make wlanconfig script executable
chmod 755 /etc/init.d/wlanconfig

Add init scripts to default runlevel
rc-update add net.ath0 default rc-update add wlanconfig default

Create wpa_supplicant configuration
echo "ctrl_interface=/var/run/wpa_supplicant" > /etc/wpa_supplicant/wpa_supplicant.conf wpa_passphrase YOUR_ESSID "Some_Decent_PassPhrase_of_up_64_Characters" >> /etc/wpa_supplicant/wpa_supplicant.conf

Add in the following after the uncommented "psk=" line in the /etc/wpa_supplicant/wpa_supplicant.conf file:
key_mgmt=WPA-PSK proto=WPA
 * 1) proto=RSN

Install Packages:
USE="ssl madwifi" emerge -pv madwifi-ng madwifi-ng-tools hostapd

/etc/modules.autoload.d/kernel-2.6
ath_pci
 * 1) autoloads: ath_rate_sample wlan ath_hal

/etc/modules.d/ath_pci

 * 1) modules.d configuration file for ATH_PCI
 * 2) For more information please read:
 * 3)    README


 * 1) Configurable module parameters
 * 2) countrycode:  Override default country code
 * 3) outdoor:      Enable/disable outdoor use
 * 4) xchanmode:    Enable/disable extended channel mode
 * 5) rfkill:       Enable/disable RFKILL capability
 * 6) autocreate:   Create ath device in [sta|ap|wds|adhoc|ahdemo|monitor] mode. defaults to sta, use 'none' to disable
 * 7) ath_debug:    Load-time debug output enable
 * 1) ath_debug:    Load-time debug output enable

options ath_pci autocreate=none

/etc/conf.d/net (substitute for your proper network)
essid_ath0="YOUR_ESSID" mode_ath0="master" channel_ath0="11" iwpriv_ath0="mode 3" iface_ath0=( "10.65.23.1 netmask 255.255.255.0 broadcast 10.65.23.255" )
 * 1) ATH0

/etc/conf.d/dhcp

 * 1) Copyright 1999-2004 Gentoo Foundation
 * 2) Distributed under the terms of the GNU General Public License v2
 * 3) $Header: /var/cvsroot/gentoo-x86/net-misc/dhcp/files/dhcp.conf,v 1.7 2004/12/20 18:54:23 max Exp $

IFACE="eth1 ath0"
 * 1) Configure which interface or interfaces to for dhcp to listen on
 * 2) list all interfaces space separated.

DHCPD_OPTS=""
 * 1) Insert any other options needed


 * 1) If you wish to run dhcp in a chroot, run:
 * 2) ebuild /var/db/pkg/net-misc/ /.ebuild config
 * 3) and un-comment the following line.
 * 4) You can specify a different chroot directory but MAKE SURE it's empty.
 * 5) CHROOT="/chroot/dhcp"


 * 1) If you need name resolution under a chroot, uncomment the following:
 * 2) export LD_PRELOAD="/usr/lib/libresolv.so /usr/lib/libnss_dns.so"

/etc/dhcp/dhcpd.conf
subnet 10.65.23.0 netmask 255.255.255.0 { default-lease-time 86400; #1 day max-lease-time 604800; #1 week option broadcast-address 10.65.23.255; option domain-name "internal.mydomain.com"; option domain-name-servers 10.65.23.1,192.168.1.1; option subnet-mask 255.255.255.0; option routers 10.65.23.1; } host station1 { hardware ethernet 00:11:C7:42:56:D4; fixed-address 10.65.23.2; }

host station2 { hardware ethernet 00:10:67:1c:70:1e; fixed-address 10.65.23.3; }

/etc/init.d/wlanconfig

 * 1) !/sbin/runscript
 * 2) Copyright 1999-2006 Gentoo Foundation
 * 3) Distributed under the terms of the GNU General Public License v2
 * 4) $Header: $

depend { before net.* }

start { local retval=0 ebegin "Creating madwifi wireless interfaces" /sbin/wlanconfig ath0 create wlandev wifi0 wlanmode ap -bssid retval=$((${retval}+$?)) eend ${retval} "Couldn't create one or more of the wireless interfaces" return ${retval} }

stop { local retval=0 ebegin "Destroying madwifi wireless interfaces" /sbin/wlanconfig ath0 destroy retval=$((${retval}+$?)) eend ${retval} "Couldn't destroy one or more of the wireless interfaces" return ${retval} }

/etc/hostapd/hostapd.conf

 * 1) An additional configuration parameter, bridge,
 * 2) must be used to notify hostapd if the interface is included in a bridge.


 * 1) bridge=br0    # Enable this for standard bridging, leave disabled for netfilter firewalls

interface=ath0 driver=madwifi logger_syslog=-1 logger_syslog_level=2 logger_stdout=--1 logger_stdout_level=2 debug=0 ctrl_interface_group=0 macaddr_acl=0 deny_mac_file=/etc/hostapd.deny auth_algs=3 eapol_key_index_workaround=0 eap_server=0 dump_file=/tmp/hostapd.dump ssid=YOUR_ESSID wpa=3 wpa_psk=35358c482ff478511d8eff9b25de81d9cea0f78b27d3524230f6bf490b124af2 wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP CCMP
 * 1) psk="Some_Decent_PassPhrase_of_up_64_Characters"

Symlink wifi network init script to localhost init script
cd /etc/init.d ln -s net.lo net.ath0

Make wlanconfig script executable
chmod 755 /etc/init.d/wlanconfig

Add init scripts to default runlevel
rc-update add net.ath0 default rc-update add wlanconfig default rc-update add dhcp default

Replace values in wpa_supplicant.conf

 * ssid=
 * #psk=
 * wpa_psk=

Critical IPTables Rules for Access-Point (change networks and variables appropriately):
/sbin/iptables -A INPUT -p udp -s 0/0 -d 255.255.255.255 --dport 67:68 -i ath0 -j ACCEPT
 * Allow inbound DHCP requests from wireless interface _

/sbin/iptables -A INPUT -p all -s 10.65.23.0/255.255.255.0 -d 10.65.23.1 -i ath0 -j ACCEPT
 * Allow wireless network to connect to access point directly _

/sbin/iptables -t nat -A POSTROUTING -p all -s 10.65.23.0/255.255.255.0 -d 0/0 -o eth0 -j SNAT --to-source ${outside_internet_ip}
 * Turn on network address translation for all hosts to appear as though they are coming from the external IP address of the router. _

/sbin/iptables -A INPUT -m state -p all -s 0/0 -d ${outside_internet_ip} --state ESTABLISHED -i eth0 -j ACCEPT
 * Allow all inbound traffic from external networks that have been already established _

Reboot Hosts

 * Reboot Access-Point
 * Reboot Station