m (Protected "Gentoo Wifi Access Point" ([edit=sysop] (indefinite) [move=sysop] (indefinite))) |
(Adding categories) |
||
Line 337: | Line 337: | ||
* Reboot Access-Point |
* Reboot Access-Point |
||
* Reboot Station |
* Reboot Station |
||
+ | [[Category:Linux]] |
Latest revision as of 16:45, 14 March 2012
Mbm329 06:28, March 12, 2012 (UTC)
Pre-requisites:
|
- 2 CARDs WITH AT LEAST STANDARD WPA CAPABILITY (try RSN in wpa_supplicant and hostapd if you have WPA2)
- Gentoo Linux w/ CONFIG_CRYPTO_AES compiled into the kernel or available as a loadable module.
Configure the Station:
Install Packages
USE="madwifi" emerge -pv madwifi-ng madwifi-ng-tools wpa_supplicant
Place In Config Files
/etc/modules.autoload.d/kernel-2.6
## autoloads: ath_rate_sample wlan ath_hal ath_pci
/etc/modules.d/ath_pci
# modules.d configuration file for ATH_PCI # For more information please read: # README # Configurable module parameters # ------------------------------ # countrycode: Override default country code # outdoor: Enable/disable outdoor use # xchanmode: Enable/disable extended channel mode # rfkill: Enable/disable RFKILL capability # autocreate: Create ath device in [sta|ap|wds|adhoc|ahdemo|monitor] mode. defaults to sta, use 'none' to disable # ath_debug: Load-time debug output enable options ath_pci autocreate=none
/etc/conf.d/net
modules=( "wpa_supplicant" "!iwconfig" ) config_ath0=( "dhcp" ) mode_ath0="managed" wpa_supplicant_ath0="-Dmadwifi"
/etc/init.d/wlanconfig
#!/sbin/runscript # Copyright 1999-2006 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: $ depend() { before net.* } start() { local retval=0 ebegin "Creating madwifi wireless interfaces" /sbin/wlanconfig ath0 create wlandev wifi0 wlanmode sta -bssid retval=$((${retval}+$?)) eend ${retval} "Couldn't create one or more of the wireless interfaces" return ${retval} } stop() { local retval=0 ebegin "Destroying madwifi wireless interfaces" /sbin/wlanconfig ath0 destroy retval=$((${retval}+$?)) eend ${retval} "Couldn't destroy one or more of the wireless interfaces" return ${retval} }
Commands To Finish Configuration
Symlink wifi network init script to localhost init script
cd /etc/init.d ln -s net.lo net.ath0
Make wlanconfig script executable
chmod 755 /etc/init.d/wlanconfig
Add init scripts to default runlevel
rc-update add net.ath0 default rc-update add wlanconfig default
Create wpa_supplicant configuration
echo "ctrl_interface=/var/run/wpa_supplicant" > /etc/wpa_supplicant/wpa_supplicant.conf wpa_passphrase YOUR_ESSID "Some_Decent_PassPhrase_of_up_64_Characters" >> /etc/wpa_supplicant/wpa_supplicant.conf
Add in the following after the uncommented "psk=" line in the /etc/wpa_supplicant/wpa_supplicant.conf file:
key_mgmt=WPA-PSK proto=WPA #proto=RSN
Configure the Access-Point:
Install Packages:
USE="ssl madwifi" emerge -pv madwifi-ng madwifi-ng-tools hostapd
Place In Configs:
/etc/modules.autoload.d/kernel-2.6
## autoloads: ath_rate_sample wlan ath_hal ath_pci
/etc/modules.d/ath_pci
# modules.d configuration file for ATH_PCI # For more information please read: # README # Configurable module parameters # ------------------------------ # countrycode: Override default country code # outdoor: Enable/disable outdoor use # xchanmode: Enable/disable extended channel mode # rfkill: Enable/disable RFKILL capability # autocreate: Create ath device in [sta|ap|wds|adhoc|ahdemo|monitor] mode. defaults to sta, use 'none' to disable # ath_debug: Load-time debug output enable options ath_pci autocreate=none
/etc/conf.d/net (substitute for your proper network)
##ATH0 essid_ath0="YOUR_ESSID" mode_ath0="master" channel_ath0="11" iwpriv_ath0="mode 3" iface_ath0=( "10.65.23.1 netmask 255.255.255.0 broadcast 10.65.23.255" )
/etc/conf.d/dhcp
# Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/net-misc/dhcp/files/dhcp.conf,v 1.7 2004/12/20 18:54:23 max Exp $ # Configure which interface or interfaces to for dhcp to listen on # list all interfaces space separated. IFACE="eth1 ath0" # Insert any other options needed DHCPD_OPTS="" # If you wish to run dhcp in a chroot, run: # ebuild /var/db/pkg/net-misc/<dhcp version>/<dhcp-version>.ebuild config # and un-comment the following line. # You can specify a different chroot directory but MAKE SURE it's empty. #CHROOT="/chroot/dhcp" # If you need name resolution under a chroot, uncomment the following: #export LD_PRELOAD="/usr/lib/libresolv.so /usr/lib/libnss_dns.so"
/etc/dhcp/dhcpd.conf
subnet 10.65.23.0 netmask 255.255.255.0 { default-lease-time 86400; #1 day max-lease-time 604800; #1 week option broadcast-address 10.65.23.255; option domain-name "internal.mydomain.com"; option domain-name-servers 10.65.23.1,192.168.1.1; option subnet-mask 255.255.255.0; option routers 10.65.23.1; } #--------------------------# host station1 { hardware ethernet 00:11:C7:42:56:D4; fixed-address 10.65.23.2; } host station2 { hardware ethernet 00:10:67:1c:70:1e; fixed-address 10.65.23.3; }
/etc/init.d/wlanconfig
#!/sbin/runscript # Copyright 1999-2006 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: $ depend() { before net.* } start() { local retval=0 ebegin "Creating madwifi wireless interfaces" /sbin/wlanconfig ath0 create wlandev wifi0 wlanmode ap -bssid retval=$((${retval}+$?)) eend ${retval} "Couldn't create one or more of the wireless interfaces" return ${retval} } stop() { local retval=0 ebegin "Destroying madwifi wireless interfaces" /sbin/wlanconfig ath0 destroy retval=$((${retval}+$?)) eend ${retval} "Couldn't destroy one or more of the wireless interfaces" return ${retval} }
/etc/hostapd/hostapd.conf
# An additional configuration parameter, bridge, # must be used to notify hostapd if the interface is included in a bridge. #bridge=br0 # Enable this for standard bridging, leave disabled for netfilter firewalls interface=ath0 driver=madwifi logger_syslog=-1 logger_syslog_level=2 logger_stdout=--1 logger_stdout_level=2 debug=0 ctrl_interface_group=0 macaddr_acl=0 deny_mac_file=/etc/hostapd.deny auth_algs=3 eapol_key_index_workaround=0 eap_server=0 dump_file=/tmp/hostapd.dump ssid=YOUR_ESSID wpa=3 #psk="Some_Decent_PassPhrase_of_up_64_Characters" wpa_psk=35358c482ff478511d8eff9b25de81d9cea0f78b27d3524230f6bf490b124af2 wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP CCMP
Commands To Finish Configuration
Symlink wifi network init script to localhost init script
cd /etc/init.d ln -s net.lo net.ath0
Make wlanconfig script executable
chmod 755 /etc/init.d/wlanconfig
Add init scripts to default runlevel
rc-update add net.ath0 default rc-update add wlanconfig default rc-update add dhcp default
Replace values in wpa_supplicant.conf
- ssid=
- #psk=
- wpa_psk=
Critical IPTables Rules for Access-Point (change networks and variables appropriately):
- Allow inbound DHCP requests from wireless interface _
/sbin/iptables -A INPUT -p udp -s 0/0 -d 255.255.255.255 --dport 67:68 -i ath0 -j ACCEPT
- Allow wireless network to connect to access point directly _
/sbin/iptables -A INPUT -p all -s 10.65.23.0/255.255.255.0 -d 10.65.23.1 -i ath0 -j ACCEPT
- Turn on network address translation for all hosts to appear as though they are coming from the external IP address of the router. _
/sbin/iptables -t nat -A POSTROUTING -p all -s 10.65.23.0/255.255.255.0 -d 0/0 -o eth0 -j SNAT --to-source ${outside_internet_ip}
- Allow all inbound traffic from external networks that have been already established _
/sbin/iptables -A INPUT -m state -p all -s 0/0 -d ${outside_internet_ip} --state ESTABLISHED -i eth0 -j ACCEPT
Reboot Hosts
- Reboot Access-Point
- Reboot Station