Access point pe FreeBSD

[aelius]

Scurta introducere:

Plecand de la o ideea lui Nytro de a posta un tutorial despre access point pe backtrack, am zis ca ar fi ok sa fac share la un tutorial facut de mine in urma cu 9-10 luni. Cum imi plac lucrurile mai complicate si dorind ceva foarte stabil, AP-ul l-am facut pe FreeBSD.

--

Satul de micile cutiute magice folosite pentru Wireless / Routing (Netgear, D-Link), am decis sa-mi fac un AP pe unul din “serverele” cu FreeBSD ce le folosesc acasa pentru lucru. Dezavantajele cutiutelor: Se blocau frecvent, erau instabile.

Note:

- Placa wireless folosita: Linksys WMP54G. (O vede ca Ralink Technology, Corp)

- In tutorial nu am inclus si configurarea protejarii wireless-ului, o sa fac un tutorial separat pentru asta. (Update: S-a facut.)

- Test-ul wireless-ului l-am facut dupa un netbook; Screenshot-ul se poate vedea aici.

- Pe netbook, am configurat manual adresa IP; Daca doriti sa aloce automat, puteti instala DHCPD.

- NAT-ul in firewall este facut catre 10.0.0.12 (Adresa IP dupa placa de retea externala – Nu am specificat nat catre interfata pentru ca este si IPv6)

- FreeBSD-ul folosit este 8.2 Release.

tex ~ # pciconf -lv
....................................
ral0@pci0:1:0:0:        card=0x00551737 chip=0x03011814 rev=0x00 hdr=0x00
    vendor     = 'Ralink Technology, Corp.'
    device     = 'Edimax 54 MBit WLan 802.11g rt 2500 (b8341462)'
    class      = network
tex ~ # ifconfig ral0
ral0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 2290
        ether 00:16:b6:5d:73:05
        media: IEEE 802.11 Wireless Ethernet autoselect (autoselect)
        status: no carrier
tex ~ # dmesg |grep ral
ral0: <Ralink Technology RT2561S> mem 0xfbef8000-0xfbefffff irq 17 at device 0.0 on pci1
ral0: MAC/BBP RT2661B, RF RT2527
ral0: [ITHREAD]
ppc0: <Parallel port> port 0x378-0x37f irq 7 on acpi0
ppbus0: <Parallel port bus> on ppc0
ppi0: <Parallel I/O> on ppbus0

