Setting up an access point involves some different steps:
- Setup the access point
- Enable a DHCP server
- Enable IP forwarding and NAT on the host
(pre)
We first need to be sure that the device actually supports being an AP at all. This was discussed before, but comes down to
- Do a lspci -nn | grep -i wireless to find the ID (%4x:%4x) pair of your device.
- Search cateee.net/lkddb/ for this particular ID. In my case the Google search query was "168c 0029" site:cateee.net/lkddb/. If there is a hit, this will allow you to learn which driver to use for your device. If there is no, the device is most probably unsupported.
- Now, look up your driver on this list and see if it supports AP mode.
(Setting up the access point)
For this, we'll be using hostapd. A very simple first configuration is shown below.
interface=wlan0
driver=nl80211
ssid=test
hw_mode=g
channel=1
This should be enough to get things up and running. Save this configuration to /etc/hostapd/hostapd.conf and give it a try afterwards: sudo hostapd /etc/hostapd/hostapd.conf. You should be able to see your freshly created network now on other computers when searching for wireless networks in range. Since we have no DHCP server running yet, it will be a bit harder to connect to it.
(Enable the DHCP server)
Let's keep hostapd running in your terminal and setup the DHCP server. Something like the following should be sufficient for your /etc/dhcp3/dhcpd.conf:
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.111.255;
option routers 192.168.111.151;
option domain-name-servers {YOUR DNS1 HERE},{YOUR DNS2 HERE};
subnet 192.168.111.0 netmask 255.255.255.0 {
range 192.168.111.1 192.168.111.100;
}
Make sure to replace {YOUR DNSx HERE} with the appropriate IP addresses of your DNS servers.
Before starting the DHCP server, we need to set the wlan0 device to the correct IP address. I already assumed that this would be 192.168.111.151. So a simple sudo ifconfig wlan0 192.168.111.151 will do. We can now start the DHCP server: sudo /etc/init.d/dhcp3-server start.
It should now be possible to connect to the new AP and ping the host (192.168.111.151). Browsing the web won't work: the host is still dropping IP packets which have a different destination than its own IP address.
(Setup the routing programme)
To let clients browse the web, the host needs to forward IP packets that are destined to one of the clients instead of just dropping them (default reaction). For this, we first enable IP forwarding in the kernel: sudo sysctl net.ipv4.ip_forward=1, which is saying something to the kernel like "Forward all IP packets towards iptables (which we'll set next)".
I'm using three (copied) iptables rules to enable NAT.
iptables -A FORWARD -i $RECEIVE -o $BROADCAST -s 192.168.111.151/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE
As far as I can understand, the first rule says "Forward packets from the 192.168.111.151/24 subnet that are trying to setup a new connection" (wireless clients are allowed to setup connections). The second rule is short for "Forward packets that are part of an existing connection" (once a connection is setup, both wireless clients and server they are communicating with are allowed to send data). The last rule enables IP masquerading so that packets are actually routed the way the should be.
That's all for now, more fun about this later!
Geen opmerkingen:
Een reactie posten