特殊:Badtitle/NS100:WifiDocs/WirelessAccessPoint:修订间差异

来自Ubuntu中文
跳到导航跳到搜索
Wikibot留言 | 贡献
无编辑摘要
Wikibot留言 | 贡献
无编辑摘要
 
第125行: 第125行:
Immediately allow the forwarding of packets. The configuration is not preserved on reboot but sets a flag in the kernel itself.
Immediately allow the forwarding of packets. The configuration is not preserved on reboot but sets a flag in the kernel itself.
<pre><nowiki>
<pre><nowiki>
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
</nowiki></pre>
</nowiki></pre>
Test the current setting of the kernel:
Test the current setting of the kernel:
第154行: 第154行:
}
}
</nowiki></pre>
</nowiki></pre>
NOTE: If a DNS server (bind9) hasn't been installed change "option domain-name-servers 10.1.1.1" to the IP address of the DNS Server provided by your isp.
NOTE: If a DNS server (bind9) hasn't been installed change "option domain-name-servers 10.1.1.1" to the IP address of the DNS Server provided by your ISP or, even better, to a public DNS server such as those offered by Google: 8.8.8.8 or 8.8.4.4.
You also need to edit /etc/default/dhcp file to specify the interfaces dhcpd should listen to. By default it listens to eth0. We need to only have it listen to our local NIC {br0}
You also need to edit /etc/default/dhcp file to specify the interfaces dhcpd should listen to. By default it listens to eth0. We need to only have it listen to our local NIC {br0}
<pre><nowiki>
<pre><nowiki>
第216行: 第216行:
Store in a cool dry place.
Store in a cool dry place.
=== Port Forwarding ===
=== Port Forwarding ===
Port forwarding (sometimes referred to as tunneling) is the act of forwarding a network port from one network node to another. This technique can allow an external user to reach a port on a private IP address (inside a LAN) from the outside via a NAT-enabled router. Modern Linux machines achieve this by adding iptables rules to the nat table: with target DNAT to the PREROUTING chain, and/or with target SNAT in the POSTROUTING chain.
Port forwarding (sometimes referred to as tunneling) is the act of forwarding a network port from one network node to another. This technique can allow an external user [http://essaywritingservices.org/book-report.php buy reports] to reach a port on a private IP address (inside a LAN) from the outside via a NAT-enabled router. Modern Linux machines achieve this by adding iptables rules to the nat table: with target DNAT to the PREROUTING chain, and/or with target SNAT in the POSTROUTING chain.
Port forwaring can be tricky to setup, some setup options are:
Port forwaring can be tricky to setup, some setup options are:
* iptables/ufw
* iptables/ufw
第231行: 第231行:
* Others
* Others
=== Other articles on the subject ===
=== Other articles on the subject ===
There is a similar, but more specific guide on how to setup a Ubuntu access point using MadWifi drivers and hostapd written by [http://robin.smidsrod.no/ Robin Smidsrød] available. It focuses on setting up just the wireless AP, with the necessary bridging and hostapd configuration.
There is a similar, but more specific guide on how to setup a Ubuntu access point using MadWifi drivers and hostapd [http://cvresumewriters.com/onlineresume.php certified resume writers] written by [http://robin.smidsrod.no/ Robin Smidsrød] available. It focuses on setting up just the wireless AP, with the necessary bridging and hostapd configuration.
[http://blog.robin.smidsrod.no/index.php/2008/08/08/how_to_setup_an_atheros_based_access_poi How to setup an Atheros-based Access Point with WPA-PSK on Ubuntu 8.04 server]
[http://blog.robin.smidsrod.no/index.php/2008/08/08/how_to_setup_an_atheros_based_access_poi How to setup an Atheros-based Access Point with WPA-PSK on Ubuntu 8.04 server]
----
----

