Starting
with FreeBSD 4.6, the default wireless driver (wi
)
has support for using the HostAP
functionality
of Intersil’s Prism cards. The FreeBSD
implementation is not as feature rich as the Linux implementation,
yet. The HostAP
projects in both Linux and
FreeBSD development communities have received a great deal of
attention. The features available in both implementations will
continue to grow and become more robust.
When setting up a FreeBSD access point, it is advisable to start with
a stripped down kernel configuration. The custom kernel you build
must have the wi
device configured. See Section 4.1.1 and Section 4.1.2 in Chapter 4 for a complete discussion on compiling a
secure FreeBSD. There should be little difference between a client
kernel and an access-point kernel. The principle of least privilege
dictates that you should only compile in the features and devices you
really need. The more unneeded options in your kernel, the greater
the likely of your machine eventually being compromised.
Once you have a properly compiled
kernel, configuring HostAP
under FreeBSD is
straightforward. FreeBSD has unified wireless control commands under
the ifconfig
utility.
HostAP
is enabled via a flag passed to
ifconfig
.
ifconfig
in HostAP
mode
supports the following flags:
interface
The name of the wireless interface to be managed.
ssid ssid
The Service Set Identifier the access point will be identified by. This is the value stations will use to associate to this access point.
name
The name of the station the wireless card is installed in. This is an optional parameter used to identify different access points within an ESSID.
number
The number of the channel the AP is to use. Under 802.11b networks governed by FCC regulations, this is a number between 1 and 11.
mode
This is the authentication mode the stations must use when connecting
to the access point. Values are none
,
open
, and shared
.
mode
This parameter indicates the method that stations will use WEP to
form associations. off
will allow the STA to be
connected only to the access point as long as it does not use WEP.
on
forces the STA to use WEP for associations.
When set to on
, the access point will not allow
client associations where the client allows non-WEP associations.
mixed
mode allows both WEP and non-WEP
associations.
index
The index is a value between 1 and 4 to indicate which WEP key is to be used for transmissions with the stations.
key|index:key
This specifies the value of the stored WEP keys. Four different keys
can be stored by using index values between 1 and 4. The WEP key is
specified as either an ASCII string or a hex value preceded by
0x
.
hostap
This parameter causes the card to go into HostAP mode and act as an 802.11 access point.
To put the host into HostAP
mode with SSID
freebsdtest
on channel 6 with a WEP key of
secrt
, issue the following command as root:
ifconfig wi0 ssid freebsdtest channel 6 wepkey 1:secrt weptxkey 1 mediaopts hostap
The options passed to ifconfig
can be placed
into /etc/rc.conf
to cause
HostAP
mode to take effect at boot time:
ifconfig_wi0="channel 6 wepkey 1:secrt weptxkey 1 mediaopts hostap"
An IP address can be assigned to the wi
interface
using ifconfig
to make the host a layer 3
gateway. However, using FreeBSD’s built in Ethernet
bridging functionality, you can make the machine act like a typical
bridging access point. The kernel must have Ethernet bridging
compiled in. This is accomplished by specifying
option
BRIDGE
to the kernel
configuration file.
Once bridging has been enabled, the wired and wireless interfaces must be placed into the bridge configuration:
bash# sysctl net.link.ether.bridge=1 bash# sysctl net.link.ether.bridge_cfg="wi0 <wired interface>" bash# sysctl net.inet.ip.forwarding=1
Place these commands in a shell script in
/usr/local/etc/rc.d
if you want the host to
always boot as a bridging access point.
Unfortunately, since the FreeBSD HostAP
implementation is very new, it is not as feature rich as its Linux
counterpart. In particular, MAC address filtering is basically
non-existent and there is no solid audit trail to watch. This is
likely a temporary shortcoming as the extreme interest in
HostAP
development should lead to a greatly
enhanced feature set in the near term. For the latest on
FreeBSD’s HostAP
functions, MAC
address filtering, and the audit trail, please visit this
book’s web site.
3.12.161.77