- Wireless Access Point
- DNS Proxy
- HTTP Proxy
- Content/List based HTTP filtering
The Linux device driver which gets installed on this hardware for wireless network device is called ath9k. Unfortunately, it does not currently support the “Managed” mode (or the chip-set does not) and therefore as such cannot turn the Nano-box wireless network interface as an access point, hot-spot or other. In Linux, however there is always a way out.
The answer is the hostapd-package which creates on top of the wireless device, wlan0 a virtual network device, which has the capacity to work as an access point. It contains a built-in authentication service, which allows for example the usage of WPA-PSK encryption and handshaking.
Warning, the resulting system cannot work as access point to every device that you may imagine. You need to try. I noticed, for example that Wii’s wireless and Dell Dimension D610′s wireless (Intel chipset + Windows XP SP-3) failed either to connect or failed in authentication. The latter can be sometimes fixed by using a WEP key but if the radio connection fails, like with Wii, there is nothing to do. All Linux boxes, A Canon printer and telephones connected OK.
Note, I do not believe on that sudo(8) mayhem of Ubuntu world. A part of some limited, well planned usage I consider using sudo as self-$#@&^%. Instead, I suggest that you set yourself as root in the command line using su(1) and that you assume your responsibilities.
If you do not know who the hell is the root user and even less about a command line, you can stop reading now. Sorry.
Let’s install the packages we need, hostapd and wpasupplicant (for WPA-PSK handshaking).
apt-get install wpasupplicant apt-get install hostapd
Check that the wireless adapter is visible.
iwconfig wlan0 wlan0 IEEE 802.11bgn Mode:Master Frequency:2.412 GHz Tx-Power=15 dBm Retry long limit:7 RTS thr:off Fragment thr:off Power Management:on
Configure both the eth0 and wlan0 with fixed addresses, no DHCP dependencies.
pbox network # cd /etc/network pbox network # cat interfaces auto lo iface lo inet loopback # eth0 auto eth0 iface eth0 inet static address 192.168.1.99 netmask 255.255.255.0 gateway 192.168.1.254 # wlan0 auto wlan0 iface wlan0 inet static address 192.168.2.99 network 192.168.2.0 netmask 255.255.255.0 broadcast 192.168.2.255 # hostapd for Master mode on wlan up /etc/init.d/hostapd restart
Configure the hostapad (without activating gateway function – we will use Firestarter instead because we need some other functions as well).
Change wpa_passphrase and country_code fields below.
pbox network # cd /etc/hostapd/ pbox hostapd # cat hostapd.conf interface=wlan0 driver=nl80211 device_name=hostapd WLAN logger_syslog=-1 logger_syslog_level=2 logger_stdout=-1 logger_stdout_level=2 ctrl_interface=/var/run/hostapd ctrl_interface_group=0 dump_file=/tmp/hostapd.dump ssid=WLAN_AP-SSID channel=1 ignore_broadcast_ssid=0 country_code=FR ieee80211d=1 hw_mode=g beacon_int=100 dtim_period=2 # MAC-Authentifizierung macaddr_acl=0 ssid=pbox-wlan max_num_sta=255 macaddr_acl=0 auth_algs=3 wme_enabled=0 ieee8021x=0 wpa=2 wpa_passphrase=MY-SECRET-CODE-3210 wpa_key_mgmt=WPA-PSK WPA-EAP wpa_pairwise=TKIP CCMP wpa_group_rekey=600 wpa_ptk_rekey=600 wpa_gmk_rekey=86400 assoc_sa_query_max_timeout=50000
Make a symbolic link for messages log file which is not used by default in Linux Mint but which will be required with some of the packages we will install here. It would be pity to lose log entries for debugging and for security reasons.
pbox etc # cd /var/log pbox log # ln -s syslog messages
Don’t worry, later on, after the automatic log rotation the symbolic link will be replaced by a real messages log file. But we need to have the file name during the installation phase.
Restart the system
pbox etc # init 6
Check that we see now three network interfaces.
eth0 Link encap:Ethernet HWaddr 00:01:2e:3a:d6:60 inet addr:192.168.1.99 Bcast:0.0.0.0 Mask:255.255.255.0 inet6 addr: fe80::201:2ef:fe3a:d660/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3467474 errors:0 dropped:0 overruns:0 frame:0 TX packets:1989186 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:110424433 (110.4 MB) TX bytes:480942424 (480.9 MB) Interrupt:43 Base address:0x6000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:195995 errors:0 dropped:0 overruns:0 frame:0 TX packets:195995 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:342676099 (342.6 MB) TX bytes:342676099 (342.6 MB) mon.wlan0 Link encap:UNSPEC HWaddr 74-2F-68-AF-CC-22-30-30-00-00-00-00-00-00-00-00 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:32440 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4580204 (4.5 MB) TX bytes:0 (0.0 B) wlan0 Link encap:Ethernet HWaddr 74:2f:68:af:cc:22 inet addr:192.168.2.99 Bcast:192.168.2.255 Mask:255.255.255.0 inet6 addr: fe80::762f:68ff:feaf:cc22/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:34247 errors:0 dropped:0 overruns:0 frame:0 TX packets:41319 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:19383627 (19.3 MB) TX bytes:32538028 (32.5 MB)
Test. Follow the log output of hostapd, fire up an external machine and try to connect to the new access point while observing eventual problems with the connectivity.
tail -f /var/log/syslog
You cannot connect yet since you must have be recognized first by the DHCP service but you can observe the activity until the authentication failure (by now) in the syslog-file.