Wireless/libnl_Access_Point
We will build an access point under GNU/Linux. This is quite experimental and does not always work. If you are looking for something more stable you can use FreeBSD and this howto or OpenBSD. If you use a Ralink card, be sure to use the 2.6.26 kernel that has been released (not a release candidate) otherwise your computer would freeze (see [1] for more details).
Contents |
Kernel
First we need to have a recent 2.6.26 kernel. Add this to your /etc/portage/package.keywords (replace x86 by your architecture):
=sys-kernel/vanilla-sources-2.6.26 ~x86
Run the following commands to download the sources of the 2.6.26 kernel:
emerge --sync emerge -av sys-kernel/vanilla-sources
Then patch the kernel to allow vlan access point modes ([2]) and refresh the symlink that points to the kernel:
cd /usr/src/ cp linux/.config old_config rm linux ln -s linux-2.6.26 linux mv old_config linux/.config cd linux wget http://johannes.sipsolutions.net/patches/kernel/all/LATEST/004-allow-ap-vlan-modes.patch patch -p1 < 004-allow-ap-vlan-modes.patch
If the patch fails to download, browse to the directory LATEST and see if it has been renamed (it changes number in front of it from time to time).
To restore the configuration options of the old kernel, execute:
make oldconfig
Now you will need to install the new kernel.
make && make modules_install
Libnl
Add this to your /etc/portage/package.keywords (replace x86 by your architecture):
dev-libs/libnl ~x86
then type:
emerge -av dev-libs/libnl
Kernel Headers
You need at least the 2.6.26 version of the linux-headers package to be able to use the nl80211 driver in hostapd:
emerge -av ">=sys-kernel/linux-headers-2.6.26"
HostAP
Add this to your /etc/portage/package.keywords (replace x86 by your architecture):
net-wireless/hostapd ~x86
then emerge the newest version 0.6.x version of hostapd (>=0.6.4 since october 2008):
emerge -av =net-wireless/hostapd-0.6.*
Configuration of hostapd
edit the following line of /etc/conf.d/hostapd:
INTERFACES="wlan0"
and make it match your interface name
then edit /etc/conf.d/net and add:
modules_wlan0=( "!iwconfig" "!wpa_supplicant" ) config_wlan0=( "192.168.1.1/24" )
change it to your desired ip address but many routers uses 192.168.1.1 so adding it as is is a good choice
then edit the following lined of your /etc/hostapd/hostapd.conf:
interface=wlan0
change it to your interface
driver=nl80211
be shure this to set nl80211
ssid=gnu_linu_ap
change it to your desired ssid
hw_mode=g
g is a good choice
channel=7
change the channel to a free channel
own_ip_addr=192.168.1.1
change it to the ip address you have chosen before
then link your interface (if you haven't already done this):
cd /etc/init.d/ ln -s net.lo net.wlan0
then start hostapd:
/etc/init.d/hostapd start
you can also add it to be started automatically:
rc-update add hostapd default
DNSmasq
type this command:
emerge -av dnsmasq
remplace /etc/dnsmasq.conf with by the following:
# filter what we send upstream domain-needed bogus-priv filterwin2k localise-queries # allow /etc/hosts and dhcp lookups via *.lan local=/lan/ domain=workgroup expand-hosts #resolv-file=/tmp/resolv.conf.auto dhcp-authoritative #dhcp-leasefile=/tmp/dhcp.leases # use /etc/ethers for static hosts; same format as --dhcp-host # <hwaddr> <ipaddr> read-ethers # other useful options: # default route(s): dhcp-option=3,192.168.1.1 # dns server(s): dhcp-option=6,192.168.1.1
dhcp-range=192.168.1.100,192.168.1.255,255.255.255.0,12h
the file don't need to be explained but read-ethers... read ethers permit you to assign static ip to certain mac address so edit /etc/ethers with entries like this:
00:14:85:11:EF:02 192.168.1.106
and in order to give a dns name to this entry edit /etc/hosts and add an entry like this:
192.168.1.106 Ralink
then in order to start your dnsmasq server at boot you need to run the following command:
/etc/init.d/dnsmasq start
if you want to add it at boot run:
rc-update add dnsmasq default
You can now test the wifi connection with any graphical tool(like NetworkManager in GNU/Linux or even test it with a Microsoft Windows computer). You can even try to ping a website but you will only get his IP and no response. That's because we didn't set up the NAT yet...
Note : In this example, we are using DNSmasq's integrated DHCP server. If you'd like more control over your DHCP configuration, see the DHCP article. In this case, you have to comment the lines dhcp-range and dhcp-authoritative in your dnsmasq.conf
iptables
install iptables if you don't have it:
emerge -av net-firewall/iptables
Run the following script in order to activate NAT and test your setup...
#!/bin/sh echo "1" > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE iptables -A FORWARD -j ACCEPT iptables -I FORWARD 1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu # /!\run this line only if you have ppp
then if you want to make it permanant:
- inside /etc/sysctl.conf change this line:
net.ipv4.ip_forward = 0
to this line:
net.ipv4.ip_forward = 1
that will activate the ip_forwarding,then run the following commands:
/etc/init.d/iptables save rc-update add iptables default
then if you don't want to save rules each times you shut down,inside /etc/conf.d/iptables change this line:
SAVE_ON_STOP="yes"
to this line:
SAVE_ON_STOP="no"