30 December 2008

Wifi access point configuration

I "borrow" quite a lot of wifi on holidays etc. so I wanted to offer free access back, albeit in my 'burb. But I can't just open my router as that would make it too easy to hack into the computers in the house on my network. But I think that if I add a wifi card to a Linux computer (Mandriva 2009, kernel: 2.6.27.7), I should be able to set the firewall only to let traffic through destined for the Internet and to block all attempts to access local machines.

Drivers

I have a spare D-Link Airplus G DWL G510 wireless pci, which reports containing a RaLink RT2561/RT61 rev B 802.11g chip.

I first thought all I needed to do was use iwconfig:

iwconfig wlan0 essid test mode master

but that resulted in:

Error for wireless request "Set Mode" (8B06) :
SET failed on device wlan0 ; Invalid argument.

It seems as though rt2x000 drivers for my card are under development, but that a howto exists.

Simply adding "driver = nl80211" to the hostapd.conf that comes with Mandriva 2009 (which I presume is necessary given that the howto is all about compiling driver) led to
Line 17: invalid/unknown driver 'nl80211'

So it looks as though I need to recompile hostapd with nl80211 included. Mandriva comes with libnl 1.1, which seems to be the latest. The latest development code (Hostap 0.6.6) compiled OK, but the git code did not.

Running as a user gives
ioctl[SIOCSIFFLAGS]: Permission denied

While as root
# ./hostapd -dd /etc/hostapd/hostapd.conf
Configuration file: /etc/hostapd/hostapd.conf
ctrl_interface_group=0
Failed to set interface wlan0 to master mode.
nl80211 driver initialization failed.
wlan0: Unable to setup interface.
rmdir[ctrl_interface]: No such file or directory
ELOOP: remaining socket: sock=5 eloop_data=0x84a3848 user_data=(nil) handler=0x8079420

As so off to the forums, which led me to this post. I needed to rebuild the mac80211 module, with a patch attached. This guide covers creating the necessary .config file , while instructions to build a single module are here. In other words

cd /usr/src/linux
cp /boot/config .config
make net/mac80211/mac80211.ko
gzip net/mac80211/mac80211.ko
rmmod rt61pci
mv /lib/modules/2.6.27.7-desktop586-1mnb/kernel/net/mac80211/mac80211.ko.gz /lib/modules/2.6.27.7-desktop586-1mnb/kernel/net/mac80211/mac80211.ko.gz.orig
cp net/mac80211/mac80211.ko.gz /lib/modules/2.6.27.7-desktop586-1mnb/kernel/net/mac80211
modprobe rt61pci


Firewall
The main thing to do to a stock mandriva internet sharing shorewall configuration is to add a rule reading to drop all traffic from the hotspot aimed at the subnet used by the computers in the internal network:
DROP loc net:192.168.0.0/24
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)