Turn your Linux box into a Wireless Router

If at first you don’t succeed try, try again … Dispite the fact that I did succeed in turning my Raspberry Pi into a wireless access point by bridging the two network interfaces this is not the best solution and I was still puzzled by the fact that I had not been able to get it to work using the original instructions here.

There were several different problems.

  • The client wasn’t getting a dhcp address, proabably because I’d mis-configured dnsmasq somewhere, or the ports on the firewall were blocked – I eventually just disabled the firewall.
  • Using isc-dhcp-server instead of dnsmasq I managed to conenct but still could not ping anything through the wireless access point as packets were not being forwarded.
  • Everything stopped working when I re-enabled the firewall – even though I thought Id opened up the necessary ports from the wireless network.

I decided to start again from scratch using the debian wiki page and sample configuration file for guidance. I’m still not quite sure why the client did not get a DHCP address originally but I got it to work this time.

Install the firmware

As before to enable wireless networking you need to install the appropriate firmware for your wireless card from the non-free repository.

To do this you need to be running as root.

$ su
Password: 

OR

$ sudo -i
Password: 

Then add the non-free repository to the list of repositories that will be used when installing new packages.

# vi /etc/apt/sources.list

Raspbian

# /etc/apt/sources.list
#
deb http://archive.raspbian.org/raspbian/ wheezy main non-free
  :
  :
  :

Debian (Squeeze)

# /etc/apt/sources.list
# 
deb http://ftp.uk.debian.org/debian/ squeeze main contrib non-free
# deb-src http://ftp.uk.debian.org/debian/ squeeze main
  :
  :
  :

Then update the local package lists, and install the firmware for the wireless adaptor.

# apt-get update
  :
  :
  :
Reading package lists... Done
#

To help identify the type of wireless network card you are using you can list all the devices that are recognised using lsusb or lspci. My Raspberry Pi has a USB Nano 150 wireless adaptor with a Ralink chipset

# lsusb
Bus 001 Device 002: ID 0424:9512 Standard Microsystems Corp. 
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp. 
Bus 001 Device 004: ID 148f:5370 Ralink Technology. 
                                 RT5370 Wireless Adapter 

# apt-get install firmware-ralink
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Suggested packages:
  initramfs-tools linux-image
The following NEW packages will be installed:
  firmware-ralink
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/21.4 kB of archives.
After this operation, 96.3 kB of disk space will be used.
  :
  :
  :
#

In my PC running Debian I have a BELKIN Wireless Desktop Network Card with a Broadcom 4306 chipset.

# lspci
00:00.0 Host bridge:Intel 82865G/PE/P DRAM Controller Interface
00:02.0 VGA compatible controller:Intel 82865G Graphics Controller
00:06.0 System peripheral:Intel 82865G/PE/P I/O Memory Interface
00:1f.0 ISA bridge:Intel 82801EB/ER LPC Interface Bridge
00:1f.1 IDE interface:Intel 82801EB/ER IDE Controller
00:1f.2 IDE interface:Intel 82801EB SATA Controller
00:1f.3 SMBus:Intel 82801EB/ER SMBus Controller
05:02.0 Ethernet controller:Broadcom NetXtreme BCM5782 Ethernet
05:04.0 Network controller:Broadcom BCM4306 802.11b/g Wireless LAN

The firmware for this card must be downloaded separately using an installer, the process is a little different but we will still use apt to start the installation.

# apt-get install firmware-b43-installer
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  b43-fwcutter bzip2
Suggested packages:
  bzip2-doc
The following NEW packages will be installed:
  b43-fwcutter bzip2 firmware-b43-installer
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 52.6 kB/68.7 kB of archives.
After this operation, 287 kB of disk space will be used.
Do you want to continue [Y/n]? Y
  :
  :
  :
Setting up firmware-b43-installer (4.150.10.5-4) ...
Resolving mirror2.openwrt.org... 46.4.11.11
Connecting to mirror2.openwrt.org|46.4.11.11|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3888794 (3.7M) [application/x-bzip2]
Saving to: `broadcom-wl-4.150.10.5.tar.bz2'

100% [============================>] 3,888,794    632K/s   in 5.9s
`broadcom-wl-4.150.10.5.tar.bz2' saved [3888794/3888794]

This file is recognised as:
  ID         :  FW13
  filename   :  wl_apsta_mimo.o
  version    :  410.2160
  MD5        :  cb8d70972b885b1f8883b943c0261a3c
Extracting b43/pcm5.fw
Extracting b43/ucode15.fw
  :
  :
  :
Extracting b43/b0g0initvals5.fw
#


Enable the wireless interface

Next we need to install the wireless tools and can then check that the wireless network interface has been detected.

