Ubuntu server wireless access point (eng)


Published on

What is WAP?
Why bother?
Router setup
Setting up NIC
Setting up

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Ubuntu server wireless access point (eng)

  1. 1. Ubuntu Server based WAP (Wireless Access Point)What is WAP? SecurityWhy bother? FirewallRouter setup DHCPSetting up NIC DNSSetting up Resources bridge
  2. 2. What is WAP?In computer networking, a wireless access point (WAP or AP) is a device that connects wireless comm. devices together to form a wireless network. The WAP usually connects to a wired network, and can relay data between wireless devices and wired devices. Several WAPs can link together to form a larger network that allows "roaming". (In contrast, a network where the client devices manage themselves - without the need for any access points - becomes an ad-hoc network.)
  3. 3. Why bother?Cheap consumer WAPs under $100 as a rule has a slow CPU about 150 MHz and low RAM – about 8- 16Mb, this causes low performance on huge traff c i and peer-to-peer traff c, possible glitches, etc. iWith a custom-build Linux based WAP we are getting carrier grade device that could cost up to $1500 retail for under $400 only. It is flexible and customizable. Want a firewall? No problem. Custom routing? NAT? Bridges? VLAN? All easily managed. Custom Web-based configuration, etc. and finally its fun :)
  4. 4. Router setupWe have a box with two wired interfaces eth0 and eth1and one wireless ath0. eth0 is WAN, eth1 and ath0 - LAN
  5. 5. Setting up wireless NICThere are three main operation modes for wireless NICs- Managed, when a NIC is bind to WAP that manages it- Ad-hoc, when a NIC is one level peer-to-peer network- Master, when a NIC acts as WAP to manage others#Wireless Setup at /etc/network/interfacesauto ath0iface ath0 inet manualwireless-mode masterwireless-essid pivotpointwireless-key s:tolik
  6. 6. Setting up bridgeNetwork bridge connects multiple network segments at the data link layer (layer 2) of the OSI model, and the term layer 2 switch is very often used interchangeably with bridges.#Bridge interface at /etc/network/interfacesauto br0iface br0 inet static address network netmask broadcast bridge-ports eth1 ath0
  7. 7. SecurityThere is a number of security algorithms for WAP: WEP-40 and WEP-104 (deprecated), WEP2, WEPplus, Dynamic WEP, LEAP and f nally WPA and i WPA2 (IEEE 802.11i standard). WEPs are very weak and WPA is crackable. To secure wireless network you should use WPA2 in combination with other security approaches like static DHCP(forbidding unknown clients), ACLs, etc.For our simple proof-of-concept project we had used WEP-40 algorithm with the key given as passphrase:#Wireless Setup at /etc/network/interfaceswireless-key s:tolik
  8. 8. FirewallWe need to set up masquerading and forwarding on the WAN interface for our bridged network to allow Internet or Intranet access:iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADEiptables -A FORWARD -s -o eth0 -j ACCEPTiptables -A FORWARD -d -m state --stateESTABLISHED,RELATED -i eth0 -j ACCEPTSave and restore our frewall rules over reboot:#Gateway interface config /etc/network/interfacesauto eth0iface eth0 inet dhcppre-up iptables-restore < /etc/iptables.rulespost-down iptables-save > /etc/iptables.rules
  9. 9. Firewall: Packet forwardingEnable packet forwarding in the kernel (over reboot):# set it in /etc/sysctl.confnet.ipv4.ip_forward = 1Immediately allow the forwarding of packets:echo 1 > /proc/sys/net/ipv4/ip_forward
  10. 10. DHCPA basic 10 machine DHCP server. Nothing fancysudo apt-get install dhcp3-server# Subnet for DHCP Clients /etc/dhcp3/dhcpd.confsubnet netmask { option domain-name-servers; max-lease-time 7200; default-lease-time 600; range; option subnet-mask; option broadcast-address; option routers;}
  11. 11. DNSDomain Name Service (DNS) is an Internet service that maps IP addresses and fully qualifed domain names (FQDN) to one another:zone "home.tolik" { type master; file "/etc/bind/home.tolik.db"; notify no;};zone "1.1.10.in-addr.arpa" { type master; file "/etc/bind/rev.1.1.10.in-addr.arpa";};
  12. 12. DNS:ForwardSetting up the forward zone tolik.home:$TTL 3D@ IN SOA ns.tolik.home.acidumirae.gmail.com. ( 200903231 ; serial, today + # 2H ; refresh, seconds 1H ; retry, seconds 4H ; expire, seconds 1H ) ; minimum, seconds NS ns ; name server MX 10 mail ; Mail Exchangerns A A TXT "Network gateway"mail A
  13. 13. DNS:ReverseSetting up the reverse zone to resolve 10.1.1.*:$TTL 24h; 10.1.1.rev@ IN SOA home.tolikacidumirae@gmail.com ( 2007052500 10800 3600 604800 86400 ) IN NS ns.home.tolik.1 IN PTR gw.home.tolik.
  14. 14. Resourceshttps://help.ubuntu.com/community/Wif Docs/WirelessAccessPoint ihttps://help.ubuntu.com/community/Wif Docs/MasterMode ihttp://www.linux.com/feature/55617https://help.ubuntu.com/8.10/serverguide/C/dns.htmlhttp://www.ibm.com/developerworks/linux/library/l-wap.html