Update: this is now working.
It looks like my issue with bridging was and is a hardware issue.
The Atheros card will not come on-line after a reboot, but will come up on a hard power cycle.
My first How To, and it is kind of long.
Basically I was sick of my Linksys router being to slow and I decided I wanted some more power.
This took a long time to work through and get running. Hopefully I got it all.
First off you will need a spare machine, some NICs and a lot of patience. Also a working knowledge of nano and the console would be nice.
My Hardware Specs:
Old Micron Desktop Computer with everything onboard/built in
Celeron 400 MHZ
384mb RAM
40GB HDD
Atheros based cheap wireless NIC from Compusa
2 Realtek 10/100 NICs
I chose the Atheros card because it was laying around in storage gathering dust. I also have a nice 10db antenna that hooks up to it.
For comments or complaints email me.
pedalwrench007 at gmail dot com
Here goes and have fun:
GOAL
To have a seamless replacement for my Linksys WRT54G with more wireless range and more control.
INITIAL
Install the basic Ubuntu Server [NO DNS or LAMP]
Enable the Universe Repo
apt-get update
Since this is a long How to you should just be root to config the server.
type the command:
Code:
sudo su -
and enter your password...
SETUP THE NETWORK
3 interface setup
my eth0 is broken and on-board so I had to add a card [YMMV]
eth1 is the WAN interface (gateway)
eth2 is the LAN interface
ath0 is the wireless card
br0 is the bridged connection of ath0 and eth2
Setup bridging
Code:
apt-get install bridge-utils
Then edit the network config
Code:
nano /etc/network/interfaces
Code:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
#MY BROKEN INTERFACE (3com on-board)
#auto eth0
#iface eth0 inet dhcp
#pre-up iptables-restore < /etc/iptables.conf
# Gateway
# You should set this to DHCP if your cable/DSL ISP provides it.
# the "pre-up" command brings up the iptables "firewall"
# it is just set to static for testing purposes. see eth0 for DHCP setup.
auto eth1
iface eth1 inet static
address 192.168.1.17
netmask 255.255.255.0
gateway 192.168.1.1
pre-up iptables-restore < /etc/iptables.conf
#Wireless Setup
auto ath0
iface ath0 inet manual
wireless-mode master
# CHANGE ME!!! to your own ESSID
wireless-essid pivotpoint
#Bridge interface
auto br0
iface br0 inet static
address 10.1.1.1
network 10.1.1.0
netmask 255.255.255.0
broadcast 10.1.1.255
bridge-ports eth2 ath0
WIFI SETUP
Atheros card setup for routing
[resource = https://help.ubuntu.com/community/Router/Madwifi]
You have to install the Source to get the driver into Master mode for a WAP
Code:
wget http://umn.dl.sourceforge.net/sourceforge/madwifi/madwifi-0.9.2.1.tar.gz
tar -xvzf madwifi-0.9.2.1.tar.gz
cd madwifi-0.9.2.1
apt-get install build-essential linux-headers-server
make
make install
Edit your kernel modules loaded at boot time:
Code:
nano /etc/modprobe.d/madwifi
add this to make sure the wireless card goes into Master mode:
Code:
options ath_pci autocreate=ap
FIREWALL
run these commands:
[resource = https://help.ubuntu.com/6.10/ubuntu/...iguration.html ]
[NOTE: ETH1 is the gateway interface. YMMV]
Code:
iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth1 -j MASQUERADE
iptables -A FORWARD -s 10.1.1.0/24 -o eth1 -j ACCEPT
iptables -A FORWARD -d 10.1.1.0/24 -m state --state ESTABLISHED,RELATED -i eth1 -j ACCEPT
for logging add:
Code:
iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-prefix "NEW_HTTP_CONN: "
The above log will also appear in /var/log/messages, /var/log/syslog, and /var/log/kern.log.
save to /etc/iptables.conf
Code:
iptables-save > /etc/iptables.conf
NOTE: This is a basic setup that only routes NAT packets. Please read up on firewalli
ng to protect your machine.
# Enable packet forwarding in the Kernel
Code:
nano /etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4
Code:
net.ipv4.conf.forwarding=1
NOTE: Ubuntu has this for default:
#net.ipv4.conf.default.forwarding=1
Make sure you remove the word "default." there is no need for it
DHCP SERVER SETUP
A basic 10 machine DHCP server. Nothin' fancy
Install DHCP server:
Code:
apt-get install dhcpd
Config the server:
Code:
nano /etc/dhcpd.conf
Code:
# MY BASIC CONFIG /etc/dhcpd.conf
default-lease-time 600;
max-lease-time 7200;
#CHANGE THIS TO YOUR DNS SERVERS
option domain-name-servers 68.87.69.146, 67.87.85.98;
option domain-name "youdomainnamehere.com";
#Subnet for DHCP Clients
subnet 10.1.1.0 netmask 255.255.255.0 {
# range of 10 machines
range 10.1.1.50 10.1.1.60;
option subnet-mask 255.255.255.0;
option broadcast-address 10.1.1.255;
option routers 10.1.1.1;
}
You also need to edit /etc/default/dhcp file to specify the interfaces dhcpd
should listen to. By default it listens to eth0. We need to only have it listen to our local NIC {br0}
Code:
nano /etc/default/dhcp
Then add br0 like so:
Code:
INTERFACES="br0"
INSTALL MONITORING
Darkstat
Stats with a http server
Code:
apt-get install darkstat
edit the config
Code:
nano /etc/darkstat/init.cfg
Code:
# Turn this to yes when you have configured the options below.
START_DARKSTAT=yes
# Don't forget to read the man page.
# You must set this option, else darkstat may not listen to
# the interface you want
INTERFACE="-i eth1"
PORT="-p 8888"
#BINDIP="-b 127.0.0.1"
#LOCAL="-l 10.1.1.0/24"
#FIP="-f 127.0.0.1"
#DNS="-n"
#SPY="--spy eth1"
To see this point a browser to http://10.1.1.1:8888
Saidar
a neat little ap that shows server usage
Code:
apt-get install saidar
then
Code:
saidar
OTHER OPTIONAL
Disabling IPv6 for some speed improvments
Code:
nano /etc/modprobe.d/aliases
Comment out this line:
Code:
alias net-pf-10 ipv6
Save the file then
Code:
nano /etc/modprobe.d/blacklist
Add this line:
Code:
blacklist ipv6
Save the file
FINISH
restart your computer. Hopefully everything worked. If so, back it up!
BACKUP
[Reference = http://doc.gwos.org/index.php/Backup_restore_system ]
Code:
sudo su -
cd /
tar cvpjf backup.tar.bz2 --exclude=/proc --exclude=/media --exclude=/mnt --exclude=/dev --exclude=/lost+found --exclude=/backup.tar.bz2 --exclude=/tmp --exclude=/sys /
You will then have a tar ball that is your server all wrapped up in a bundle.
Store in a cool dry place.
FUTURE GOALS
Add Squid, and DNS-Masq.
Add Port Forwarding
References:
https://help.ubuntu.com/community/Br...workInterfaces https://help.ubuntu.com/community/Ub...lessRouter/New
http://www.netfilter.org/documentati...ing-HOWTO.html http://www.debianadmin.com/monitor-y...th-saidar.html https://help.ubuntu.com/6.10/ubuntu/...e/C/index.html http://www.debianadmin.com/network-t...tu-system.html
VERSION:
0.1 3-11-2007 - Re-Write. Setup is a little different. Changed firewall config, deleted squid, and dns-masq.
0.0 3-4-2007 - Initial write-up
Last edited by pedalwrench; March 11th, 2007 at 04:53 PM.. Reason: Spell Check
Reference: http://ubuntuforums.org/showthread.php?t=376283
My Blog List
-
Key Strategies for Reducing Email Bounce Rates - If you’re planning to run an email marketing campaign from a linux-based system, know that there are plenty of email clients to choose from. However, to ...8 hours ago
-
How to configure AWS SES with Postfix MTA on Debian Linux - [image: See all Amazon AWS web services related articles/faq] AWS SES (Amazon Simple Email Service) is a cloud-based email-sending service that is both rel...6 days ago
-
PaloAlto init-cfg.txt Bootstrap Config file Layout with Examples - When you install and configure the PaloAlto firewall, when the firewall boots up for the first time, it does the bootstrapping process. PaloAlto uses the s...1 year ago
-
Clusterssh – Administer multiple ssh or rsh shells simultaneously - Sponsored Link The command opens an administration console and an xterm to all specified hosts. Any text typed into the administration console is replicate...3 years ago
-
Web Application Vulnerability Scanning Tools - Web Application Vulnerability Scanning Tools Nessus http://www.tenable.com/products/nessus PortSwigger https://portswigger.net/ qualys https://www.qualys....5 years ago
-
What You Don’t Know About Linux Open Source Could Be Costing to More Than You Think - Guest post by Marc Fisher If you would like to test out Linux before completely switching it as your everyday driver, there are a number of means by which ...6 years ago
-
Resolving Sysprep problems with App-X packages (Part 1) - This is the first of two articles explaining how to fix systems that won't Sysprep if Windows Native/App-X applications have been removed and Windows patches.6 years ago
-
V2V Communications security considerations - The future of vehicles, road infrastructure and driving are changing. We are progressing with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) ...6 years ago
-
10 UNIX / Linuz Size Command Examples for ObjectFiles - Linux size is part of GNU binutils. This utility is very helpful for programmers to analyze the data from the executable files (or object files). By defaul...9 years ago
-
Updating VMware Tools on Red Hat Enterprise/Scientific/CentOS Linux 6 for VMware ESXi 5 - In a previous post I discussed installing the open source VMware tools for Red Hat Enterprise/Scientific/CentOS Linux 6 from a yum package repository provi...12 years ago