# apt-get install wireless-tools
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  libiw30
The following NEW packages will be installed:
  libiw30 wireless-tools
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 168 kB of archives.
After this operation, 385 kB of disk space will be used.
Do you want to continue [Y/n]?  Y
  :
  :
  :

To check that the wireless interface is detected

# iwconfig
wlan0     IEEE 802.11bgn  ESSID:off/any  
          Mode:Managed Access Point:Not-Associated Tx-Power=0dBm   
          Retry long limit:7 RTS thr:off Fragment thr:off
          Encryption key:off
          Power Management:on
          
lo        no wireless extensions.

eth0      no wireless extensions.

If there is not an entry corresponding to your wireless network then your wireless device is not supported. You may find that upgrading to a newer kernel (using apt-get upgrade), or newer Linux release solves this problem.

Configure the network

You now need to give the wireless network a fixed address – using a different subnet from the one you have used for your LAN. In this case my network addresses all look like 192.168.0.x so I’m using 192.16.1.x for the wireless network.

# vi /etc/network/interfaces

#/etc/network/interfaces 
#
# This file describes the network interfaces available on
# your system and how to activate them. For more information,
# see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp

# Wireless interface
auto wlan0
iface wlan0 inet static
    address 192.168.1.254
    netmask 255.255.255.0

Now reboot for these changes to take effect and then check that the wireless interface has been configured with the correct address.

# reboot

$ su
Password:  
# ifconfig
eth0  Link encap:Ethernet HWaddr 00:40:ca:75:fe:91  
      inet addr:192.168.0.64 Bcast:192.168.0.255 Mask:255.255.255.0
      inet6 addr: fe80::240:caff:fe75:fe91/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
      RX packets:39 errors:0 dropped:0 overruns:0 frame:0
      TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000 
      RX bytes:5465 (5.3 KiB)  TX bytes:5829 (5.6 KiB)
      Interrupt:20 

lo    Link encap:Local Loopback  
      inet addr:127.0.0.1 Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING MTU:16436 Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0 
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

wlan0 Link encap:Ethernet HWaddr 00:11:50:06:d0:e8  
      inet addr:192.168.1.254 Bcast:192.168.1.255 Mask:255.255.255.0
      UP BROADCAST MULTICAST MTU:1500 Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000 
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)


Install and configure the Access Point

Now that we know the wireless network is working was can install the access point package and configure it.

# apt-get install hostapd
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  libnl1
The following NEW packages will be installed:
  hostapd libnl1
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 451 kB of archives.
After this operation, 1,200 kB of disk space will be used.
Do you want to continue [Y/n]?  Y
  :
  :
  :
Setting up hostapd (1:0.6.10-2+squeeze1) ...

Configure the wireless access point properties, using your own ssid and password.

Note – Don’t make the password too long initially as I found a long password didn’t work, you can always change it later when you know everything is working.

# vi /etc/hostapd/hostapd.conf

# /etc/hostapd/hostapd.conf
#
# /etc/hostapd/hostapd.conf
#
interface=wlan0
driver=nl80211
hw_mode=b
channel=1
ssid=private

auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
rsn_pairwise=TKIP
wpa_passphrase=Password

#ieee80211n=1

I’ve commented out the last line as the BELKIN card doesn’t support 802.11n. Next we need to configure it to start automatically at boot.

# vi /etc/default/hostapd

# /etc/default/hostapd
#
# Defaults for hostapd initscript

#
DAEMON_CONF="/etc/hostapd/hostapd.conf"

Then reboot for the changes to take effect…

# reboot


Install and configure a DHCP server

We will use dnsmasq to allocate network addresses to the clients as this is a lightweight server designed to provide DNS, DHCP and TFTP services to a small-scale network. (We could use other packages to provide DHCP if we wanted to, so long as the clients know the address of a valid name server).

