• Like
  • Save
Ubuntu server wireless access point (eng)
Upcoming SlideShare
Loading in...5
×
 

Ubuntu server wireless access point (eng)

on

  • 1,559 views

What is WAP?

What is WAP?
Why bother?
Router setup
Setting up NIC
Setting up
bridge
Security
Firewall
DHCP
DNS
Resources

Statistics

Views

Total Views
1,559
Views on SlideShare
1,559
Embed Views
0

Actions

Likes
0
Downloads
9
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Ubuntu server wireless access point (eng) Ubuntu server wireless access point (eng) Presentation Transcript

    • Ubuntu Server based WAP (Wireless Access Point)What is WAP? SecurityWhy bother? FirewallRouter setup DHCPSetting up NIC DNSSetting up Resources bridge
    • What is WAP?In computer networking, a wireless access point (WAP or AP) is a device that connects wireless comm. devices together to form a wireless network. The WAP usually connects to a wired network, and can relay data between wireless devices and wired devices. Several WAPs can link together to form a larger network that allows "roaming". (In contrast, a network where the client devices manage themselves - without the need for any access points - becomes an ad-hoc network.)
    • Why bother?Cheap consumer WAPs under $100 as a rule has a slow CPU about 150 MHz and low RAM – about 8- 16Mb, this causes low performance on huge traff c i and peer-to-peer traff c, possible glitches, etc. iWith a custom-build Linux based WAP we are getting carrier grade device that could cost up to $1500 retail for under $400 only. It is flexible and customizable. Want a firewall? No problem. Custom routing? NAT? Bridges? VLAN? All easily managed. Custom Web-based configuration, etc. and finally its fun :)
    • Router setupWe have a box with two wired interfaces eth0 and eth1and one wireless ath0. eth0 is WAN, eth1 and ath0 - LAN
    • Setting up wireless NICThere are three main operation modes for wireless NICs- Managed, when a NIC is bind to WAP that manages it- Ad-hoc, when a NIC is one level peer-to-peer network- Master, when a NIC acts as WAP to manage others#Wireless Setup at /etc/network/interfacesauto ath0iface ath0 inet manualwireless-mode masterwireless-essid pivotpointwireless-key s:tolik
    • Setting up bridgeNetwork bridge connects multiple network segments at the data link layer (layer 2) of the OSI model, and the term layer 2 switch is very often used interchangeably with bridges.#Bridge interface at /etc/network/interfacesauto br0iface br0 inet static address 10.1.1.1 network 10.1.1.0 netmask 255.255.255.0 broadcast 10.1.1.255 bridge-ports eth1 ath0
    • SecurityThere is a number of security algorithms for WAP: WEP-40 and WEP-104 (deprecated), WEP2, WEPplus, Dynamic WEP, LEAP and f nally WPA and i WPA2 (IEEE 802.11i standard). WEPs are very weak and WPA is crackable. To secure wireless network you should use WPA2 in combination with other security approaches like static DHCP(forbidding unknown clients), ACLs, etc.For our simple proof-of-concept project we had used WEP-40 algorithm with the key given as passphrase:#Wireless Setup at /etc/network/interfaceswireless-key s:tolik
    • FirewallWe need to set up masquerading and forwarding on the WAN interface for our bridged network to allow Internet or Intranet access:iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADEiptables -A FORWARD -s 10.1.1.0/24 -o eth0 -j ACCEPTiptables -A FORWARD -d 10.1.1.0/24 -m state --stateESTABLISHED,RELATED -i eth0 -j ACCEPTSave and restore our frewall rules over reboot:#Gateway interface config /etc/network/interfacesauto eth0iface eth0 inet dhcppre-up iptables-restore < /etc/iptables.rulespost-down iptables-save > /etc/iptables.rules
    • Firewall: Packet forwardingEnable packet forwarding in the kernel (over reboot):# set it in /etc/sysctl.confnet.ipv4.ip_forward = 1Immediately allow the forwarding of packets:echo 1 > /proc/sys/net/ipv4/ip_forward
    • DHCPA basic 10 machine DHCP server. Nothing fancysudo apt-get install dhcp3-server# Subnet for DHCP Clients /etc/dhcp3/dhcpd.confsubnet 10.1.1.0 netmask 255.255.255.0 { option domain-name-servers 10.1.1.1; max-lease-time 7200; default-lease-time 600; range 10.1.1.50 10.1.1.60; option subnet-mask 255.255.255.0; option broadcast-address 10.1.1.255; option routers 10.1.1.1;}
    • DNSDomain Name Service (DNS) is an Internet service that maps IP addresses and fully qualifed domain names (FQDN) to one another:zone "home.tolik" { type master; file "/etc/bind/home.tolik.db"; notify no;};zone "1.1.10.in-addr.arpa" { type master; file "/etc/bind/rev.1.1.10.in-addr.arpa";};
    • DNS:ForwardSetting up the forward zone tolik.home:$TTL 3D@ IN SOA ns.tolik.home.acidumirae.gmail.com. ( 200903231 ; serial, today + # 2H ; refresh, seconds 1H ; retry, seconds 4H ; expire, seconds 1H ) ; minimum, seconds NS ns ; name server MX 10 mail ; Mail Exchangerns A 10.1.1.1gw A 10.1.1.1 TXT "Network gateway"mail A 10.1.1.1
    • DNS:ReverseSetting up the reverse zone to resolve 10.1.1.*:$TTL 24h; 10.1.1.rev@ IN SOA home.tolikacidumirae@gmail.com ( 2007052500 10800 3600 604800 86400 ) IN NS ns.home.tolik.1 IN PTR gw.home.tolik.
    • Resourceshttps://help.ubuntu.com/community/Wif Docs/WirelessAccessPoint ihttps://help.ubuntu.com/community/Wif Docs/MasterMode ihttp://www.linux.com/feature/55617https://help.ubuntu.com/8.10/serverguide/C/dns.htmlhttp://www.ibm.com/developerworks/linux/library/l-wap.html