• Blog
  • About Esrun
  • Blackhat SEO Scripts
  • Contact

Ubuntu Gateway / Access Point Server

May 30, 2009 on 5:54 pm | 7 Comments

I’ve been wanting to play wifi king for a long time. Providing free wireless internet access to a reasonable sized area. Finally I got to have a play.

The basic idea is to have a server which shares the internet from a standard connection (e.g DSL) to anyone who connects wirelessly. “You mean a wireless access point, why can’t I just buy a £30 wireless AP?”

Well..

Benefits of running our server over buying a standard wireless access point (AP):

Many run of the mill wireless APs fail under high traffic – With our server, we can use a better processor and increase RAM as required.

Caching – If you’re serving a lot of users then you can save on bandwidth and speed up users browsing experience by using a caching proxy like squid. Basically, when one user views a video on youtube (depending on your squid cache file size settings), squid makes a copy of it and then serves its copy to any future requests. This is quicker than downloading it from youtube and serving it to the client again. You can configure file sizes and cache file life time.

Filtering – For bandwidth saving or corporate reasons you can setup a filter with squid to block access to certain sites, certain types of site or content-type. For example you could block access to youtube or block all video files completley.

Advertising – You can incporporate your own advertising into sites that you’re serving. If you wanted to get into the nitty gritty then you could monitor traffic and serve ads based on user behavour (like phorm, I guess)

What do I need?

The great thing is, to do something like this, you don’t need any pricey hardware.

What you need:

  1. A computer and operating system (In my case, Ubuntu 9.04)
  2. A network card that uses our connection from the ISP
  3. A wireless card that supports ‘master mode’ in linux.

1) The box I’m using in this example was originally used as my desktop system and is far more powerful than what you realistically need. I prefer using laptops (especially when going to and from work) so I’ve converted it for this project.

The specs are:

Processor – Intel Core 2 Quad Q6600 2.4ghz 8mb L2 cache
Motherboard – Intel BLKDG35EC
RAM – 8gb (4 x 2GB Kingston DDR2 PC800)
HD – Western Digital 320GB 7200RPM SATA
Graphics – Nvidia Inno3d 8600GT PCIE 512mb S-video/DVI/VGA
Network – Onboard gigabit ethernet, TP-LINK TL-WN651g
Case – Basic case
Power – ACBEL INTELLIGENT POWER 610W ACTIVE PFC

I’m running Ubuntu 9.04. For this example, I’ll be assuming that everyone is running Ubuntu 9.04 but it shouldn’t vary that much between different linux distros.

2) I’m using my onboard network card connected to a DSL modem. I actually want to replace this step with an internal PCI modem but I’m having trouble finding a suitable card right now.

3) This one took me a long time! I originally hoped I could use USB wifi adapters since this would make it easier to use many to service a big wireless area. I have tested many usb wifi adapters and had no problem getting them to act as access points/’master mode’ in Windows XP but not in Ubuntu! (For those interested, I had best success with adapters using the r8187 chipset).

It was a bit easier finding a PCI wifi card that would work in master mode. The easiest thing to do is find any card which uses an Atheros chipset and use madwifi drivers (explained later). I loaded a few local computer shop websites and then checked their stock against the madwifi compatibility list. I eventually ended up with a TP-LINK TL-WN651g.
Configuring the server

The first thing to do is install Ubuntu. Download the ISO, burn to DVD and install. I won’t go into detail on this because there’s nothing to do really.

Configure the network card to take connection from our ISP

Open a terminal and edit /etc/network/interfaces by adding the following:

#isp
auto eth0
iface eth0 inet dhcp

This assumes that you’re plugging this network card into a source that’s running a DHCP server such as a standard router/DSL modem. If you run ‘/etc/init.d/networking restart’ you should now be online, great!

Configure DNS

Since we’re going to act as an access point, we need to enter the DNS servers we’re going to use. You can enter your ISPs DNS servers or free ones like those provided by OpenDNS. In this example, I’ll assume you’re going to use OpenDNS.

Open a terminal and edit /etc/resolv.conf so that it reads as the following:
nameserver 208.67.222.222
nameserver 208.67.220.220

Configuring the wireless card with madwifi drivers

To get the wireless card to act as an access point we need special drivers known as madwifi. To set this up I simply plugged my pci wireless card into the server and then (in gnome session) I clicked ‘system>administration>hardware drivers’ where it automatically searched for drivers and offered me ‘Alternate Atheros “madwifi” driver. I simply selected and enabled this driver.

After this, I run the following command in a terminal:

apt-get install madwifi-tools

This installs a package of tools we need to configure the card as an access point.

To force the card to always go into AP mode, we’re going to edit file ‘/etc/modprobe.d/madwifi' by adding the following to it:

options ath_pci autocreate=ap

After adding the above, we’ll run ‘modprobe ath_pci'

Configure wireless card to setup access point

Again we’re going to open a terminal and edit our /etc/network/interfaces file by adding the following:

#wifi ap
auto ath0
iface ath0 inet static
wireless-mode master
wireless-essid linksys
address 192.168.1.1
network 192.168.1.0
netmask 255.255.255.0
broadcast 192.168.1.255

If you run ‘/etc/init.d/networking restart’ and scan for wireless access points from another computer, you should now see an access point called ‘linksys’. We’re not done yet though! If you connect, nothing’s going to happen.

