Wireless/libnl_Access_Point

We will build an access point under GNU/Linux. This is quite experimental and does not always work. If you are looking for something more stable you can use FreeBSD and this howto or OpenBSD. If you use a Ralink card, be sure to use the 2.6.26 kernel that has been released (not a release candidate) otherwise your computer would freeze (see [1] for more details).

Kernel

First we need to have a recent 2.6.26 kernel. Add this to your /etc/portage/package.keywords (replace x86 by your architecture):

=sys-kernel/vanilla-sources-2.6.26 ~x86

Run the following commands to download the sources of the 2.6.26 kernel:

emerge --sync
emerge -av sys-kernel/vanilla-sources

Then patch the kernel to allow vlan access point modes ([2]) and refresh the symlink that points to the kernel:

cd /usr/src/
cp linux/.config old_config
rm linux
ln -s linux-2.6.26 linux
mv old_config linux/.config
cd linux
wget http://johannes.sipsolutions.net/patches/kernel/all/LATEST/004-allow-ap-vlan-modes.patch
patch -p1 < 004-allow-ap-vlan-modes.patch

If the patch fails to download, browse to the directory LATEST and see if it has been renamed (it changes number in front of it from time to time).

To restore the configuration options of the old kernel, execute:

make oldconfig

Now you will need to install the new kernel.

make && make modules_install

Libnl

Add this to your /etc/portage/package.keywords (replace x86 by your architecture):

dev-libs/libnl ~x86

then type:

emerge -av dev-libs/libnl

Kernel Headers

You need at least the 2.6.26 version of the linux-headers package to be able to use the nl80211 driver in hostapd:

emerge -av ">=sys-kernel/linux-headers-2.6.26"

HostAP

Add this to your /etc/portage/package.keywords (replace x86 by your architecture):

net-wireless/hostapd ~x86

then emerge the newest version 0.6.x version of hostapd (>=0.6.4 since october 2008):

emerge -av =net-wireless/hostapd-0.6.*

Configuration of hostapd

edit the following line of /etc/conf.d/hostapd:

INTERFACES="wlan0"

and make it match your interface name

then edit /etc/conf.d/net and add:

modules_wlan0=( "!iwconfig" "!wpa_supplicant" )
config_wlan0=( "192.168.1.1/24" )

change it to your desired ip address but many routers uses 192.168.1.1 so adding it as is is a good choice

then edit the following lined of your /etc/hostapd/hostapd.conf:

interface=wlan0

change it to your interface

driver=nl80211

be shure this to set nl80211

ssid=gnu_linu_ap

change it to your desired ssid

hw_mode=g

g is a good choice

channel=7

change the channel to a free channel

own_ip_addr=192.168.1.1

change it to the ip address you have chosen before

then link your interface (if you haven't already done this):

cd /etc/init.d/
ln -s net.lo net.wlan0

then start hostapd:

/etc/init.d/hostapd start

you can also add it to be started automatically:

rc-update add hostapd default

DNSmasq

type this command:

emerge -av dnsmasq

remplace /etc/dnsmasq.conf with by the following:

# filter what we send upstream
domain-needed
bogus-priv
filterwin2k
localise-queries

# allow /etc/hosts and dhcp lookups via *.lan
local=/lan/
domain=workgroup
expand-hosts
#resolv-file=/tmp/resolv.conf.auto

dhcp-authoritative
#dhcp-leasefile=/tmp/dhcp.leases

# use /etc/ethers for static hosts; same format as --dhcp-host
# <hwaddr> <ipaddr>
read-ethers

# other useful options:
# default route(s):
dhcp-option=3,192.168.1.1
#    dns server(s):
dhcp-option=6,192.168.1.1

dhcp-range=192.168.1.100,192.168.1.255,255.255.255.0,12h

the file don't need to be explained but read-ethers... read ethers permit you to assign static ip to certain mac address so edit /etc/ethers with entries like this:

00:14:85:11:EF:02 192.168.1.106

and in order to give a dns name to this entry edit /etc/hosts and add an entry like this:

192.168.1.106 Ralink

then in order to start your dnsmasq server at boot you need to run the following command:

/etc/init.d/dnsmasq start

if you want to add it at boot run:

rc-update add dnsmasq default

You can now test the wifi connection with any graphical tool(like NetworkManager in GNU/Linux or even test it with a Microsoft Windows computer). You can even try to ping a website but you will only get his IP and no response. That's because we didn't set up the NAT yet...

Note : In this example, we are using DNSmasq's integrated DHCP server. If you'd like more control over your DHCP configuration, see the DHCP article. In this case, you have to comment the lines dhcp-range and dhcp-authoritative in your dnsmasq.conf

iptables

install iptables if you don't have it:

emerge -av net-firewall/iptables

Run the following script in order to activate NAT and test your setup...

#!/bin/sh
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables  -t  nat  -A  POSTROUTING  -o  ppp0 -j  MASQUERADE
iptables  -A  FORWARD -j  ACCEPT 
iptables -I FORWARD 1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu # /!\run this line only if you have ppp

then if you want to make it permanant:

• inside /etc/sysctl.conf change this line:

net.ipv4.ip_forward = 0

to this line:

net.ipv4.ip_forward = 1

that will activate the ip_forwarding,then run the following commands:

/etc/init.d/iptables save
rc-update add iptables default

then if you don't want to save rules each times you shut down,inside /etc/conf.d/iptables change this line:

SAVE_ON_STOP="yes"

to this line:

SAVE_ON_STOP="no"