Ubuntu Server based WAP (Wireless Access Point)

What is WAP?Why bother?Router setupSetting up NICSetting up

bridge

SecurityFirewallDHCPDNSResources

What is WAP?

In computer networking, a wireless access point (WAP or AP) is a device that connects wireless comm. devices together to form a wireless network. The WAP usually connects to a wired network, and can relay data between wireless devices and wired devices. Several WAPs can link together to form a larger network that allows "roaming". (In contrast, a network where the client devices manage themselves - without the need for any access points - becomes an ad-hoc network.)

Why bother?

Cheap consumer WAPs under $100 as a rule has a slow CPU about 150 MHz and low RAM – about 8-16Mb, this causes low performance on huge traffi c and peer-to-peer traffi c, possible glitches, etc.

With a custom-build Linux based WAP we are getting carrier grade device that could cost up to $1500 retail for under $400 only. It is flexible and customizable. Want a firewall? No problem. Custom routing? NAT? Bridges? VLAN? All easily managed. Custom Web-based configuration, etc. and finally it's fun :)

Router setupWe have a box with two wired interfaces eth0 and eth1 and one wireless ath0. eth0 is WAN, eth1 and ath0 - LAN

Setting up wireless NICThere are three main operation modes for wireless NICs

- Managed, when a NIC is bind to WAP that manages it

- Ad-hoc, when a NIC is one level peer-to-peer network

- Master, when a NIC acts as WAP to manage others

#Wireless Setup at /etc/network/interfacesauto ath0iface ath0 inet manualwireless-mode masterwireless-essid pivotpointwireless-key s:tolik

Setting up bridgeNetwork bridge connects multiple network segments at

the data link layer (layer 2) of the OSI model, and the term layer 2 switch is very often used interchangeably with bridges.

#Bridge interface at /etc/network/interfacesauto br0iface br0 inet static address 10.1.1.1 network 10.1.1.0 netmask 255.255.255.0 broadcast 10.1.1.255 bridge-ports eth1 ath0

SecurityThere is a number of security algorithms for WAP:

WEP-40 and WEP-104 (deprecated), WEP2, WEPplus, Dynamic WEP, LEAP and fi nally WPA and WPA2 (IEEE 802.11i standard). WEPs are very weak and WPA is crackable. To secure wireless network you should use WPA2 in combination with other security approaches like static DHCP(forbidding unknown clients), ACLs, etc.

For our simple proof-of-concept project we had used WEP-40 algorithm with the key given as passphrase:

#Wireless Setup at /etc/network/interfaceswireless-key s:tolik

FirewallWe need to set up masquerading and forwarding on

the WAN interface for our bridged network to allow Internet or Intranet access:

iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADEiptables -A FORWARD -s 10.1.1.0/24 -o eth0 -j ACCEPTiptables -A FORWARD -d 10.1.1.0/24 -m state --state ESTABLISHED,RELATED -i eth0 -j ACCEPT

Save and restore our frewall rules over reboot:#Gateway interface config /etc/network/interfaces auto eth0iface eth0 inet dhcppre-up iptables-restore < /etc/iptables.rulespost-down iptables-save > /etc/iptables.rules

Firewall: Packet forwarding

Enable packet forwarding in the kernel (over reboot):# set it in /etc/sysctl.confnet.ipv4.ip_forward = 1

Immediately allow the forwarding of packets:echo 1 > /proc/sys/net/ipv4/ip_forward

DHCP

A basic 10 machine DHCP server. Nothing fancy

# Subnet for DHCP Clients /etc/dhcp3/dhcpd.confsubnet 10.1.1.0 netmask 255.255.255.0 { option domain-name-servers 10.1.1.1; max-lease-time 7200; default-lease-time 600; range 10.1.1.50 10.1.1.60; option subnet-mask 255.255.255.0; option broadcast-address 10.1.1.255; option routers 10.1.1.1;}

sudo apt-get install dhcp3-server

DNS

Domain Name Service (DNS) is an Internet service that maps IP addresses and fully qualifed domain names (FQDN) to one another:

zone "home.tolik" { type master; file "/etc/bind/home.tolik.db"; notify no;};

zone "1.1.10.in-addr.arpa" { type master; file "/etc/bind/rev.1.1.10.in-addr.arpa";};

DNS:Forward

Setting up the forward zone tolik.home:$TTL 3D@ IN SOA ns.tolik.home. acidumirae.gmail.com. ( 200903231 ; serial, today + # 2H ; refresh, seconds 1H ; retry, seconds 4H ; expire, seconds 1H ) ; minimum, seconds NS ns ; name server MX 10 mail ; Mail Exchangerns A 10.1.1.1gw A 10.1.1.1 TXT "Network gateway"mail A 10.1.1.1

DNS:Reverse

Setting up the reverse zone to resolve 10.1.1.*:$TTL 24h; 10.1.1.rev@ IN SOA home.tolik acidumirae@gmail.com ( 2007052500 10800 3600 604800 86400 )

IN NS ns.home.tolik.

1 IN PTR gw.home.tolik.

Resources

https://help.ubuntu.com/community/Wifi Docs/WirelessAccessPoint

https://help.ubuntu.com/community/Wifi Docs/MasterMode

http://www.linux.com/feature/55617

https://help.ubuntu.com/8.10/serverguide/C/dns.html

http://www.ibm.com/developerworks/linux/library/l-wap.html