# apt-get install dnsmasq
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  dnsmasq-base libdbus-1-3 libidn11
Suggested packages:
  resolvconf
Recommended packages:
  dbus
The following NEW packages will be installed:
  dnsmasq dnsmasq-base libdbus-1-3 libidn11
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/609 kB of archives.
After this operation, 1,565 kB of disk space will be used.
Do you want to continue [Y/n]? Y
 :
  :
  :
Setting up dnsmasq-base (2.55-2+b1) ...
Setting up dnsmasq (2.55-2) ...
Starting DNS forwarder and DHCP server: dnsmasq.

Then we need to configure it to listen on for requests on the wireless network interface, and use the correct range of addresses. This is a very large file, double-check that you are modifying the right entries.

# vi /etc/dnsmasq.conf

# Configuration file for dnsmasq.
#
  :
  :
  :
# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
interface=wlan0
  :
  :
# Uncomment this to enable the integrated DHCP server, you need
# to supply the range of addresses available for lease and 
# optionally a lease time. If you have more than one network, 
# you will need torepeat this for each network on which you  
# want to supply DHCPservice.
dhcp-range=192.168.0.128,192.168.0.191,4h


Configure the firewall

To allow DHCP requests from the clients we need to open up the following ports. Note, that I’m not filtering incoming packets using the source address as the client does get an address utill the DHCP request is satisfied.

# ufw allow in on wlan0 from any port 68 to any port 67 proto udp

We also need to enable DNS queries on port 53 (both tcp and udp), these will be forwarded to the DNS server on eth0 by dnsmasq.

# ufw allow in on wlan0 from 192.168.0.0/24 to any port 53

Check the firewall settings, there may be other entries particularly, if you are connecting remotely using ssh.

# ufw status
Status: active
To                         Action      From
--                         ------      ----
67/udp on wlan0            ALLOW       68/udp
53 on wlan0                ALLOW       192.168.0.0/24

Configure routing

To allow clients connected to the wireless network to access the rest of the wired network we need to enable forwarding and configure NAT so that packets can be sent through the router.

To enable forwarding uncomment the line net.ipv4.ip_forward=1 in /etc/sysctl.conf.

# vi /etc/sysctl.conf

# /etc/sysctl.conf
#
net.ipv4.ip_forward=1

Since we are already using UFW we can use this to enable forwarding can be done by adding the necessary rules to /etc/ufw/after.rules. Three rules are required.

  • The first rule enables the forwarding of packets for new connections;
  • The second rule enables the forwarding of packets for established connections;
  • The the rule enables NAT.

The first two they can both be inserted into the existing rule table, just before the COMMIT.

# vi /etc/ufw/after.rules

# /etc/ufw/after.rules
#
  :
  :
  :

# Enable Port forwarding
-A FORWARD -o eth0 -i wlan0 -s 192.168.0.0/24 -m conntrack
  --ctstate NEW -j ACCEPT # All one line.
-A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

The third rule needs to be added to the end of the file in a separate rule table.

# vi /etc/ufw/after.rules

# /etc/ufw/after.rules
#
  :
  :
  :

# Enable NAT
*nat
:POSTROUTING ACCEPT [0:0]

# Forward traffic through eth0 - Change to match you out-interface
-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE

COMMIT

You need to reboot for these changes to take effect.

# reboot


Troubleshooting

Check that both the required processes are running.

# ps -A|grep -e hostapd -e dnsmasq
 1084 ?        00:00:00 hostapd
 1096 ?        00:00:00 dnsmasq

If one of the processes is not running you will need to review the console output to see if there are any error messages, or you can login as root and try to start them manually.

# /etc/init.d/hostapd start

# /etc/init.d/dnsmasq start

Starting hostapd interactively with the debug option may also help identify what is wrong.

# hostapd -d /etc/hostapd/hostapd.conf


Raspberry Pi is a trademark of the Raspberry Pi Foundation

About these ads
This entry was posted in Linux. Bookmark the permalink.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s