First draft of NZ-Wireless Linux AP installation HOWTO
Begin with introduction then move to hardware requirements. Follow with steps.
Steps
1- Install RedHat Linux.
For the purpose of this section, RedHat Linux version 8.0 has been chosen for use as the basis of a Linux Access Point. The steps below assume that the reader has not installed Linux before and may wish to use the Access Point as a Server or as a Desktop, thus the following is a step-by-step guide that may not be right for you, so if you're comfortable with the Linux install procedure, this section can be skipped.
The end result will be a Linux box running GNOME that can be used for multiple purposes but is not optimised for any single purpose. For a more in-depth guide to installing RedHat version 8.0 refer to http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/install-guide/
Screen 1 - <Enter> for install in graphical mode.
Screen 2 - “Next”
Screen 3 - “English”
Screen 4 Keyboard type. Chose “US International”
Screen 5 – Mouse type. Select your mouse type here and, if you are going to use this system as a desktop, enable “emulate 3 buttons” check box
Screen 6 - Installation type. Choose “Custom”
Screen 7 - Disk Partitioning. Choose “Manually with Disk Druid”
Screen 8 - Disk Setup. Delete all existing partitions (WARNING: ALL Data currently on the disk is erased!) Depending on your needs, create new partitions. I go for simplicity, creating two partitions, one for use as swap which I make twice as large as the amount of physical RAM and one for all other data, called a root partition. Here's how;
Select “new” then enter the following ionto the pop-up box;
file system type “swap” size “{2x RAM} e.g. 64” “OK”
then;
Select “new” then enter the following into the pop-up box;
Mount Point “/” File system type “EXT3” click the “Fill to maximum allowable size” checkbox and click “OK”
You should now have two visible partitions, called /dev/hda1 and /dev/hda2 underneath the /dev/hda entry. One will be type “EXT3” and one will be type “swap.”
Click “next”
Screen 9 - Boot Loader
Grub is the preferred boot loader and the default options are suitable. Click “next.”
Screen 10 – Network configuration. You will see a list of your network interfaces. Configure each one to suit your own physical network requirements. I don't use DHCP for wired machines so I select “manually” and configure the IP information in the box provided. Note that your wireless card probably has not been detected by this stage. Don't worry we'll configure it later.
Screen 11 – Firewall configuration. If you intend to run NoCat you're entries here will be superseded by the NoCat configuration process. Select “Medium” security level and ETH0 as a “trusted device” and Allow Incoming “ssh.”
Screen 12 – Additional Language Support. Check “English (NZ)” and uncheck “English (USA)”
Screen 13 – Click on the map of New Zealand to set the timezone.
Screen 14 – Create a root password that you will remember.
“OK” then “Next”
Screen 15 – Authentication Configuration. The default settings are acceptable. Click “Next.”
Screen 16 – Package selection. The packages you chose here will depend on what you want to do with your system. The recommendations I make below are guidelines, and anything that you leave out here but need later can be installed at a later stage. Here are the ones that you absolutely (N)eed, can (R)emove or (M)ight be nice to have. Anything not mentioned here can be left to the RedHat default selection.
In “Editors”
Emacs (R)
vim-enhanced (M)
In “Graphical Internet”
evolution (R)
gaim (R)
mozilla-mail (R)
pan (R)
xchat (R)
In “Office/Productivity”
mrproject (R)
openoffice (R)
In “Sound and Video”
Any selected can be (R)'ed
In “Graphics”
gimp (R)
gimp-data-extras (R)
gtkam (R)
sane-frontends (R)
xsane (R)
xsane-gimp (R)
In “Server Configuration Tools” select all of the GUI configuration tools you require for the various services you intend to have on the box, particularly;
redhat-config-bind (M)
redhat-config-httpd (M)
redhat-config-network (M)
redhat-config-services (M)
In “Web server” select all that are applicable for your Apache installation. For NoCat you will need;
mod_perl (N)
mod_ssl (N)
In “DNS Name Server”
caching-nameserver (N)
In “Network Servers” Select all of the services you wish to run. For Nzwireless we need “ZEBRA” and “DHCP”
cipe (R)
dhcp (N)
pxe (R)
rsh-server (R)
talk-server (R)
telnet-server (R)
ypserv (R)
zebra (N)
In “Administration Tools” select all of the GUI config tools that you think you require. They are safe to install even if you never end up using them.
In “System Tools”
amanda (M) (for backups)
ethereal (M)
ethereal-gnome (M)
nmap (M)
nmap-frontend (M)
shapecfg (M)
Click next to being the actual RedHat installation. The install process will begin by formatting the new partitions and installing the various packages required for a functioning system. Depending on your system, the installation should take approximately 25 minutes. At the end of this process, configure the X display system for your hardware if required. I like to turn off “Graphical” login type at this point.
