Setting Up a Wireless LAN Box / DSL Router

Charles Cheng,
Nov. 12, 2003.

Contents

This document consists of several parts.  Each one may be referenced separately:

Scenario

Terse version

Verbose version

I'm using Hinet's ADSL 512K/64K bps.  Due to the dynamic IP address Hinet has assigned me, [...to be continued.]


Making a New Linux Kernel

If you are using a PCI WLAN card, you're lucky. Newer kernels (e.g. 2.4.21) already has HostAP drivers supported. For example, if you're using RedHat 9, just install this RPM and you've done with HostAP drivers. SuSE 9 (kernel 2.4.21) has internal support for HostAP and Wireless Tools. If your system is SuSE 9, just skip the following sections about driver installation.

Most of us are not so lucky because PCI WLAN cards are rarely sold nowadays. The compromise is to use a PCMCIA card via a PCMCIA-to-PCI adapter.  I personally use WLI-PCI-OP-PC manufactured by Buffalo (with Ricoh R5C475II chip), which works fine. Adapters with other chips may or may not work.  A list of working cards is here.

Anyway, a new kernel is necessary. Let's do it from scratch.

Download Linux 2.4.21 source code (e.g. ftp://linux.sinica.edu.tw/kernel/v2.4/linux-2.4.21.tar.gz) and put it under /usr/src.



Setting Up Wireless LAN Drivers and Utilities

PCMCIA-CS driver

Download the latest PCMCIA-CS driver (pcmcia-cs-3.2.5.tar.gz for example) from http://sourceforge.net/project/showfiles.php?group_id=2405&release_id=94021. Unpack the tarball and cd into the subdirectory created by tar.

So far you have the new PCMCIA-CS modules installed in /lib/modules/2.4.21-wireless. If no error has occured, you don't have to reboot--just install the HostAP driver right away. However, if you are curious enough and choose to reboot your machine then, you will hear 2 beeps that the kernel informs you that a PCMCIA device is detected.

HostAP driver

Similarly, download the latest HostAP driver from http://hostap.epitest.fi/releases/ and unpack the tarball like what we have done with the PCMCIA-CS driver. Change into the subdirectory.

Now, with no error, it's time to reboot.

Configure Wireless LAN

Suppose you have wireless tools installed (if not, just get them at http://hostap.epitest.fi/releases/), configure the wireless with ifconfig and iwconfig:


Setting Up DHCP

default-lease-time 86400;
max-lease-time 604800;
get-lease-hostnames true;
option subnet-mask 255.255.255.0;
option domain-name "smallboy-home.com";
option domain-name-servers 168.95.1.1;
option interface-mtu 1500;
ddns-update-style ad-hoc;

subnet 172.16.3.0 netmask 255.255.255.0 {
        option routers 172.16.3.254;
        option broadcast-address 172.16.2.255;
        range 172.16.2.50 172.16.2.250;
}

Setting Up NAT

Since the IP addresses in your wlan0 subnet (172.16.3.0/24) are virtual, you have to do SNAT (source NAT) to convert it to a legal IP address so that packets can be routed out to or in from the internet. This mechanism is called IP Masquerading in new Linux kernels (2.4 and above). The terms IP-masquerading and netfiltering are used interchangeably. If you have no idea about what NAT/IP-masquerading is, please refer to the HOWTOs on TLDP. Here, I just briefly describe the basic settings of iptables and a few alternatives of it.

First of all, enable IP forwarding:

echo "1" > /proc/sys/net/ipv4/ip_forward

A couple lines of clean-up is good for a clear mind:

iptables -F
iptables -X
iptables -F -t mangle
iptables -t mangle -X
iptables -F -t nat
iptables -t nat -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

The very simplist form of IP-masquerading is to establish a virtual sub-net by a single iptables command:

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

To route packets of a specific port to a specific client, add rule(s) to iptables. For example, client 172.16.3.250 is running an eMule client and thus need port 4662 to get a high ID, add this line to your HostAP box:

iptables -A PREROUTING -t nat -p tcp -d $ppp0 --dport 4662 -j DNAT --to $172.16.3.250:4662

Read man pages of iptables if you want to get more from it.


Bridging

[...to be continued.]