Setting Up a Linux Access Point

Firmware devices are not the only machines that can serve as an access point. There is an 802.11 access point driver for Linux called HostAP. HostAP provides all of the standard access point functionality but you have the added benefit of a general-purpose operating system to allow you to create unique network architectures and security policies.

HostAP is designed to run on wireless cards that use Intersil’s Prism chipset Version 2, 2.5, or 3. Cards based on this chipset include the D-Link DWL650, Netgear MA401, Compaq WL100, and the Linksys WMP11. Intersil, to date, is the only vendor to have released their radio specification to open source developers. It is possible that the HostAP driver will be ported to run on other chipsets in the future, so check the HostAP web site (http://hostap.epitest.fi) for equipment requirements. Most wireless cards on the market today do not specify the chipset used to drive the card. Check your vendor’s web site or online lists of cards and their chipsets such as http://www.personaltelco.net/index.cgi/Prism2Card.

Installation of HostAP

In order to install HostAP, you will need a custom-built Linux 2.4 kernel and the kernel source code available. See Section 5.2.1 for information on compiling your own kernel. If you are using the pcmcia-cs package, you will need its source code. You will also need to download the latest HostAP source code from http://hostap.epitest.fi.

Read the instructions that come with the distribution to determine how to install the HostAP driver. There are many different ways, and they all require your kernel to be compiled differently depending on the option you choose. You can compile HostAP as a loadable module for your existing kernel, as a replacement for the Prism drivers in the pcmcia-cs package, or as a replacement for your PLX drivers if you are using a PLX PCI-PCMCIA bridge. PLX bridges are common in desktop PCs that have PCMCIA card slots in them. They are very uncommon in laptops.

Once you get the HostAP driver installed per the instructions, your access point will appear as a wlan device:

bash# ifconfig wlan0
wlan0     Link encap:Ethernet  HWaddr 00:04:E2:36:68:02
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:597 errors:0 dropped:1720 overruns:0 frame:0
          TX packets:110440 errors:10 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:7492 (7.3 Kb)  TX bytes:9070827 (8.6 Mb)
          Interrupt:3 Base address:0x2880

You cannot assign an IP address to the wlan device. However, you can create an Ethernet bridge to pass traffic between a wired network and a wireless network as a firmware access point would. Once you have created the bridge group, you can also assign an IP address to the bridge interface. This IP address will be accessible from both the wired and wireless networks.

You must have Ethernet bridging support compiled into your kernel:

CONFIG_BRIDGE=y

Once bridging support is compiled in, you may need to download the Ethernet bridging tools if they were not distributed with your core operating system. These tools can be obtained from http://bridge.sourceforge.net/. The tools have both a binary and a source distribution. Install whichever suits your needs.

The brctl command is used to control the activities of the bridge groups on the host. In order to bridge between the wired and wireless networks, you must first create the bridge group, then assign both interfaces to the group. Once that is done, you need to remove any existing IP address assignments and assign the address to the bridge interface. The following shell script can be run at startup to configure your access point to be a wired to wireless bridge:

#!/bin/sh
PATH=/usr/sbin:/sbin:/bin
# Check to see if bridge group 0 is already configured
ifconfig br0
if [ $? -ne 0 ]; then
     brctl addbr br0
     brctl addif br0 eth0
     brctl addif br0 wlan0
     ifconfig eth0 0.0.0.0
     ifconfig wlan0 0.0.0.0
     ifconfig br0 192.168.1.102 up
else
     echo "Bridge Group 0 already configured"
     exit 1;
fi
exit 0;

You should now be able to ping the bridge interface. Now you need to configure the access points wireless parameters. The HostAP driver is controlled by the iwcontrol and iwpriv commands. The following iwcontrol commands manipulate the HostAP driver in a similar manner to the methods documented in Section 5.2.4, however in this case, they are configuring the access point for use by clients rather than configuring the client.

interface

This is the name of the interface to be configured. Typically, this value will be something like wlan0. If iwconfig is passed the interface name only and no other configuration parameters, it will return the current configuration of the wireless interface.

essid essid

This is the name of the Extended Service Set ID (ESSID) to create. This will be the value that stations will enter when prompted for their ESSID.

nwid nwid

This is the network ID. A network ID is a mechanism used to identify particular access points within an SSID. Many access points may have the same SSID and therefore provide service to the same network.

freq channel

This is the channel the access point will use to communicate with stations. The 802.11b PHY specification describes channels in the 2.4 GHz ISM band for use by 802.11b radios. In the U.S., there are 11 usable channels, while European countries have 14. The client must specify the same channel as the access point in order to be able to communicate with it.

key [wepkey] [index]

This flag controls all the WEP configuration options. The WEP key may be entered as hex (e.g., 0123-4567-89) or ASCII pre-pended with s: (e.g., s:secrt). Multiple keys can be entered and referenced by specifying an index value between 0 and 3.

For example, to set your HostAP driver to an ESSID of linuxtest running on channel 6 using WEP key secrt, issue the following command as root:

iwconfig wlan0 essid linuxtest freq 6 key s:secrt

These are not all of the commands supported by iwcontrol. See the documentation with the HostAP driver for more details.

The iwpriv tool is used to configure the portions of the access point that are not handled by iwconfig. The following are options that can be passed to iwpriv:

interface monitor value

This command controls the drivers’ ability to snoop raw 802.11 frames. A value of 2 will sniff all 802.11 frames and allow user space programs to grab them. A value of 3 will grab all data received by the Prism chipset as well as all 802.11 frames and allow user space access. A value of 0 is normal, non-promiscuous access.

interface maccmd value

This sets the policy for the HostAP MAC address filtering. A value of 0 will allow all MAC addresses to connection, 1 will allow only listed MAC addresses to connect, and 2 will allow all MAC address but the ones listed to connect. A value or 3 will flush the existing MAC ACL, and 4 will disassociate all associated stations.

interface addmac MAC addr

This command will add the specified MAC address to the MAC ACL. The MAC address should be listed as a colon-separated list of hexadecimal bytes (i.e.,: 12:34:56:78:9a:bc)

interface delmac MAC addr

This will remove the specified MAC address from the MAC ACL.

interface kickmac MAC addr

This will deassociate the specified MAC address from the network.

This is not an exhaustive list of commands that are handled by iwpriv. See the HostAP documentation for all possible options.

Once you have the HostAP driver configured as desired, there are various ways you can monitor the operations of the access point. The HostAP driver will provide information in the /proc/net and /proc/net/prism2 directories. Using a tool such as tkined lets you monitor the contents of the files below and alarm on critical conditions such as excessive error rates or changes in core configurations. The following options allow you to monitor your files:

/proc/net/prism2/ interface/MAC address

There is an entry in the prism2 directory for every associated MAC address. Each entry contains information regarding each station including supported bit rates, number of bytes transferred, signal levels, when the last association was, when the last authentication was, and when the last packet was received.

/proc/net/prism2/ interface/ap_control

This file contains the MAC ACL policy type as well as the current MAC addresses listed in the ACL. These MAC addresses can be modified by iwpriv.

/proc/net/prism2/ interface/ ap_control

This file contains statistics about frames the access point has sent or received. This data includes the number of sent and received unicast packets, the number of excessive retries, undecryptable packets, and general discards.

The Linux HostAP driver provides a great deal of access-point functionality while continuing to offer all the flexibility of Linux. You can turn your access point into your network’s IP gateway as well. For information on how to set up Linux gateways, see Chapter 11.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.222.69.152