A quick and dirty way to recycle an older computer with a wifi adapter.
Adapted from original HowTo (Thanks Matt!) at :
- any computer capable of running Linux Debian 6.0 in console mode
– 1 Ethernet Network Adapter (eth0)
– 1 Wireless Network Adapter (wlan0)
This howto was tested using a USB 54g Wireless Ralink RT25xx based adapter (Belkin F5D7050B)
(Linux driver rt73usb)
In this howto, we assume that your internet gateway (DSL modem/router and DHCP server) has the following IP address: 192.168.1.1
The clients accessing our Access Point will be offered dynamic IPs by the gateway.
Install your Debian 6.0 system
- openssh server (if you need remote SSH access)
- base system
After installation is finished, upon system reboot :
Enable the non-free repository to install this particular wifi adapter’s firmware
# nano /etc/apt/sources.list
append “contrib” and “non-free” to the repos :
deb http://ftp.fr.debian.org/debian/ squeeze main contrib non-free deb-src http://ftp.fr.debian.org/debian/ squeeze main contrib non-free deb http://security.debian.org/ squeeze/updates main contrib non-free deb-src http://security.debian.org/ squeeze/updates main contrib non-free # squeeze-updates, previously known as 'volatile' deb http://ftp.fr.debian.org/debian/ squeeze-updates main deb-src http://ftp.fr.debian.org/debian/ squeeze-updates main
# apt-get update
(depending on your wireless adapter, you may need another firmware package)
# apt-get install firmware-ralink
Next, install wireless tools, hostapd and bridge-utils
# apt-get install wireless-tools hostapd bridge-utils
Creating the network bridge
We are bridging the eth0 and wlan0 network interfaces, to create the br0 bridge.
We do not assign an IP address to eth0 and wlan0, but only to br0.
Modify network interfaces configuration (make a backup of your old config file first)
# nano /etc/network/interfaces
Note : here I am using static IP for the br0 interface. But you can use dhcp instead.
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). auto lo br0 iface lo inet loopback allow-hotplug eth0 iface eth0 inet manual allow-hotplug wlan0 iface wlan0 inet manual # Bridge setup # for dhcp address #iface br0 inet dhcp # bridge_ports eth0 wlan0 # for static ip iface br0 inet static bridge_ports eth0 wlan0 # adapt with your network settings address 192.168.1.250 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 192.168.1.1 dns-search localdomain
Wireless Access Point with hostapd
We will be using WPA2 authentication for the best security.
Create hostapd config file :
# nano /etc/hostapd/hostapd.conf
interface=wlan0 driver=nl80211 # YOUR BRIDGE NAME bridge=br0 # YOUR COUNTRY HERE country_code=FR ieee80211d=1 # MODIFY YOUR SSID HERE ssid=MY_AP # CHANGE MODE HERE IF NEEDED hw_mode=g # CHANGE CHANNEL EVENTUALLY channel=6 wme_enabled=0 macaddr_acl=0 auth_algs=1 # WE USE WPA2 wpa=2 # MODIFY YOUR PASSPHRASE HERE wpa_passphrase=mypassphrase12345678 wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP
Launch hostapd in non-daemon mode, and go try to associate to your newly created AP with another computer
# hostapd -dd /etc/hostapd/hostapd.conf
If everything works ok, make sure hostapd starts as a daemon upon reboot
# nano /etc/default/hostapd
Secure the configuration file a bit since it contains the WPA passphrase
# chmod 600 /etc/hostapd/hostapd.conf
Have a view at the daemon log to see when a station accesses the AP
# more /var/log/daemon.log | grep hostapd
To see a more complete configuration example for hostapd
$ zmore /usr/share/doc/hostapd/examples/hostapd.conf.gz
- In this setup, the Access Point is in the LAN. Anybody who connects to this AP will have access to your LAN ressources.
- For professional cases, it’s better to have it in another, separated network.
- To improve security, you can use MAC filtering with hostapd.
- As always, use strong passwords for your Linux box. Disable SSH root login, etc.
- If you need firewalling on your bridge, look at ebtables ( http://www.debian-tutorials.com/general/using-ebtables-ethernet-bridge-frame-table-administration-in-debian-squeeze )
- Instead of using an old computer, it is possible to use a plug-computer (Sheevaplug, Seagate Dockstar, etc) for lower energy consumption.
- Implement a www interface (with php/cgi scripts) to manage our AP’s settings (like in commercial wireless APs).