Changes: Gentoo Wifi Access Point

Mbm329 06:28, March 12, 2012 (UTC)

Pre-requisites:

HEED THESE WARNINGS: This is circa 2006 I do not accept responsibility for anything this howto F's up on your computer. It is important to READ ALL THE CONFIGS and commands, and change appropriately to suit your network. If you know something is wrong in the howto, let me know.

• 2 CARDs WITH AT LEAST STANDARD WPA CAPABILITY (try RSN in wpa_supplicant and hostapd if you have WPA2)
• Gentoo Linux w/ CONFIG_CRYPTO_AES compiled into the kernel or available as a loadable module.

Configure the Station:

Install Packages

USE="madwifi" emerge -pv madwifi-ng madwifi-ng-tools wpa_supplicant

Place In Config Files

/etc/modules.autoload.d/kernel-2.6

## autoloads: ath_rate_sample wlan ath_hal
ath_pci

/etc/modules.d/ath_pci

# modules.d configuration file for ATH_PCI
# For more information please read:
#    README

# Configurable module parameters
# ------------------------------
# countrycode:  Override default country code
# outdoor:      Enable/disable outdoor use
# xchanmode:    Enable/disable extended channel mode
# rfkill:       Enable/disable RFKILL capability
# autocreate:   Create ath device in [sta|ap|wds|adhoc|ahdemo|monitor] mode. defaults to sta, use 'none' to disable
# ath_debug:    Load-time debug output enable

options ath_pci autocreate=none

/etc/conf.d/net

modules=( "wpa_supplicant" "!iwconfig" )
config_ath0=( "dhcp" )
mode_ath0="managed"
wpa_supplicant_ath0="-Dmadwifi"

/etc/init.d/wlanconfig

#!/sbin/runscript
# Copyright 1999-2006 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

depend() {
   before net.*
}

start() {
   local retval=0
   ebegin "Creating madwifi wireless interfaces"
      /sbin/wlanconfig ath0 create wlandev wifi0 wlanmode sta -bssid
         retval=$((${retval}+$?))
   eend ${retval} "Couldn't create one or more of the wireless interfaces"
   return ${retval}
}

stop() {
   local retval=0
   ebegin "Destroying madwifi wireless interfaces"
      /sbin/wlanconfig ath0 destroy
         retval=$((${retval}+$?))
   eend ${retval} "Couldn't destroy one or more of the wireless interfaces"
   return ${retval}
}

Commands To Finish Configuration

Symlink wifi network init script to localhost init script

cd /etc/init.d
ln -s net.lo net.ath0

Make wlanconfig script executable

chmod 755 /etc/init.d/wlanconfig

Add init scripts to default runlevel

rc-update add net.ath0 default
rc-update add wlanconfig default

Create wpa_supplicant configuration

echo "ctrl_interface=/var/run/wpa_supplicant" > /etc/wpa_supplicant/wpa_supplicant.conf
wpa_passphrase YOUR_ESSID "Some_Decent_PassPhrase_of_up_64_Characters" >> /etc/wpa_supplicant/wpa_supplicant.conf

Add in the following after the uncommented "psk=" line in the /etc/wpa_supplicant/wpa_supplicant.conf file:

key_mgmt=WPA-PSK
proto=WPA
#proto=RSN

Configure the Access-Point:

Install Packages:

USE="ssl madwifi" emerge -pv madwifi-ng madwifi-ng-tools hostapd

Place In Configs:

/etc/modules.autoload.d/kernel-2.6

## autoloads: ath_rate_sample wlan ath_hal
ath_pci

/etc/modules.d/ath_pci

# modules.d configuration file for ATH_PCI
# For more information please read:
#    README

# Configurable module parameters
# ------------------------------
# countrycode:  Override default country code
# outdoor:      Enable/disable outdoor use
# xchanmode:    Enable/disable extended channel mode
# rfkill:       Enable/disable RFKILL capability
# autocreate:   Create ath device in [sta|ap|wds|adhoc|ahdemo|monitor] mode. defaults to sta, use 'none' to disable
# ath_debug:    Load-time debug output enable

options ath_pci autocreate=none

/etc/conf.d/net (substitute for your proper network)

##ATH0
essid_ath0="YOUR_ESSID"
mode_ath0="master"
channel_ath0="11"
iwpriv_ath0="mode 3"
iface_ath0=( "10.65.23.1 netmask 255.255.255.0 broadcast 10.65.23.255" )