Necessary packages include IPTABLES, DHCPD, ZEBRA, PERL, NAMED, SSH. MRT?
2- Upgrade Linux kernel to include HOSTAP support, binary available from http://www.cat.pdx.edu/~baera/redhat_hostap/
Like [root@accesspoint root] rpm -Uvh kernel-2.4.20-13.9.HOSTAP.i686.rpm
Or, if you're happy compiling your own kernel, do so using the HOSTAP driver available from
http://hostap.epitest.fi/
Install wireless-tools (latest RPM available from www.rpmfind.net) if this is not already present on your system.
2b- Configuration.
-Edit the file /etc/modules.conf and add the line “wlan0 hostap_pci” (without quotes) This tells the
Linux kernel to load the HOSTAP modules when the device WLAN0 is present and required.
-Create a file /etc/sysconfig/network-scripts/ifcfg-wlan0 to configure the IP information of your wireless card. Note that you should fill in the network information assigned to you by NZWireless.
The contents of this file should look like this;
DEVICE=WLAN0
ONBOOT=yes
BOOTPROTO=static
IPADDR=10.x.x.x (an address [usually .1] in the network assigned for your use by NZWireless)
NETMASK=255.255.255.0
Add the following two lines to the end of the file /etc/rc.local
echo "1" >/proc/sys/net/ipv4/ip_forward
/sbin/iwconfig wlan0 ESSID "NODE.REGION.nzwireless.org"
The first line causes your Access Point to act like a router, forwarding traffic from one interface (e.g. WLAN0) to another (e.g. ETH0.) The second line uses the iwconfig tool to configure some basic parameters for your node. You will need to use the right values for “NODE” e.g. “imon1” and REGION e.g. “auckland.” These values should be the same as your nodedb.com node entry.
Reboot your system with the command “shutdown -r now.” Watch as the system comes up to make sure that no module errors are reported. Once the system is up login and check that your access point is now working, using the commands
/sbin/iwconfig
/sbin/ifconfig
Both should show detailed information about your WLAN0 wireless interface. If they don't, check that the modules “hostap_pci” “hostap” and “hostap_crypt” have been loaded by the kernel by performing the following command;
/sbin/lsmod
and perform the following command to ensure that an IRQ has been assigned to your wireless card;
cat /proc/interrupts
..you should see an entry for “wlan0”
3- Configure DHCPD
Clients that connect to your Access Point can have their TCP/IP settings automatically configured, via the DHCPD service daemon. The configuration file for this service is /etc/dhcpd.conf, which can be created to look something like this;
# Sample /etc/dhcpd.conf
# Set some defaults for lease time and DNS update method
ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;
# Set the subnet mask for the wireless IP network
option subnet-mask 255.255.255.0;
# Set the Broadcast address. This will be 10.x.x.255,
# depending upon the network assigned to you by NZWireless.
option broadcast-address 10.10.10.255;
# Set the router address, this will be 10.x.x.1, the address of your wireless interface WLAN0
option routers 10.10.10.1;
# Set the Name Server address. This will be the same as your WLAN0 address because
# we intend to run DNS on this machine.
option domain-name-servers 10.10.10.1;
#Set the default domain name for clients on this network.
option domain-name "YOURNODE.REGION.nzwireless.org";
# Allocate a network range for dynamic IP addresses to hand out to clients. Again, this
# range will be in 10.x.x.x, depending upon the network allocation from NZWireless.
subnet 10.10.10.0 netmask 255.255.255.0 {
range 10.10.10.10 10.10.10.20;
}
Test that this configuration is working by executing the command;
service dhcpd start
and attempting to connect with a wireless client.
4- Configure DNS
The Access Point can be configured to serve DNS requests and allocate domain names to clients. This is achieved by configuring BIND, the NAMED daemon. We need to construct a configuration file for this daemon (/etc/named.conf) and zone files for our wireless network. More information on configuring BIND can be found here;
http://www.tldp.org/HOWTO/DNS-HOWTO.html
In this example we use the network 10.10.10.0/24 and the domain “simon.mnwtu.nzwireless.org.” You should replace these values with the ones allocated to you by NZWireless.
Start by typing the command “rndc-confgen -a -c /etc/rndc.key” to generate an rndc key, used by the rndc management tool to authenticate itself with named.
Create a new /etc/named.conf file like this;
// Example named.conf file
//
// Set default directory, allow queries from the entire NZWireless network.
// Both of the IP addresses given in the section “forwarders” should be set to the DNS
// servers of your ISP.
options {
directory "/var/named";
allow-query { 10.0.0.0/8; localhost; };
allow-recursion { 10.0.0.0/8; localhost; };
forward first;
forwarders {
0.0.0.0;
0.0.0.0;
};
topology {
10/8;};
};
// Set security features.