Configure the server to route the traffic from the wirless through our ISP connection (eth0)

In terminal run ‘echo boxer > /etc/hostname’

Edit ‘/etc/hosts’ to look the same as:

127.0.0.1       boxer   localhost.localdomain   localhost
192.168.0.100   boxer     server

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

Make a new file ‘/etc/init.d/iptables’ and copy the following into it:

#! /bin/sh
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -A POSTROUTING -o ath0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

To make our new file executable, run ‘chmod +x /etc/init.d/iptables’ and then to make it run on startup run ‘update-rc.d iptables defaults ‘

Install DHCP server

We need to install a DHCP server so that when clients connect, they’re given an IP address. To do this, run

apt-get install dhcp3-server

After this is installed, edit ‘/etc/default/dhcp3-server’ so that INTERFACES=”ath0″

Next, add the following to the bottom of file ‘/etc/dhcp3/dhcpd.conf’

authoritative;
subnet 192.168.1.0 netmask 255.255.255.0 {
range                           192.168.1.100 192.168.1.200;
option domain-name-servers      208.67.222.222,208.67.220.220;
option routers                  192.168.1.1;
default-lease-time              600;
max-lease-time                  7200;
}

Reboot

Everything should now be installed and setup. Now we reboot, cross our fingers and hope everything worked.

Conclusion

I want to update this post with how to install and configure squid as a transparent caching proxy (no need to configure the clients). Right now this just feeds traffic straight through.

I also want to keep working on getting USB wifi adapters working in ‘master/AP’ mode since this would greatly help servicing a large area. Imagine, you can use multiple cheap USB wifi adapters with a different range of antennas connected.

I’m not a linux guru and a lot of this information I’ve learnt/collated from different forums, sites and such like. I can’t see that I’ve missed anything out but let me know if you run into any problems.

7 Comments »

RSS feed for comments on this post. TrackBack URI

  1. Which APs fail under load?

    You could also use the APs as APs — bridge the wireless side to the wired LAN side and feed multiple APs back into a wired port on the Linux box. Leave the Linux box as a router (masquerading is not bridging, BTW. It’s a form of routing).

    That would let you use cheap APs to increase your wireless footprint, while giving you the benefit of having a real router handling the connection to the Internet and services.

    You mentioned using squid… Are you going to set up transparent proxying or make proxying optional?

    Comment by Sean — 30th May, 2009 #

  2. Sean,

    Thanks for pointing out the masquerading/bridging point, I’ll update the post!

    At one point, we had a requirement to use wireless for around 30 heavy internet users. We tried everything from cheap linksys/dlink APs to expensive managed Cisco APs and they all had issues under high load. The most recent is a WRT300n which performed better than most but still had its issues. I also tried alternative firmware like dd-wrt where you can see most of them are maxing out their CPUs.

    What you suggested with using APs as APs is actually what I was doing before I found a working PCI card. I had a second NIC installed, a hub and two wireless APs (a cheap encore one and an apple airport express)

    This did indeed work but I found that it was a bit slower than using a PCI card in AP mode. Also they’re bulkier items and need their own power sources. That’s why the USB adapters would be so great. They’re cheap, easily expendable (up to 5m without a powered extension cable), you can purchase them with standard antenna connectors and they’re so small.

    Also PCI (and perhaps USB) wifi should allow us to play with the transmit power which you can’t do on cheap APs unless you flash the firmware with something like dd-wrt.

    With regards to squid. I already installed it as a transparent proxy so no clients need to be configured. I just didn’t have time to write about the setup in the post yet :)

    Comment by admin — 30th May, 2009 #

  3. This is nice, but wouldn’t it be easier to use IPCOP? I have been using it for years for both wireless and lan.

    Comment by rick — 1st June, 2009 #

  4. Really useful post!
    I could have connected to the acces point, but the internet just seemed to be not working through it. I have an laptop with integrated wifi card. Pinging the server address was OK. What could the problem be?
    Another question is how to make authentication (wep, wpa, wpa2)?
    Thanks in advance!

    Comment by lyon' — 10th January, 2010 #

  5. have you found a usb adapter which can work in master mode?
    I also try to make my box working as an ap.

    Comment by u2uonly — 24th January, 2010 #

  6. hey guys ive been trying out this guide since im new to linux (im so in love with it) and i could run my msi wireless card as an AP on Windows.. so thats pretty much the only thing i still cant get to work on my new machine with ubuntu =(

    Here’s what’s giving me trouble:

    1.- I cant install the madwifi drivers and typing sudo apt-get install madwifi-tools returns “cant find package madwifi-tools”. So i just downloaded the newest version from their site.

    2.- I cant edit the /etc/netword/ interfaces file since its read-only.

    I can connect to other wireless networks around my house so i know for sure the card is working but im not sure what driver im running.. and i read somewhere that ubuntu 10.04 came with madwifi restricted drivers pre-installed.

    Im not sure if i should uninstall my active drivers and then try installing the drivers i downloaded from madwifi’s site.. or what im doing wrong.. please any help would be appreciated!

    Comment by robert — 12th October, 2010 #

  7. Robert, in a terminal try: sudo nano /etc/network/interfaces

    Comment by admin — 12th October, 2010 #

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code lang=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>