UbuntuHelp:WifiDocs/WirelessAccessPoint
来自Ubuntu中文
点击翻译: |
English |
请不要直接编辑翻译本页,本页将定期与来源同步。 |
目录
Introduction
In computer networking, a wireless access point (WAP or AP) is a device that connects wireless communication devices together to form a wireless network. The WAP usually connects to a wired network, and can relay data between wireless devices and wired devices. Several WAPs can link together to form a larger network that allows "roaming". (In contrast, a network where the client devices manage themselves - without the need for any access points - becomes an ad-hoc network.) WAPs have IP addresses for configuration.
Purpose of this Document
To create a working wireless linux access point.
Setting up a Wifi Adapter to support "master mode"
To create an Access Point you need to find a wifi card/adaptor that supports master mode see: Select and install wifi adaptor that supports master mode
Router Setup
- Tested on Ubuntu server 7.10
- First off you will need a spare machine
- Some NICs and a lot of patience.
- Working knowledge of nano and the console
- SSH - optional but highly recommended
- putty - remote console
- WinSCP - remote file transfer
- Hardware configuration for this Wireless Access Point
Internet | Router DHCP (192.168.0.1) - PC's connected to router | Switch - PC's connect to switch | Our Linux Box with Ubuntu Linux eth0 (192.168.0.103) via DHCP from Router above. /eth1 (10.1.1.1) Ethernet Statically assigned - Connecting PC br0 \ath0 (10.1.1.1) Wifi Statically assigned - Connecting PC
Initial
- Install Ubuntu Server Edition
Choose software to install:
[*] DNS server [*] OpenSSH server
Install root user
To make the installation easier create a root user. Many files can only be changed with root user. Login user, then enter command
#sudo passwd root Enter new UNIX password: Retype new UNIX password: #su root Password:
Update installation
apt-get update
apt-get upgrade
Post install software
To install DNS server and SSH Server after an ubuntu installation use the command:
tasksel
Modules/Drivers
Check interface modules (drivers) are loaded correctly. Ethernet cards are usually installed automatically when ubuntu is installed. Wireless adaptors are more likely to meed a manual install. See Adapter Wifi Adapter's or Wireless TroubleShooting Guide and WiFi TroubleShooting
SSH Connection
Assuming that your ubuntu box is connected to your ADSL router/DHCP server you will need to find your IP address of your ubuntu box so you can connect with putty
ifconfig
On your windows machine install putty. Type in your ubuntu IP address into putty then connect. You can now cut and paste the following the commands. If you want to transfer files use WinSCP.
Setup the Network
3 interface setup eth0 is the WAN interface (gateway) eth1 is the LAN interface ath0 is the wireless card br0 is the bridged connection of ath0 and eth2 Setup bridging
sudo apt-get install bridge-utils
Then edit the network config
sudo nano /etc/network/interfaces
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback #Gateway - auto eth0 iface eth0 inet dhcp pre-up iptables-restore < /etc/iptables.rules post-down iptables-save > /etc/iptables.rules #Wireless Setup auto ath0 iface ath0 inet manual wireless-mode master wireless-essid pivotpoint #Bridge interface auto br0 iface br0 inet static address 10.1.1.1 network 10.1.1.0 netmask 255.255.255.0 broadcast 10.1.1.255 bridge-ports eth1 ath0
Firewall
Iptables
run these commands: NOTE: ETH0 is the gateway interface.
sudo iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE sudo iptables -A FORWARD -s 10.1.1.0/24 -o eth0 -j ACCEPT sudo iptables -A FORWARD -d 10.1.1.0/24 -m state --state ESTABLISHED,RELATED -i eth0 -j ACCEPT
for logging add:
sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-prefix "NEW_HTTP_CONN: "
The above log will also appear in /var/log/messages, /var/log/syslog, and /var/log/kern.log. save to /etc/iptables.rules
sudo sh -c "iptables-save > /etc/iptables.rules"
NOTE: This is a basic setup that only routes NAT packets. Please read up on firewalling to protect your machine.
Packet Forwarding
Enable packet forwarding in the Kernel
sudo nano /etc/sysctl.conf
Add the following line
net.ipv4.ip_forward = 1
NOTE: Uncommenting the line "enable packet forwarding for IPv4" doesn't seem to work
Diagnostic tools
Immediately allow the forwarding of packets. The configuration is not preserved on reboot but sets a flag in the kernel itself.
echo 1 > /proc/sys/net/ipv4/ip_forward
Test the current setting of the kernel:
cat /proc/sys/net/ipv4/ip_forward
Note: The /proc directory is NOT on your hard drive but is present in the running kernel.
DHCP Server Setup
A basic 10 machine DHCP server. Nothin' fancy Install DHCP server:
sudo apt-get install dhcp3-server
Config the server:
sudo nano /etc/dhcp3/dhcpd.conf
# Subnet for DHCP Clients subnet 10.1.1.0 netmask 255.255.255.0 { option domain-name-servers 10.1.1.1; max-lease-time 7200; default-lease-time 600; range 10.1.1.50 10.1.1.60; option subnet-mask 255.255.255.0; option broadcast-address 10.1.1.255; option routers 10.1.1.1; }
NOTE: If a DNS server (bind9) hasn't been installed change "option domain-name-servers 10.1.1.1" to the IP address of the DNS Server provided by your isp. You also need to edit /etc/default/dhcp file to specify the interfaces dhcpd should listen to. By default it listens to eth0. We need to only have it listen to our local NIC {br0}
sudo nano /etc/default/dhcp3-server
Then add br0 like so:
INTERFACES="br0"
Install Monitoring
Darkstat
Stats with a http server
sudo apt-get install darkstat
edit the config
sudo nano /etc/darkstat/init.cfg
# Turn this to yes when you have configured the options below. START_DARKSTAT=yes # Don't forget to read the man page. # You must set this option, else darkstat may not listen to # the interface you want INTERFACE="-i eth1" PORT="-p 8888" #BINDIP="-b 127.0.0.1" #LOCAL="-l 10.1.1.0/24" #FIP="-f 127.0.0.1" #DNS="-n" #SPY="--spy eth1"
To see this point a browser to http://10.1.1.1:8888
Saidar
a neat little ap that shows server usage
sudo apt-get install saidar
then
saidar
OTHER OPTIONAL
Disabling IPv6 for some speed improvments
sudo nano /etc/modprobe.d/aliases
Comment out this line:
alias net-pf-10 ipv6
Save the file then
sudo nano /etc/modprobe.d/blacklist
Add this line:
blacklist ipv6
Save the file
Finish
restart your computer. Hopefully everything worked. If so, back it up!
Backup
Reference = http://doc.gwos.org/index.php/Backup_restore_system
sudo su - cd / tar cvpjf backup.tar.bz2 --exclude=/proc --exclude=/media --exclude=/mnt --exclude=/dev --exclude=/lost+found --exclude=/backup.tar.bz2 --exclude=/tmp --exclude=/sys /
You will then have a tar ball that is your server all wrapped up in a bundle. Store in a cool dry place.
Future Goals
Add Squid, and DNS-Masq. Add Port Forwarding
References:
- http://gentoo-wiki.com/HOWTO_Building_a_Wireless_Access_Point
- http://ubuntuforums.org/showthread.php?t=376283
Authors
- pedalwrench (Ubuntu Fourm) http://www.spudz.org/
- Strolls (Gentoo)
- LeON (Gentoo)
- AnMaster (Gentoo)
- Others