ubuntu server wireless access point (eng)
DESCRIPTION
What is WAP? Why bother? Router setup Setting up NIC Setting up bridge Security Firewall DHCP DNS ResourcesTRANSCRIPT
Ubuntu Server based WAP (Wireless Access Point)
What is WAP?Why bother?Router setupSetting up NICSetting up
bridge
SecurityFirewallDHCPDNSResources
What is WAP?
In computer networking, a wireless access point (WAP or AP) is a device that connects wireless comm. devices together to form a wireless network. The WAP usually connects to a wired network, and can relay data between wireless devices and wired devices. Several WAPs can link together to form a larger network that allows "roaming". (In contrast, a network where the client devices manage themselves - without the need for any access points - becomes an ad-hoc network.)
Why bother?
Cheap consumer WAPs under $100 as a rule has a slow CPU about 150 MHz and low RAM – about 8-16Mb, this causes low performance on huge traffi c and peer-to-peer traffi c, possible glitches, etc.
With a custom-build Linux based WAP we are getting carrier grade device that could cost up to $1500 retail for under $400 only. It is flexible and customizable. Want a firewall? No problem. Custom routing? NAT? Bridges? VLAN? All easily managed. Custom Web-based configuration, etc. and finally it's fun :)
Router setupWe have a box with two wired interfaces eth0 and eth1 and one wireless ath0. eth0 is WAN, eth1 and ath0 - LAN
Setting up wireless NICThere are three main operation modes for wireless NICs
- Managed, when a NIC is bind to WAP that manages it
- Ad-hoc, when a NIC is one level peer-to-peer network
- Master, when a NIC acts as WAP to manage others
#Wireless Setup at /etc/network/interfacesauto ath0iface ath0 inet manualwireless-mode masterwireless-essid pivotpointwireless-key s:tolik
Setting up bridgeNetwork bridge connects multiple network segments at
the data link layer (layer 2) of the OSI model, and the term layer 2 switch is very often used interchangeably with bridges.
#Bridge interface at /etc/network/interfacesauto br0iface br0 inet static address 10.1.1.1 network 10.1.1.0 netmask 255.255.255.0 broadcast 10.1.1.255 bridge-ports eth1 ath0
SecurityThere is a number of security algorithms for WAP:
WEP-40 and WEP-104 (deprecated), WEP2, WEPplus, Dynamic WEP, LEAP and fi nally WPA and WPA2 (IEEE 802.11i standard). WEPs are very weak and WPA is crackable. To secure wireless network you should use WPA2 in combination with other security approaches like static DHCP(forbidding unknown clients), ACLs, etc.
For our simple proof-of-concept project we had used WEP-40 algorithm with the key given as passphrase:
#Wireless Setup at /etc/network/interfaceswireless-key s:tolik
FirewallWe need to set up masquerading and forwarding on
the WAN interface for our bridged network to allow Internet or Intranet access:
iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADEiptables -A FORWARD -s 10.1.1.0/24 -o eth0 -j ACCEPTiptables -A FORWARD -d 10.1.1.0/24 -m state --state ESTABLISHED,RELATED -i eth0 -j ACCEPT
Save and restore our frewall rules over reboot:#Gateway interface config /etc/network/interfaces auto eth0iface eth0 inet dhcppre-up iptables-restore < /etc/iptables.rulespost-down iptables-save > /etc/iptables.rules
Firewall: Packet forwarding
Enable packet forwarding in the kernel (over reboot):# set it in /etc/sysctl.confnet.ipv4.ip_forward = 1
Immediately allow the forwarding of packets:echo 1 > /proc/sys/net/ipv4/ip_forward
DHCP
A basic 10 machine DHCP server. Nothing fancy
# Subnet for DHCP Clients /etc/dhcp3/dhcpd.confsubnet 10.1.1.0 netmask 255.255.255.0 { option domain-name-servers 10.1.1.1; max-lease-time 7200; default-lease-time 600; range 10.1.1.50 10.1.1.60; option subnet-mask 255.255.255.0; option broadcast-address 10.1.1.255; option routers 10.1.1.1;}
sudo apt-get install dhcp3-server
DNS
Domain Name Service (DNS) is an Internet service that maps IP addresses and fully qualifed domain names (FQDN) to one another:
zone "home.tolik" { type master; file "/etc/bind/home.tolik.db"; notify no;};
zone "1.1.10.in-addr.arpa" { type master; file "/etc/bind/rev.1.1.10.in-addr.arpa";};
DNS:Forward
Setting up the forward zone tolik.home:$TTL 3D@ IN SOA ns.tolik.home. acidumirae.gmail.com. ( 200903231 ; serial, today + # 2H ; refresh, seconds 1H ; retry, seconds 4H ; expire, seconds 1H ) ; minimum, seconds NS ns ; name server MX 10 mail ; Mail Exchangerns A 10.1.1.1gw A 10.1.1.1 TXT "Network gateway"mail A 10.1.1.1
DNS:Reverse
Setting up the reverse zone to resolve 10.1.1.*:$TTL 24h; 10.1.1.rev@ IN SOA home.tolik [email protected] ( 2007052500 10800 3600 604800 86400 )
IN NS ns.home.tolik.
1 IN PTR gw.home.tolik.
Resources
https://help.ubuntu.com/community/Wifi Docs/WirelessAccessPoint
https://help.ubuntu.com/community/Wifi Docs/MasterMode
http://www.linux.com/feature/55617
https://help.ubuntu.com/8.10/serverguide/C/dns.html
http://www.ibm.com/developerworks/linux/library/l-wap.html