/etc/conf.d/dhcp

# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/dhcp/files/dhcp.conf,v 1.7 2004/12/20 18:54:23 max Exp $

# Configure which interface or interfaces to for dhcp to listen on
# list all interfaces space separated.
IFACE="eth1 ath0"

# Insert any other options needed
DHCPD_OPTS=""

# If you wish to run dhcp in a chroot, run:
# ebuild /var/db/pkg/net-misc/<dhcp version>/<dhcp-version>.ebuild config
# and un-comment the following line.
# You can specify a different chroot directory but MAKE SURE it's empty.
#CHROOT="/chroot/dhcp"

# If you need name resolution under a chroot, uncomment the following:
#export LD_PRELOAD="/usr/lib/libresolv.so /usr/lib/libnss_dns.so"

/etc/dhcp/dhcpd.conf

subnet 10.65.23.0 netmask 255.255.255.0 {
   default-lease-time 86400; #1 day
   max-lease-time 604800; #1 week
   option broadcast-address 10.65.23.255;
   option domain-name "internal.mydomain.com";
   option domain-name-servers 10.65.23.1,192.168.1.1;
   option subnet-mask 255.255.255.0;
   option routers 10.65.23.1;
}
#--------------------------#
host station1 {
   hardware ethernet 00:11:C7:42:56:D4;
   fixed-address 10.65.23.2;
}

host station2 {
   hardware ethernet 00:10:67:1c:70:1e;
   fixed-address 10.65.23.3;
}

/etc/init.d/wlanconfig

#!/sbin/runscript
# Copyright 1999-2006 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

depend() {
   before net.*
}

start() {
   local retval=0
   ebegin "Creating madwifi wireless interfaces"
      /sbin/wlanconfig ath0 create wlandev wifi0 wlanmode ap -bssid
         retval=$((${retval}+$?))
   eend ${retval} "Couldn't create one or more of the wireless interfaces"
   return ${retval}
}

stop() {
   local retval=0
   ebegin "Destroying madwifi wireless interfaces"
      /sbin/wlanconfig ath0 destroy
         retval=$((${retval}+$?))
   eend ${retval} "Couldn't destroy one or more of the wireless interfaces"
   return ${retval}
}

/etc/hostapd/hostapd.conf

# An additional configuration parameter, bridge,
# must be used to notify hostapd if the interface is included in a bridge.

#bridge=br0     # Enable this for standard bridging, leave disabled for netfilter firewalls

interface=ath0
driver=madwifi
logger_syslog=-1
logger_syslog_level=2
logger_stdout=--1
logger_stdout_level=2
debug=0
ctrl_interface_group=0
macaddr_acl=0
deny_mac_file=/etc/hostapd.deny
auth_algs=3
eapol_key_index_workaround=0
eap_server=0
dump_file=/tmp/hostapd.dump
ssid=YOUR_ESSID
wpa=3
#psk="Some_Decent_PassPhrase_of_up_64_Characters"
wpa_psk=35358c482ff478511d8eff9b25de81d9cea0f78b27d3524230f6bf490b124af2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP

Commands To Finish Configuration

Symlink wifi network init script to localhost init script

cd /etc/init.d
ln -s net.lo net.ath0

Make wlanconfig script executable

chmod 755 /etc/init.d/wlanconfig

Add init scripts to default runlevel

rc-update add net.ath0 default
rc-update add wlanconfig default
rc-update add dhcp default

Replace values in wpa_supplicant.conf

• ssid=
• #psk=
• wpa_psk=

Critical IPTables Rules for Access-Point (change networks and variables appropriately):

• Allow inbound DHCP requests from wireless interface _

/sbin/iptables -A INPUT -p udp -s 0/0 -d 255.255.255.255 --dport 67:68 -i ath0 -j ACCEPT

• Allow wireless network to connect to access point directly _

/sbin/iptables -A INPUT -p all -s 10.65.23.0/255.255.255.0 -d 10.65.23.1 -i ath0 -j ACCEPT

• Turn on network address translation for all hosts to appear as though they are coming from the external IP address of the router. _

/sbin/iptables -t nat -A POSTROUTING -p all -s 10.65.23.0/255.255.255.0 -d 0/0 -o eth0 -j SNAT --to-source ${outside_internet_ip}

• Allow all inbound traffic from external networks that have been already established _

/sbin/iptables -A INPUT -m state -p all -s 0/0 -d ${outside_internet_ip} --state ESTABLISHED -i eth0 -j ACCEPT

Reboot Hosts

• Reboot Access-Point
• Reboot Station