LEAF to the Rescue
In Chapter 9, we reviewed how to configure a LEAF Bering distribution. With what we've learned so far in this chapter, we can take our Bering box to the next level. What follows are instructions for how to configure your Bering machine to use hostAP. We will assume that you are familiar with the basic instructions, as described in Chapter 9.
As you are following these instructions, keep in mind that your particular installation may be different. We are going to walk through these instructions assuming that you are using a wired Ethernet NIC for your Internet connection and a PCMCIA Prism card for your wireless connection. This kind of installation requires the use of hostap_cs.o. If you are using a PCI card for your WLAN NIC (a pure PCI card—not an adapter), you can use hostap_pci.o. If you have a PCI to PCMCIA adapter (based on the Ricoh chipset), you can use hostap_pcx.o.
First, create a two-disk Bering distribution using the instructions in Chapter 9. Your first disk should contain initrd.lrp, ldlinux.sys, linux, syslinux.cfg, and syslinux.dpy.
By default, your second disk will contain bridge.lrp, dhcpd.lrp, dnscache.lrp, etc.lrp, iptables.lrp, keyboard.lrp, local.lrp, log.lrp, modules.lrp, ppp.lrp, pppoe.lrp, pump.lrp, readme, root.lrp, shorwall.lrp, ulogd.lrp, and weblet.lrp
Next we must fetch the files we will need for this process and put them on Disk 2. First grab some packages from http://leaf.sourceforge.net/devel/jnilo/bering/1.1/packages/. (Keep in mind that you should replace 1.1 in the path with your version number, if you are not running 1.1.) You will need pcmcia.lrp, libm.lrp, wireless.lrp, and wireutil.lrp.
Next, go to http://leaf.sourceforge.net/devel/jnilo/bering/1.1/modules/2.4.20/ and download net/hostap.o, net/hostap_crypt.o, net/hostap_crypt_wep.o, net/hostap_pci.o, net/hostap_pcx.o, and pcmcia/hostap_cs.o. and place them on Disk 2.
Be sure to grab any necessary files for your particular Ethernet card. In my case, I am using an EtherExpressPro 10/100, so I will use the mii.o and eepro100.o files already on the default distribution. If you are using a RealTek card, you may need rtl8139.o and pci-scan.o.
One other file you will need is the hostap_cs.conf file. If you grabbed the latest hostAP tarball from http://hostap.epitest.fi/ and untarred it to a directory of your choice, you can find this file in driver/etc/. One minor detail you will need to change is this: Open the file in a text editor and you will notice that the 2nd line reads:
class "network" module "hostap_cs"
You need to modify it to read:
class "network" module "hostap_crypt", "hostap_crypt_wep", "hostap", "hostap_cs"
(Note that this should all be on one line, not split over two lines.)
Before you start, you need to edit syslinux.cfg on Disk 1. Line 1 can be left unmodified (“display syslinux.dpy”). Line 2 can also be left alone (“timeout 0”). Line 3, however, needs to be modified as follows:
default linux initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 boot=/dev/fd0u1680:msdosdiskwait=yes PKGPATH=/dev/ fd0u1680 LRP=root,etc,local,modules,iptables,pump,keyboard, shorwall,ulogd,dnscache,weblet
Note that this needs to appear as a single line in the syslinux.cfg file. (Do not split across multiple lines.)
After booting Bering, here are the steps you need to take:
At the login prompt, type root. You will be taken to the LEAF configuration menu. Type q to quit and get to the shell. First, mount the floppy drive with this command:
mount –t msdos /dev/fd0u1680 /mnt
Take a look at the floppy drive contents by typing:
cd /mnt ls –la | more
Next, we need to copy over some files. Note that the 8.3 naming convention of the msdos file system may have messed up some of the filenames. Use the file size as a guide to figure out which file is which and modify these commands accordingly. Make sure that you rename the files to their original filename when they are placed on the Bering machine. (In other words, don't leave any files with names like hostap~1.o.) You can use the command mv oldname newname to change a filename.
When I type ls –la /mnt/h*, I get the following files:
hof2bf~1.o (which is really hostap_plx.o)
hostap.o (which is hostap.o)
hostap~1.o (which is really hostap_cs.o)
hostap~2.o (which is really hostap_crypt.o)
hostap~3.o (which is really hostap_crypt_wep.o)
hostap~4.o (which is really hostap_pci.o)
I determined which file is which by looking at the file sizes. (You should repeat this process by typing dir a: from a MS-DOS prompt on a Windows machine and look at the file sizes with their names.) Now, I can copy them all with this command:
cp /mnt/*.o /lib/modules/pcmcia
Then, change the filenames, with these commands:
cd /lib/modules/pcmcia mv hof2bf~1.o hostap_plx.o mv hostap~1.o hostap_cs.o mv hostap~2.o hostap_crypt.o mv hostap~3.o hostap_crypt_wep.o mv hostap~4.o hostap_pci.o
Also, we need to copy the hostap_cs.conf file into /etc/pcmcia. In my test, the file in /mnt (on the floppy disk) was listed as hostap~1.con, so when I copy the file, I will also rename it appropriately with this command:
cp /mnt/hostap~1.con /etc/pcmcia/hostap_cs.conf
Okay, we're done copying files, now you can return to the LEAF configuration menu by typing lrcfg.
First, let's configure our wired Ethernet device. Select 3) Packages configuration (by typing 3 and pressing Enter), then 3) modules, then 1) modules—kernel modules to load at boot. In my case, I am configuring an EtherExpressPro 10/100, so I will uncomment mii and eepro100. Press Control+S to save and Control+Q to quit. Type q twice to return to the LEAF configuration menu. From there, select 1) Network configuration, then 1) interfaces file. Look for Step 2, where you configure the internal interface (just scroll down through the file). By default, it will look like this:
auto eth1 iface eth1 inet static address 192.168.1.254 masklen 24 broadcast 192.168.1.255
You will want to make a few changes. First, comment out the first line (auto eth1). It should read: #auto eth1. Next, change eth1 to wlan0 in the second line. It should read: iface wlan0 inet static. Then, add the following, after the broadcast line:
up /sbin/iwconfig wlan0 essid firewall && /sbin/iwconfig wlan0 channel 11
Note that this is where you can configure your own SSID and channel. Press Control+S to save and Control+Q to exit.
Type q once to return to the LEAF configuration menu. From there, type 3 to go to the Packages configuration. Select shorwall. Select Ifaces (Option 3). Scroll to the bottom of the file and you will see the zones defined. The loc zone will be defined with interface eth1 by default. Change eth1 to wlan0. Press Control+S to save and Control+Q to exit.
You should still be in the shorwall configuration files screen. Select Masq: Internal MASQ Server Configuration (Option 8). If you scroll to the bottom of the file, you will see a line where the Interface is eth0 and the subnet is eth1. Again, you need to replace eth1, but this time use the subnet 192.168.1.0/24 to replace eth1 in the subnet column. Press Control+S to save and Control+Q to exit. Select q twice to return to the LEAF configuration menu.
Keep in mind that LEAF is an open, extensible platform. You can now add various packages (like DHCP servers, IPSEC, etc). Visit http://leaf.sourceforge.net for more information.
Don't Forget the Backups!
Don't forget to back up your packages. If you forget this step and then reboot, all your changes will be lost! From the LEAF configuration menu, select b) Back up a package and back up these packages: pcmcia, modules, etc, shorwall.