2010年5月20日 (四) 00:58的最新版本

{{#ifexist: :WifiDocs/WirelessAccessPoint/zh | | {{#ifexist: WifiDocs/WirelessAccessPoint/zh | | {{#ifeq: {{#titleparts:WifiDocs/WirelessAccessPoint|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:WifiDocs/WirelessAccessPoint|1|-1|}} | zh | | }}

Introduction

In computer networking, a wireless access point (WAP or AP) is a device that connects wireless communication devices together to form a wireless network. The WAP usually connects to a wired network, and can relay data between wireless devices and wired devices. Several WAPs can link together to form a larger network that allows "roaming". (In contrast, a network where the client devices manage themselves - without the need for any access points - becomes an ad-hoc network.) WAPs have IP addresses for configuration.

Purpose of this Document

To create a working wireless linux access point.

Setting up a Wifi Adapter to support "master mode"

To create an Access Point you need to find a wifi card/adaptor that supports master mode see: Select and install wifi adaptor that supports master mode

Router Setup

  • Tested on Ubuntu server 7.10
  • First off you will need a spare machine
  • Some NICs and a lot of patience.
  • Working knowledge of nano and the console
  • SSH - optional but highly recommended
  • putty - remote console
  • WinSCP - remote file transfer
  • Hardware configuration for this Wireless Access Point

WirelessAccessPoint?action=AttachFile&do=get&target=WirelessAccessPointSetup.jpg Note: This diagram was created with inkscape. If you want to edit it download the full file `network.svg` from: More Actions->Attachments

Initial

Choose software to install:

[*] DNS server [*] OpenSSH server

Become root

Many files can only be changed with root user. To become root, enter command

sudo -i

Update installation

apt-get update
apt-get upgrade

Post install software

To install DNS server and SSH Server after an ubuntu installation use the command:

tasksel

Modules/Drivers

Check interface modules (drivers) are loaded correctly. Ethernet cards are usually installed automatically when ubuntu is installed. Wireless adaptors are more likely to meed a manual install. See [[UbuntuHelp:[Adapter|Wifi Adapter's]]] or Wireless TroubleShooting Guide and WiFi TroubleShooting

SSH Connection

Assuming that your ubuntu box is connected to your ADSL router/DHCP server you will need to find your IP address of your ubuntu box so you can connect with putty

ifconfig

On your windows machine install putty. Type in your ubuntu IP address into putty then connect. You can now cut and paste the following the commands. If you want to transfer files use WinSCP.

Setup the Network

3 interface setup eth0 is the WAN interface (gateway) eth1 is the LAN interface ath0 is the wireless card br0 is the bridged connection of ath0 and eth2 Setup bridging

sudo apt-get install bridge-utils

Then edit the network config

sudo nano /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

#Gateway -
auto eth0
iface eth0 inet dhcp
pre-up iptables-restore < /etc/iptables.rules
post-down iptables-save > /etc/iptables.rules

#Wireless Setup
auto ath0
iface ath0 inet manual
wireless-mode master
wireless-essid pivotpoint

#Bridge interface
auto br0
iface br0 inet static
    address 10.1.1.1
    network 10.1.1.0
    netmask 255.255.255.0
    broadcast 10.1.1.255
    bridge-ports eth1 ath0

Firewall

Iptables

run these commands: NOTE: ETH0 is the gateway interface.

sudo iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -s 10.1.1.0/24 -o eth0 -j ACCEPT
sudo iptables -A FORWARD -d 10.1.1.0/24 -m conntrack --ctstate ESTABLISHED,RELATED -i eth0 -j ACCEPT

for logging add:

sudo iptables -A INPUT -m conntrack --ctstate NEW -p tcp --dport 80 -j LOG --log-prefix "NEW_HTTP_CONN: "

The above log will also appear in /var/log/messages, /var/log/syslog, and /var/log/kern.log. save to /etc/iptables.rules

sudo sh -c "iptables-save > /etc/iptables.rules"

NOTE: This is a basic setup that only routes NAT packets. Please read up on firewalling to protect your machine.