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
// This is the root servers zone file, already present on this system.
zone "." {
type hint;
file "named.ca";
};
// This is the localhost zone file, already present on the system.
zone “localhost” IN {
type master;
file "localhost.zone";
allow-update { none; };
};
// This is the reverse zone file for localhost, already present on the system.
zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
allow-update { none; };
};
// This is the zone file for our wireless domain. Edit this entry to reflect your domain.
zone "simon.mnwtu.nzwireless.org" {
allow-transfer { 10.0.0.0/8; localhost; };
allow-query { any; };
allow-update { none; };
type master;
notify no;
file "simon.mnwtu.nzwireless.org";
};
// This is the reverse zone file for our wireless domain. Edit it to reflect the IP network
// assigned by NZWireless. (note – in reverse! 10.10.10.0 becomes 0.10.10.10.in-addr.arpa)
zone "10.10.10.in-addr.arpa" {
allow-transfer { 10.0.0.0/8; localhost; };
allow-query { any; };
allow-update { none; };
type master;
notify no;
file "10.10.10.in-addr.arpa";
};
// A key file needs to be referenced for use by rndc.
include "/etc/rndc.key";
Next we build zone files. These will contain the DNS information for machines on our wireless network. Three of the zone files mentioned in named.conf are already present on the system. We only need to add the two "10.10.10.in-addr.arpa" and “simon.mnwtu.nzwireless.org” we created entries for in /etc/named.conf. We do this by creating the files;
/var/named/simon.mnwtu.nzwireless.org
/var/named/10.10.10.in-addr.arpa
Here's how they should look;
; Example zone file for simon.mnwtu.nzwireless.org
;
; Change "oob.wildstar.net" to your own email address e.g. "something.yahoo.com"
;
$TTL 3D
@ IN SOA ns.simon.mnwtu.nzwireless.org oob.wildstar.net (
199802151 ; serial, todays date + todays serial #
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ) ; minimum, seconds
;
NS accesspoint ; Inet Address of name server
;
localhost A 127.0.0.1
accesspoint A 10.10.10.1
TXT "Simons Wireless Gateway"
dhcp-01 A 10.10.10.10
dhcp-02 A 10.10.10.11
dhcp-03 A 10.10.10.12
dhcp-04 A 10.10.10.13
dhcp-05 A 10.10.10.14
dhcp-06 A 10.10.10.15
dhcp-07 A 10.10.10.16
dhcp-08 A 10.10.10.17
dhcp-09 A 10.10.10.18
dhcp-10 A 10.10.10.19
dhcp-11 A 10.10.10.20
;Example zone file for 10.10.10.0
;
; Change "oob.wildstar.net" to your own email address e.g. "something.yahoo.com"
;
$TTL 3D
@ IN SOA ns.simon.mnwtu.nzwireless.org oob.wildstar.net. (
1 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum TTL
NS accesspoint.simon.mnwtu.nzwireless.org
1 PTR accesspoint.simon.mnwtu.nzwireless.org
10 PTR dhcp-01.simon.mnwtu.nzwireless.org
11 PTR dhcp-02.simon.mnwtu.nzwireless.org
12 PTR dhcp-03.simon.mnwtu.nzwireless.org
13 PTR dhcp-04.simon.mnwtu.nzwireless.org
14 PTR dhcp-05.simon.mnwtu.nzwireless.org
15 PTR dhcp-06.simon.mnwtu.nzwireless.org
16 PTR dhcp-07.simon.mnwtu.nzwireless.org
17 PTR dhcp-08.simon.mnwtu.nzwireless.org
18 PTR dhcp-09.simon.mnwtu.nzwireless.org
19 PTR dhcp-10.simon.mnwtu.nzwireless.org
20 PTR dhcp-11.simon.mnwtu.nzwireless.org
Finally, we add an entry to the file /etc/resolv.conf to point the local machine to the local name server by adding the lines;
nameserver 127.0.0.1
search simon.mnwtu.nzwireless.org
5- Configure Linux for serial console access if this machine is going to be headless, following the instructions at http://www.tldp.org/HOWTO/Remote-Serial-Console-HOWTO/
This may necessitate BIOS changes
6- Harden Linux. Turn off unnecessary services, remove unneeded users etc. Perhaps using the Linux benchmarking tool available at http://www.cisecurity.org/
7- Configure HOSTAP and Network (DON'T FORGET WIRELESS TOOLS)
Obtain an RFC1918 reserved network from the NZWireless NIC.http://www.nzwireless.org/modules.php?name=Content&pa=showpage&pid=2
8- (Optional) Install and configure Apache including SSL (MAY NEED TO TALK TO EB ABOUT CERTS)
9- (Optional) install and configure NOCAT GATEWAY and AUTH
10 (Optional) configure OSPF functionality in ZEBRA
11 (Optional) Configure traffic shaping (WHAT IS THAT RH THING?)