Ubuntu server wireless access point (eng)
•
1 like•1,832 views
What is WAP? Why bother? Router setup Setting up NIC Setting up bridge Security Firewall DHCP DNS Resources
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (17)
Similar to Ubuntu server wireless access point (eng)
Similar to Ubuntu server wireless access point (eng) (20)
Recently uploaded
Recently uploaded (20)
Ubuntu server wireless access point (eng)
- 1. Ubuntu Server based WAP (Wireless Access Point) What is WAP? Security Why bother? Firewall Router setup DHCP Setting up NIC DNS Setting up Resources bridge
- 2. What is WAP? In computer networking, a wireless access point (WAP or AP) is a device that connects wireless comm. devices together to form a wireless network. The WAP usually connects to a wired network, and can relay data between wireless devices and wired devices. Several WAPs can link together to form a larger network that allows "roaming". (In contrast, a network where the client devices manage themselves - without the need for any access points - becomes an ad-hoc network.)
- 3. Why bother? Cheap consumer WAPs under $100 as a rule has a slow CPU about 150 MHz and low RAM – about 8- 16Mb, this causes low performance on huge traff c i and peer-to-peer traff c, possible glitches, etc. i With a custom-build Linux based WAP we are getting carrier grade device that could cost up to $1500 retail for under $400 only. It is flexible and customizable. Want a firewall? No problem. Custom routing? NAT? Bridges? VLAN? All easily managed. Custom Web-based configuration, etc. and finally it's fun :)
- 4. Router setup We have a box with two wired interfaces eth0 and eth1 and one wireless ath0. eth0 is WAN, eth1 and ath0 - LAN
- 5. Setting up wireless NIC There are three main operation modes for wireless NICs - Managed, when a NIC is bind to WAP that manages it - Ad-hoc, when a NIC is one level peer-to-peer network - Master, when a NIC acts as WAP to manage others #Wireless Setup at /etc/network/interfaces auto ath0 iface ath0 inet manual wireless-mode master wireless-essid pivotpoint wireless-key s:tolik
- 6. Setting up bridge Network bridge connects multiple network segments at the data link layer (layer 2) of the OSI model, and the term layer 2 switch is very often used interchangeably with bridges. #Bridge interface at /etc/network/interfaces auto br0 iface br0 inet static address 10.1.1.1 network 10.1.1.0 netmask 255.255.255.0 broadcast 10.1.1.255 bridge-ports eth1 ath0
- 7. Security There is a number of security algorithms for WAP: WEP-40 and WEP-104 (deprecated), WEP2, WEPplus, Dynamic WEP, LEAP and f nally WPA and i WPA2 (IEEE 802.11i standard). WEPs are very weak and WPA is crackable. To secure wireless network you should use WPA2 in combination with other security approaches like static DHCP(forbidding unknown clients), ACLs, etc. For our simple proof-of-concept project we had used WEP-40 algorithm with the key given as passphrase: #Wireless Setup at /etc/network/interfaces wireless-key s:tolik
- 8. Firewall We need to set up masquerading and forwarding on the WAN interface for our bridged network to allow Internet or Intranet access: iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE iptables -A FORWARD -s 10.1.1.0/24 -o eth0 -j ACCEPT iptables -A FORWARD -d 10.1.1.0/24 -m state --state ESTABLISHED,RELATED -i eth0 -j ACCEPT Save and restore our frewall rules over reboot: #Gateway interface config /etc/network/interfaces auto eth0 iface eth0 inet dhcp pre-up iptables-restore < /etc/iptables.rules post-down iptables-save > /etc/iptables.rules
- 9. Firewall: Packet forwarding Enable packet forwarding in the kernel (over reboot): # set it in /etc/sysctl.conf net.ipv4.ip_forward = 1 Immediately allow the forwarding of packets: echo 1 > /proc/sys/net/ipv4/ip_forward
- 10. DHCP A basic 10 machine DHCP server. Nothing fancy sudo apt-get install dhcp3-server # Subnet for DHCP Clients /etc/dhcp3/dhcpd.conf subnet 10.1.1.0 netmask 255.255.255.0 { option domain-name-servers 10.1.1.1; max-lease-time 7200; default-lease-time 600; range 10.1.1.50 10.1.1.60; option subnet-mask 255.255.255.0; option broadcast-address 10.1.1.255; option routers 10.1.1.1; }
- 11. DNS Domain Name Service (DNS) is an Internet service that maps IP addresses and fully qualifed domain names (FQDN) to one another: zone "home.tolik" { type master; file "/etc/bind/home.tolik.db"; notify no; }; zone "1.1.10.in-addr.arpa" { type master; file "/etc/bind/rev.1.1.10.in-addr.arpa"; };
- 12. DNS:Forward Setting up the forward zone tolik.home: $TTL 3D @ IN SOA ns.tolik.home. acidumirae.gmail.com. ( 200903231 ; serial, today + # 2H ; refresh, seconds 1H ; retry, seconds 4H ; expire, seconds 1H ) ; minimum, seconds NS ns ; name server MX 10 mail ; Mail Exchanger ns A 10.1.1.1 gw A 10.1.1.1 TXT "Network gateway" mail A 10.1.1.1
- 13. DNS:Reverse Setting up the reverse zone to resolve 10.1.1.*: $TTL 24h ; 10.1.1.rev @ IN SOA home.tolik acidumirae@gmail.com ( 2007052500 10800 3600 604800 86400 ) IN NS ns.home.tolik. 1 IN PTR gw.home.tolik.
- 14. Resources https://help.ubuntu.com/community/Wif Docs/WirelessAccessPoint i https://help.ubuntu.com/community/Wif Docs/MasterMode i http://www.linux.com/feature/55617 https://help.ubuntu.com/8.10/serverguide/C/dns.html http://www.ibm.com/developerworks/linux/library/l-wap.html