WiFi Acces Point (I) - Installation

Installation

_$: apt-get install wireless-tools
_$: apt-get install hostapd
_$: apt-get install bridge-utils

Check compatibility with Ubuntu

If you are planning to add a wireless card to your server, first check that it is supported. In this case we will add an Edimax EW-7612PIN V2 300Mbps 11n Wireless PCI Express to our server.

To check that it is, indeed, compatible, go to https://help.ubuntu.com/community/WifiDocs/WirelessCardsSupported and you will find a list of links to the manufacturers. In our case, we will go to https://help.ubuntu.com/community/HardwareSupportComponentsWirelessNetworkCardsEdimax and see that it works out of the box and that it has been tested at least in Ubuntu 10.10 (x86).

Install drivers

_$: apt-get install build-essentials
_$: apt-get install linux-headers-`uname -r`
_$: mkdir wireless && cd wireless

Now we have two options, first one is to use the Edimax’s driver, wich is deprecated. You can read how that would be done, but we will go with the second option: use the Realtek’s driver.

Install the Edimax driver (not recommended)

Download the driver from http://www.edimax.com/en/support_detail.php?pd_id=350&pl1_id=25&pl2_id=48

_$: wget http://www.edimax.com/images/Image/Driver_Utility/Wireless/NIC/EW-7612PIn/7612_Linux_Driver.zip
_$: unzip 7612_Linux_Driver.zip
_$: mv 7612_Linux_\ Driver/ 7612_Linux_Driver
_$: cd 7612_Linux_Driver
_$: make

Install the Realtek driver (recommended)

_$: lspci | grep -i wifi
05:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8188CE 802.11b/g/n WiFi Adapter (rev 01)

So the chip is RTL8188CE.

Download the driver from http://www.realtek.com.tw/downloads/downloadsView.aspx?Langid=1&PFid=48&Level=5&Conn=4&ProdID=272&DownTypeID=3&GetDown=false&Downloads=true#2722

_$: tar xvfj linux_mac80211_0012.0207.2013.tar.bz2
_$: cd rtl_92ce_92se_92de_8723ae_88ee_linux_mac80211_0012.0207.2013
_$: vi pci.h

Now we have to modify one of the source files before compiling the driver:

pci.h:
------
/******************************************************************************
 *
 * Copyright(c) 2009-2010  Realtek Corporation.
 *
 * ...
 *
 * Larry Finger <Larry.Finger@lwfinger.net>
 *
 *****************************************************************************/

#ifndef __devinit       <=== Comment this line
#define __devinit       <===  "       "    "
#define __devinitdata   <===  "       "    "
#endif                  <===  "       "    "

#ifndef __RTL_PCI_H__
#define __RTL_PCI_H__

Once you have done this, compile it and reboot.

_$: make
_$: make install

_$: reboot

_$: lsmod | grep rtl
rtl8192ce             141806  0
rtlwifi               123323  1 rtl8192ce
mac80211              630977  2 rtl8192ce,rtlwifi
cfg80211              525244  2 rtlwifi,mac80211

After the reboot the wireless module has been loaded.

Configuration

These are the configuration files you need to modify for your wireless network to work. If you have your smartphone near you, you can use it to see if it finds the network once it is configured.

/etc/default/hostapd:
---------------------
# Defaults for hostapd initscript
#
# See /usr/share/doc/hostapd/README.Debian for information about alternative
# methods of managing hostapd.
#
# Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration
# file and hostapd will be started during system boot. An example configuration
# file can be found at /usr/share/doc/hostapd/examples/hostapd.conf.gz
#
DAEMON_CONF="/etc/hostapd/hostapd.conf"

# Additional daemon options to be appended to hostapd command:-
#   -d   show more debug messages (-dd for even more)
#   -K   include key data in debug messages
#   -t   include timestamps in some debug messages
#
# Note that -B (daemon mode) and -P (pidfile) options are automatically
# configured by the init.d script and must not be added to DAEMON_OPTS.
#
#DAEMON_OPTS=""

/etc/hostapd/hostpad.conf:
--------------------------
# Wireless interface
interface=wlan0

# Driver
driver=nl80211

# Country
country_code=ES

# SSID
ssid=<SSID>

# Operation mode
hw_mode=g

# Channel number
channel=6

# WPA mode
wpa=2

# Password
wpa_passphrase=<PASSWORD>

# Key management algorithms
wpa_key_mgmt=WPA-PSK

# Cipher suites (encryption algorithms)
# TKIP = Temporal Key Integrity Protocol
# CCMP = AES in Counter mode with CBC-MAC
wpa_pairwise=TKIP
rsn_pairwise=CCMP

# Shared Key Authentication
auth_algs=1

# Accept all MAC address
macaddr_acl=0

We will now configure the server to use IP addresses in the 192.168.2.0 network for the wireless devices. The IP addresses for the hosts in the Local Area Network will be in the 192.168.1.0 network. The server’s IP address for both networks will be in the 192.168.X.101 form.

This is the network scheme:

         +-----------------+             +---------------+
         |                 |             |               |
WiFi --- wlan0  Server  eth0 --- LAN --- eth0 Gateway eth1 --- Internet
         |                 |             |               |
         +-----------------+             +---------------+

The wireless server is also acting as a DNS server for all the hosts in the Local Area Network. That is the reason for the dns-nameservers setting to be the loopback address when configuring the eth0 interface.

/etc/network/interfaces:
------------------------
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
	address 192.168.1.101
	network 192.168.1.0
	netmask 255.255.255.0
	gateway 192.168.1.1
	dns-nameservers 127.0.0.1
	post-up   /sbin/ethtool -s eth0 wol g
	post-down /sbin/ethtool -s eth0 wol g

# The wireless interface.
auto wlan0
iface wlan0 inet static
	address 192.168.2.101
	network 192.168.2.0
	netmask 255.255.255.0
	dns-nameservers 127.0.0.1

Iptables

All of the communications that this server receives through wlan0 will be transmitted through eth0 to the gateway of the Local Area Network pretending to come from the server. That way we provide the wireless devices with internet access.

/etc/iptables.up.rules:
-----------------------
*nat
:PREROUTING ACCEPT  [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT      [0:0]
-A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT   [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT  [0:0]
COMMIT

_$: iptables-restore < /etc/iptables.up.rules

Route

It is time to chek how routes have been set up:

_$: route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    100    0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan0

If we had some other devices, like printers, in the 192.168.50.0 network and we wanted to make them visible for the wireless devices, we should add them:

_$: route add -net 192.168.50.0 netmask 255.255.255.0 dev eth0

_$: route -n
route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    100    0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan0
192.168.50.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0

See connected devices

We can see at any given time which wireless devices are connected with this command:

_$: iw dev wlan0 station dump | grep 'Station'