tex ~ # ifconfig wlan1 create wlandev ral0 wlanmode hostap
tex ~ # ifconfig wlan1 up scan
SSID/MESH ID    BSSID              CHAN RATE   S:N     INT CAPS
FRITZ!Box o...  00:24:fe:ac:7b:35    1   54M -93:-95  100 EPS  RSN WPA WME HTCAP ATH WPS
LINUX SECUR...  00:1b:2f:f6:d5:12   11   54M -83:-95  100 EPS  RSN WPA WME
tex ~ #
tex ~ # ifconfig wlan1 192.168.0.1 netmask 255.255.255.0 ssid RTFM channel 11
tex ~ # ifconfig wlan1
wlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 00:16:b6:5d:73:05
        inet6 fe80::216:b6ff:fe5d:7305%wlan1 prefixlen 64 scopeid 0x7
        inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
        nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
        media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
        status: running
        ssid RTFM channel 11 (2437 MHz 11g) bssid 00:16:b6:5d:73:05
        country US authmode OPEN privacy OFF txpower 0 scanvalid 60
        protmode CTS dtimperiod 1 -dfs
tex ~ # pico /etc/rc.conf
............
wlans_ral0="wlan1"
create_args_wlan1="wlanmode hostap mode 11g"
ifconfig_wlan1="inet 192.168.0.1 netmask 0xffffff00 ssid RTFM channel 11"
............
tex ~ # pico /etc/pf.conf
............
nat from 192.168.0.0/24 to any -> 10.0.0.12
............
tex ~ # /etc/rc.d/pf reload
Reloading pf rules.
tex ~ # sysctl net.inet.ip.forwarding=1
net.inet.ip.forwarding: 0 -> 1
tex ~ # echo 'net.inet.ip.forwarding=1' >> /etc/sysctl.conf
tex ~ # ifconfig -m wlan1
wlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 00:16:b6:5d:73:05
        inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
        inet6 fe80::216:b6ff:fe5d:7305%wlan1 prefixlen 64 scopeid 0x7
        nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
        media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
        status: running
        supported media:
                media OFDM/54Mbps mode autoselect mediaopt hostap
                media OFDM/48Mbps mode autoselect mediaopt hostap
                media OFDM/36Mbps mode autoselect mediaopt hostap
                media OFDM/24Mbps mode autoselect mediaopt hostap
                media OFDM/18Mbps mode autoselect mediaopt hostap
                media OFDM/12Mbps mode autoselect mediaopt hostap
                media OFDM/9Mbps mode autoselect mediaopt hostap
                media OFDM/6Mbps mode autoselect mediaopt hostap
                media DS/11Mbps mode autoselect mediaopt hostap
                media DS/5.5Mbps mode autoselect mediaopt hostap
                media DS/2Mbps mode autoselect mediaopt hostap
                media DS/1Mbps mode autoselect mediaopt hostap
                media OFDM/54Mbps mode 11g mediaopt hostap
                media OFDM/48Mbps mode 11g mediaopt hostap
                media OFDM/36Mbps mode 11g mediaopt hostap
                media OFDM/24Mbps mode 11g mediaopt hostap
                media OFDM/18Mbps mode 11g mediaopt hostap
                media OFDM/12Mbps mode 11g mediaopt hostap
                media OFDM/9Mbps mode 11g mediaopt hostap
                media OFDM/6Mbps mode 11g mediaopt hostap
                media DS/11Mbps mode 11g mediaopt hostap
                media DS/5.5Mbps mode 11g mediaopt hostap
                media DS/2Mbps mode 11g mediaopt hostap
                media DS/1Mbps mode 11g mediaopt hostap
                media autoselect mode 11g mediaopt hostap
                media DS/11Mbps mode 11b mediaopt hostap
                media DS/5.5Mbps mode 11b mediaopt hostap
                media DS/2Mbps mode 11b mediaopt hostap
                media DS/1Mbps mode 11b mediaopt hostap
                media autoselect mode 11b mediaopt hostap
                media autoselect mode autoselect mediaopt hostap
        ssid RTFM channel 11 (2462 MHz 11g) bssid 00:16:b6:5d:73:05
        country US authmode OPEN privacy OFF txpower 0 scanvalid 60
        protmode CTS dtimperiod 1 -dfs
tex ~ #

Alte note:

- Daca doriti sa va faceti o jucarie de genul si nu pricepeti ceva, va pot ajuta.

- O sa includ in acest thread inca un howto, pentru protejarea AP-ului.

Edited January 15, 2012 by aelius

[aelius]

In tutorialul de mai sus, nu am inclus si protejarea AP-ului si am spus ca o sa fac un tutorial separat pentru acest lucru.

Pentru protejarea AP-ului am folosit hostapd iar rezultatul (wpa-psk) se poate vedea aici.

# fisierul de configuratie: "/etc/hostapd.conf"
interface=wlan1
driver=bsd

logger_syslog=-1
logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=0

debug=3

dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel

## IEEE 802.11
ssid=RTFM
macaddr_acl=0
auth_algs=1

#### IEEE 802.1X
ieee8021x=0

## WPA/IEEE 802.11i
wpa=1
wpa_passphrase=READTHEFUCKINGMANUAL
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP TKIP

tex ~ # echo 'hostapd_enable="YES"' >> /etc/rc.conf
tex ~ # /etc/rc.d/hostapd start
Starting hostapd.
Configuration file: /etc/hostapd.conf
wlan1: IEEE 802.11 Fetching hardware channel/rate support not supported.
Using interface wlan1 with hwaddr 00:16:b6:5d:73:05 and ssid '"RTFM"'
tex ~ # ifconfig wlan1
wlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
 ether 00:16:b6:5d:73:05
 inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
 inet6 fe80::216:b6ff:fe5d:7305%wlan1 prefixlen 64 scopeid 0x7
 nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
 media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
 status: running
 ssid RTFM channel 11 (2462 MHz 11g) bssid 00:16:b6:5d:73:05
 country US authmode WPA privacy MIXED deftxkey 3 TKIP 2:128-bit
 TKIP 3:128-bit txpower 0 scanvalid 60 protmode CTS dtimperiod 1 -dfs
tex ~ #

Este de destul de simplu, totul consta intr-un fisier de configurare. La "wpa_passphrase" va recomand o parola mai decenta (cu toate ca la mine tot aia este, de aproape 9 luni)