Setting Up a FreeBSD Access Point

Starting with FreeBSD 4.6, the default wireless driver (wi) has support for using the HostAP functionality of Intersil’s Prism cards. The FreeBSD implementation is not as feature rich as the Linux implementation, yet. The HostAP projects in both Linux and FreeBSD development communities have received a great deal of attention. The features available in both implementations will continue to grow and become more robust.

When setting up a FreeBSD access point, it is advisable to start with a stripped down kernel configuration. The custom kernel you build must have the wi device configured. See Section 4.1.1 and Section 4.1.2 in Chapter 4 for a complete discussion on compiling a secure FreeBSD. There should be little difference between a client kernel and an access-point kernel. The principle of least privilege dictates that you should only compile in the features and devices you really need. The more unneeded options in your kernel, the greater the likely of your machine eventually being compromised.

Once you have a properly compiled kernel, configuring HostAP under FreeBSD is straightforward. FreeBSD has unified wireless control commands under the ifconfig utility. HostAP is enabled via a flag passed to ifconfig.

ifconfig in HostAP mode supports the following flags:

interface

The name of the wireless interface to be managed.

ssid ssid

The Service Set Identifier the access point will be identified by. This is the value stations will use to associate to this access point.

stationname name

The name of the station the wireless card is installed in. This is an optional parameter used to identify different access points within an ESSID.

channel number

The number of the channel the AP is to use. Under 802.11b networks governed by FCC regulations, this is a number between 1 and 11.

authmode mode

This is the authentication mode the stations must use when connecting to the access point. Values are none, open, and shared.

wepmode mode

This parameter indicates the method that stations will use WEP to form associations. off will allow the STA to be connected only to the access point as long as it does not use WEP. on forces the STA to use WEP for associations. When set to on, the access point will not allow client associations where the client allows non-WEP associations. mixed mode allows both WEP and non-WEP associations.

weptxkey index

The index is a value between 1 and 4 to indicate which WEP key is to be used for transmissions with the stations.

wepkey key|index:key

This specifies the value of the stored WEP keys. Four different keys can be stored by using index values between 1 and 4. The WEP key is specified as either an ASCII string or a hex value preceded by 0x.

mediaopts hostap

This parameter causes the card to go into HostAP mode and act as an 802.11 access point.

To put the host into HostAP mode with SSID freebsdtest on channel 6 with a WEP key of secrt, issue the following command as root:

ifconfig wi0 ssid freebsdtest channel 6 wepkey 1:secrt weptxkey 1 mediaopts hostap

The options passed to ifconfig can be placed into /etc/rc.conf to cause HostAP mode to take effect at boot time:

ifconfig_wi0="channel 6 wepkey 1:secrt weptxkey 1 mediaopts hostap"

An IP address can be assigned to the wi interface using ifconfig to make the host a layer 3 gateway. However, using FreeBSD’s built in Ethernet bridging functionality, you can make the machine act like a typical bridging access point. The kernel must have Ethernet bridging compiled in. This is accomplished by specifying option BRIDGE to the kernel configuration file.

Once bridging has been enabled, the wired and wireless interfaces must be placed into the bridge configuration:

bash# sysctl net.link.ether.bridge=1
bash# sysctl net.link.ether.bridge_cfg="wi0 <wired interface>"
bash# sysctl net.inet.ip.forwarding=1

Place these commands in a shell script in /usr/local/etc/rc.d if you want the host to always boot as a bridging access point.

Unfortunately, since the FreeBSD HostAP implementation is very new, it is not as feature rich as its Linux counterpart. In particular, MAC address filtering is basically non-existent and there is no solid audit trail to watch. This is likely a temporary shortcoming as the extreme interest in HostAP development should lead to a greatly enhanced feature set in the near term. For the latest on FreeBSD’s HostAP functions, MAC address filtering, and the audit trail, please visit this book’s web site.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.12.161.77