Linux Wireless Access Point HOWTO


Chapter 1. Introduction

This HOWTO was originally written for use at an NZ-Wireless Linux building workshop but has since expanded to become a more general purpose guide. The final product aims to be a Linux box that can route traffic to other access points on a wireless network and provide network connectivity for locally connecting wireless clients such as PDAs and laptops. It aims to be a router, firewall, hotspot and access point - all in one go. Judge for yourself how successful it is.

I am no expert, but I have used a procedure similar to this successfully in the past to build Access Points. While doing so I found that there was a distinct lack of documentation so I decided to put this together as a reference. At the time of writing (June/03) this HOWTO has not been tested end-to-end as I am simply documenting the steps taken as I build a test system. That said, I'm fairly happy with it so far and optimistic that people will find it useful.

Throughout this document I will make frequent reference to New Zealand Wireless in examples, because this is the community group to which I am affiliated. While some of the information provided here is specific to that community group, in most cases you should be able to replace those details with the values pertinent to your community group. This is because many wireless groups use the technologies presented here, or at least a subset of them, with some variation. They also tend to configure them in roughly the same manner.

The technologies presented here are those in common use, those I believe to be best of breed, those that are required by the hardware or those that are simply convenient. For the sake of brevity I have not discussed alternatives, though there are many and some may suit your situation better than those presented here. The central technologies described herein are Redhat Linux v 9.0 the HOSTAP driver, DHCP, BIND, OSPF, IPTABLES and NoCat.

There are bound to be errors and omissions in this HOWTO. Please send me any bug reports.

1.1 Example diagrams

Here are a couple of hypothetical network diagrams to illustrate what we are trying to achieve. We imagine that your current network looks something like this;

Where x.x.x.x is the IP address assigned to you by your ISP and is the RFC-1918 reserved network used on your LAN.

By adding a wireless Access Point to your current network we will get something this;

Where your Access Point has two network interfaces; is the IP address that you assign to your Access Point on your wired network (LAN) and is the IP address that you assign to your Access Point on the wireless network.

Some quick notes regarding this diagram and network topology;

-NZ-Wireless uses an RFC-1918 reserved IP network for our wireless network. We assign each Access Point a class C network in this range, such as or perhaps

-Access Points are expected to use the first address in this range i.e. 10.x.x.1 which leaves 253 addresses (more than you will ever need) to assign to locally connected wireless clients such as in our example diagram.

-Our Access Point has two network interfaces, one on the wired network you already have and one on the wireless network which we will set up in this HOWTO.

-Our Access Point makes two types of wireless connections. The first type is to machines that directly connect to (or rather; associate with) our Access Point. The second type is a dynamic routing connection to other Access Points on the wireless network. These two types of connections are achieved by DHCP and OSPF respectively. Both of which we will set up in this HOWTO.

1.2 Chapter descriptions

Here's a brief chapter description so you can get an idea of what you have to look forward to;

In chapter 2, the basic requirements for an Access Point are outlined, including the hardware requirements and information necessary to begin.

In chapter 3, a step-by-step guide to installing a suitable (vanilla) RedHat 9.0 is described. An assumption is made here that users may also use their access point for other purposes, such as a desktop or server, meaning that the end system is by no means optimised for any particular purpose. This section can safely (or perhaps; wisely) be skipped by users familiar with the Linux installation process.

In chapter 4, The process for installing and configuring the HOSTAP driver (needed to use Linux as an Access Point) is described.

In chapter 5, DHCP is configured. DHCPD is used to provide TCP/IP configuration for wireless clients connecting to the Access Point.

In chapter 6, NAMED is configured. NAMED is used to provide DNS services to the wireless network.

In chapter 7, Routing is configured. NZ-Wireless uses OSPFD (a part of the ZEBRA package) for dynamic routing configuration. Other groups may use BGP, AODV or static routes. None of these are discussed in this HOWTO

In chapter 8, IPTABLES is configured to secure the Access Point and the wired network it is connected to. Note that this configuration will be superceded by NOCATs configuration (described in appendix A) for those who chose to use NOCAT.

In Chapter 9, Configuring the NoCatAuth Gateway service for running captive portal HOTSPOTing with traffic shaping is described.

In Chapter 10, Configuring the NoCatAuth Authentication service, used for authenticating NOCAT clients is described, Apache-SSL is included.

In chapter 11, Necessary services are turned on and unnecessary services are turned off and some basic hardening of the Access Point (e.g. removing user accounts, configuring SSH and Serial console access) is described. The CIS benchmarking tool is used to give us a guide to basic hardening.

In Appendix A, the Copyright, Disclaimer and Acknowledgements notices are provided.

In Appendix B is the GNU Free Documentation License which covers this HOWTO.

Previous Home Next