This article might be entitled “How to convert an $800 laptop into a $40 wireless router”, which indicates why doing this might not be desirable. There are, however, at least two cases where this might make sense: (1) You want to provide or test some feature that is not supplied by your AP. One example is 802.11a (5 GHz) channels. (2) your need for an AP is temporary such as network sharing of a 3G broadband modem.
To accomplish the task, several pieces of software will be needed including hostapd, a DHCP server for the AP’s clients, and an iptables rules for Network Address Translation (NAT). The requirements for these are discussed in turn.
I. Hostapd
Hostapd runs in user space and interacts with the device driver to handle most of the things that an AP does, such as transmitting of beacons, authentication, etc. The version included with the “hostapd” package of openSUSE 11.1 (0.5.10) works with a limited number of devices and drivers. For modern drivers that use mac80211, a newer version is needed, which can be downloaded from hostapd: IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator. Building this will require that the make, libnl, libnl-devel, openssl-devel and gcc packages are installed. I recommend installing the package from the repository and then doing a download, make and install of the later version. If your kernel is older than 2.6.28 (check uname -r), then you will need the compat-wireless code that is downloaded from Download - Linux Wireless. For this option, you will also need to install the kernel source, and prepare it for use. To prepare the source, issue the following commands:
cd /usr/src/linux
sudo cp /proc/config.gz .
sudo gunzip config.gz
sudo cp config .config
sudo make prepare
Configuration of hostapd is accomplished with a configuration file named hostapd.conf. There are a number of options in that file, but a working AP with WPA2 encryption can be setup with the following:
interface=wlan0
driver=nl80211
hw_mode=g
channel=1
ssid=test
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
wpa_passphrase=123456789
II. Dhcpd
The standard dhcpd package in openSUSE 11.1 works just fine. To use it, you need to modify its configuration file dhcpd.conf. Again, there are a number of options available, but you can get a working DHCP server with the following:
option domain-name-servers 192.168.1.1;
default-lease-time 600;
max-lease-time 7200;
ddns-update-style none; ddns-updates off;
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.200 192.168.0.229;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.1;
}
The above configuration assumes that the AP will be connected to the outside world with an IP address of 192.168.1.X and that the AP’s clients will have addresses 192.168.0.X. If other addresses are used, adjust the above info accordingly.
III. Iptables Network Address Translation rules
For this example, the NAT rules will be only those necessary to get the AP operational. Although iptables is used to write firewalls, the only protection in this code is to allow only established connections. The rules are shown in the script below.
IV. A script to start and stop the Access Point
The following code will start and stop the AP. To make any changes easier, the locations of the various utilities, the interface names, and the IP address to be used are defined by symbols at the start of the script. I also use configuration files that are stored in root’s home directory, not in /etc as would normally be done. This script must be executable and be run as root.
#!/bin/sh
# Script to start/stop a hostapd-based access point
#
# Symbols for needed programs
IPTABLES=/usr/sbin/iptables
IFCONFIG=/sbin/ifconfig
DHCPD=/usr/sbin/dhcpd
HOSTAPD=/usr/local/bin/hostapd
# Symbols for internal and external interfaces
NET_INT=wlan0
NET_EXT=eth0
# IP address for the AP
INT_ADDR=192.168.0.1
case "$1" in
start)
echo "Starting AP mode for $NET_INT at address $INT_ADDR"
# Disable packet forwarding
echo 0 > /proc/sys/net/ipv4/ip_forward
# Stop any existing hostapd and dhcpd daemons
killproc hostapd
killproc dhcpd
#Set up forwarding
$IPTABLES -t nat -A POSTROUTING -o $NET_EXT -j MASQUERADE
$IPTABLES -A FORWARD -i $NET_EXT -o $NET_INT -m state \
--state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $NET_INT -o $NET_EXT -j ACCEPT
# Enable packet forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# Get the internal interface in the right state
$IFCONFIG $NET_INT down
$IFCONFIG $NET_INT up
$IFCONFIG $NET_INT $INT_ADDR
# dhcpd needs to have a leases file available - create it if needed
if ! -f /var/lib/dhcp/db/dhcpd.leases ]; then
touch /var/lib/dhcp/db/dhcpd.leases
fi
# Bring up the DHCP server
$DHCPD -cf /root/dhcpd.conf $NET_INT
# Bring up hostapd
$HOSTAPD -B /root/hostapd.conf
;;
stop)
echo "Stopping AP mode on $NET_INT"
# Stop hostapd and dhcpd daemons
killproc hostapd
killproc dhcpd
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
;;
esac