Download Safari Books Online apps: Apple iOS | Android

Entire Site

Safari Books Online

    Free Trial

    Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


    Copyright
    Dedication
    Preface
    Ch. 1. Introduction to Linux Networking
    Ch. 2. Building a Linux Gateway on a Single-Board Computer
    Ch. 3. Building a Linux Firewall
    Ch. 4. Building a Linux Wireless Access Point
    Recipe 4.0. Introduction
    Recipe 4.1. Building a Linux Wireless Access Point
    Recipe 4.2. Bridging Wireless to Wired
    Recipe 4.3. Setting Up Name Services
    Recipe 4.4. Setting Static IP Addresses from the DHCP Server
    Recipe 4.5. Configuring Linux and Windows Static DHCP Clients
    Recipe 4.6. Adding Mail Servers to dnsmasq
    Recipe 4.7. Making WPA2-Personal Almost As Good As WPA-Enterprise
    Recipe 4.8. Enterprise Authentication with a RADIUS Server
    Recipe 4.9. Configuring Your Wireless Access Point to Use FreeRADIUS
    Recipe 4.10. Authenticating Clients to FreeRADIUS
    Recipe 4.11. Connecting to the Internet and Firewalling
    Recipe 4.12. Using Routing Instead of Bridging
    Recipe 4.13. Probing Your Wireless Interface Card
    Recipe 4.14. Changing the Pyramid Router's Hostname
    Recipe 4.15. Turning Off Antenna Diversity
    Recipe 4.16. Managing dnsmasq's DNS Cache
    Recipe 4.17. Managing Windows' DNS Caches
    Recipe 4.18. Updating the Time at Boot
    Ch. 5. Building a VoIP Server with Asterisk
    Ch. 6. Routing with Linux
    Ch. 7. Secure Remote Administration with SSH
    Ch. 8. Using Cross-Platform Remote Graphical Desktops
    Ch. 9. Building Secure Cross-Platform Virtual Private Networks with OpenVPN
    Ch. 10. Building a Linux PPTP VPN Server
    Ch. 11. Single Sign-on with Samba for Mixed Linux/Windows LANs
    Ch. 12. Centralized Network Directory with OpenLDAP
    Ch. 13. Network Monitoring with Nagios
    Ch. 14. Network Monitoring with MRTG
    Ch. 15. Getting Acquainted with IPv6
    Ch. 16. Setting Up Hands-Free Network Installations of New Systems
    Ch. 17. Linux Server Administration via Serial Console
    Ch. 18. Running a Linux Dial-Up Server
    Ch. 19. Troubleshooting Networks
    Appx. A. Essential References
    Appx. B. Glossary of Networking Terms
    Appx. C. Linux Kernel Building Reference
    Colophon
    Index
    • Create BookmarkCreate Bookmark
    • Create Note or TagCreate Note or Tag
    • DownloadDownload
    • PrintPrint
    Share this Page URL
    Help

    Recipe 4.2. Bridging Wireless to Wired

    4.3.1. Problem

    How do you integrate your wired and wireless clients so that they share an Internet connection and LAN services all in one big happy subnet? You know that when you have multiple Ethernet interfaces on the same box they cannot all be on the same subnet, but must all have addresses from separate subnets. You want everyone all in a single subnet, and don't want a lot of administration headaches, so how will you do this?

    4.3.2. Solution

    Your routerboard needs at least three network interfaces: your Atheros interface, plus two Ethernet interfaces. ath0 is your wireless interface, eth0 is the LAN interface, and eth1 is your WAN interface.

    What we will do is build an Ethernet bridge between ath0 and eth0. Copy this example /etc/network/interfaces, substituting your own LAN addresses and your own ESSID. Remember to run /sbin/rw first to make the Pyramid filesystem writable:

    	pyramid:~# /sbin/rw
	pyramid:~# nano /etc/network/interfaces

	##/etc/network/interfaces
	## wireless bridge configuration
	auto lo
	iface lo inet loopback

	auto br0
	iface br0 inet static
	       address 192.168.1.50
	       network 192.168.1.0
	       netmask 255.255.255.0
	       broadcast 192.168.1.255
	       bridge_ports ath0  eth0
	        post-down wlanconfig ath0 destroy
	        pre-up wlanconfig ath0 create wlandev wifi0 wlanmode ap
	        pre-up iwconfig ath0 essid "alrac-net" channel 01 rate auto
	        pre-up ifconfig ath0 up
	        pre-up sleep 3

    You can test this now by networking with some LAN hosts that have static IP addresses. First restart networking on the router:

    	pyramid:~# /etc/init.d/networking restart

    This creates a wide-open wireless access point. Point your clients to 192.168.1.50 as the default gateway, and you should be able to easily join any wireless clients to your LAN, and ping both wired and wireless PCs. When you're finished, remember to return the filesystem to read-only:

    	pyramid:~# /sbin/ro

    4.3.3. Discussion

    This recipe is totally insecure, but it lets you test your bridge and wireless connectivity before adding more services.

    Let's review the options used in this configuration:


    bridge_ports

    Define the two interfaces to bridge.


    post-down wlanconfig ath0 destroy

    This command tears down the access point when the network interfaces go down. wlanconfig is part of MadWiFi-ng. Use it to create, destroy, and manage access points. With wlanconfig, you can have multiple access points on a single device.


    pre-up wlanconfig ath0 create wlandev wifi0 wlanmode ap

    wifi0 is the name the kernel gives to your Atheros interface, which you can see with dmesg. Next, wlanconfig creates the virtual access point, ath0, on top of wifi0.


    pre-up iwconfig ath0 essid "alracnet" channel 01 rate auto

    Assign the ESSID, channel, and bit-rate. To see the channels, frequencies, and bit-rates supported by your interface card, use this command:

    	pyramid:~# wlanconfig ath0 list chan

    How do you know which channel to use? If you have only one access point, channel 1 should work fine. If you have up to three, try using channels 1, 6, and 11. For more complex networks, please refer to Matthew Gast's excellent book, 802.11 Wireless Networks: The Definitive Guide (O'Reilly):


    pre-upifconfigath0 up

    Bring up ath0 before the bridge comes up.


    pre-upsleep3

    Brief pause to make sure that everything comes up in order.

    You don't have to build the bridge in the traditional way, by configuring eth0 with a zero-IP address, or bringing it up before the bridge is built, because scripts in /etc/network/if-pre-up.d handle that for you.

    I'm sure some of you are wondering about ebtables. ebtables is like iptables for Ethernet bridges. iptables cannot filter bridge traffic, but ebtables can. There are many ingenious ways to use ebtables and Ethernet bridges in your network. In this chapter, I'm leaving ebtables out on purpose because we will be running an iptables Internet firewall on our access point. ebtables is not suitable for an Internet firewall, and trying to use both on the same box is too complicated for this old admin.

    4.3.4. See Also

    • Pyramid Linux does not include manpages, so you should either install the applications in this chapter on a PC, or rely on Google

    • wlanconfig is part of MadWiFi-ng

    • man 8 brctl for bridge options

    • iwconfig is part of the wireless-tools package

    • man 8 iwconfig

    • Pyramid Linux: http://pyramid.metrix.net/

    • Section 3.2

    • 802.11 Wireless Networks: The Definitive Guide, by Matthew Gast (O'Reilly)