Packet Forwarding

Enable packet forwarding in the Kernel

sudo nano /etc/sysctl.conf

Add the following line

net.ipv4.ip_forward = 1

NOTE: Uncommenting the line "enable packet forwarding for IPv4" doesn't seem to work

Diagnostic tools

Immediately allow the forwarding of packets. The configuration is not preserved on reboot but sets a flag in the kernel itself.

echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

Test the current setting of the kernel:

cat /proc/sys/net/ipv4/ip_forward

Note: The /proc directory is NOT on your hard drive but is present in the running kernel.

DHCP Server Setup

A basic 10 machine DHCP server. Nothin' fancy Install DHCP server:

sudo apt-get install dhcp3-server

Config the server:

sudo nano /etc/dhcp3/dhcpd.conf
# Subnet for DHCP Clients
subnet 10.1.1.0 netmask 255.255.255.0 {
        option domain-name-servers 10.1.1.1;
	max-lease-time 7200;
	default-lease-time 600;
	range 10.1.1.50 10.1.1.60;
	option subnet-mask 255.255.255.0;
	option broadcast-address 10.1.1.255;
	option routers 10.1.1.1;
	}

NOTE: If a DNS server (bind9) hasn't been installed change "option domain-name-servers 10.1.1.1" to the IP address of the DNS Server provided by your ISP or, even better, to a public DNS server such as those offered by Google: 8.8.8.8 or 8.8.4.4. You also need to edit /etc/default/dhcp file to specify the interfaces dhcpd should listen to. By default it listens to eth0. We need to only have it listen to our local NIC {br0}

sudo nano /etc/default/dhcp3-server

Then add br0 like so:

INTERFACES="br0"

Finish

restart your computer.

Optional Features

Monitoring

Darkstat

Stats with a http server

sudo apt-get install darkstat

edit the config

sudo nano /etc/darkstat/init.cfg
 # Turn this to yes when you have configured the options below.
START_DARKSTAT=yes

# Don't forget to read the man page.

# You must set this option, else darkstat may not listen to
# the interface you want
INTERFACE="-i eth1"

PORT="-p 8888"
#BINDIP="-b 127.0.0.1"
#LOCAL="-l 10.1.1.0/24"
#FIP="-f 127.0.0.1"
#DNS="-n"
#SPY="--spy eth1"

To see this point a browser to http://10.1.1.1:8888

Saidar

a neat little ap that shows server usage

sudo apt-get install saidar

then

saidar

Disabling IPv6

Depending on your hardware, speed improvements may be found by disabling IPv6 {*} See WebBrowsingSlowIPv6IPv4 for instructions for disabling IPv6.

Backup

Reference = http://doc.gwos.org/index.php/Backup_restore_system

sudo su -
cd /
tar cvpjf backup.tar.bz2 --exclude=/proc --exclude=/media --exclude=/mnt --exclude=/dev --exclude=/lost+found --exclude=/backup.tar.bz2 --exclude=/tmp --exclude=/sys /

You will then have a tar ball that is your server all wrapped up in a bundle. Store in a cool dry place.

Port Forwarding

Port forwarding (sometimes referred to as tunneling) is the act of forwarding a network port from one network node to another. This technique can allow an external user buy reports to reach a port on a private IP address (inside a LAN) from the outside via a NAT-enabled router. Modern Linux machines achieve this by adding iptables rules to the nat table: with target DNAT to the PREROUTING chain, and/or with target SNAT in the POSTROUTING chain. Port forwaring can be tricky to setup, some setup options are:

  • iptables/ufw
  • webmin
  • firestarter

References:

Authors

Other articles on the subject

There is a similar, but more specific guide on how to setup a Ubuntu access point using MadWifi drivers and hostapd certified resume writers written by Robin Smidsrød available. It focuses on setting up just the wireless AP, with the necessary bridging and hostapd configuration. How to setup an Atheros-based Access Point with WPA-PSK on Ubuntu 8.04 server