Sometimes it can be useful to turn your laptop into Wi-Fi AP and quickly share your resources (e.g. internet connection) to others. This can make you new friends especially during conferences and similar events :). Of course supported HW is needed to get this work. Current status of linux drivers can be checked on the Linux Wireless drivers status page. Look for AP mode and cfg80211 - this is the preferred combination. But several non mac80211 drivers can also be used with the hostapd. For more details visit the hostapd homepage. If your HW is supported, the easiest way is probably to use the dnsmasq and hostapd. In Fedora install them by:
# yum install dnsmasq hostapd
Simple script to set things up
You can use the following script for going on the air quickly (it is prepared for mac80211 drivers, others would require editing):
#!/bin/bash WANIF="eth0" # Interface connected to internet LANIF="wlan0" # Interface that will serve the LAN, e.g. Wi-Fi card COUNTRYCODE="CZ" # regulationary ISO/IEC 3166-1 Alpha-2 countrycode MODE="g" # mode a,b,g CHANNEL="11" # channel to use ESSID="MY_NET" # SSID to use KEY="my_pass" # password to use LANIP="192.168.101.1" # IP to use on your LAN interface DHCP_POOL_START="192.168.101.3" # First IP to assign to clients DHCP_POOL_END="192.168.101.254" # Last IP to assign to clients # Enable packet forwarding sysctl -w net.ipv4.ip_forward=1 # Enable handling of dynamic IPs (e.g. on WANIF) sysctl -w net.ipv4.ip_dynaddr=1 ifconfig $LANIF $LANIP # Start hostpad hostapd -BP /var/run/hostapd.pid <(cat <<:end interface=$LANIF driver=nl80211 logger_syslog=-1 logger_syslog_level=2 logger_stdout=-1 logger_stdout_level=2 debug=0 dump_file=/tmp/hostapd.dump ctrl_interface=/var/run/hostapd ctrl_interface_group=0 country_code=$COUNTRYCODE CHANNEL=$CHANNEL ssid=$ESSID hw_MODE=$MODE # 1 to enable only clients with MAC listed in accept_mac_file macaddr_acl=0 #accept_mac_file=/etc/hostapd/hostapd.accept auth_algs=1 # Workaround for WinXP (only if only broadcast keys are used) eapol_KEY_index_workaround=0 # Beacon interval in 1.024 ms beacon_int=100 # Wireless Multimedia Extension/Wi-Fi Multimedia needed for # IEEE 802.11n (HT) wmm_enabled=1 # 1 to enable 802.11n ieee80211n=0 # WEP/WPA/WPA2 bitmask, 0 for open/WEP, 1 for WPA, 2 for WPA2 wpa=2 # WPA2 settings wpa_passphrase=$KEY wpa_KEY_mgmt=WPA-PSK rsn_pairwise=CCMP # WEP settings # WEP key length should be 5 (40 bit), 13 (64 bit) or # 16 (128 bit) chars #wep_KEY0="$KEY" #wep_default_KEY=0 :end ) dnsmasq -i $LANIF --dhcp-range=$DHCP_POOL_START,$DHCP_POOL_END # FWD: Allow all connections OUT and only existing and related IN iptables -I FORWARD -i $WANIF -o $LANIF -m state \ --state ESTABLISHED,RELATED -j ACCEPT iptables -I FORWARD -i $LANIF -o $WANIF -j ACCEPT # Enabling SNAT (MASQUERADE) functionality on $WANIF iptables -t nat -I POSTROUTING -o $WANIF -j MASQUERADE
For permanent setup it is better to transfer your hostapd settings into /etc/hostapd/hostapd.conf and your dnsmasq settings into /etc/dnsmasq.conf. Then you will be able to start and manage the services through sysvinit / systemd or whatever your system uses. Finally, for permantent setup you will also need to add the two sysctls (in Fedora to /etc/sysctl.conf) and iptables rules (in Fedora to /etc/sysconfig/iptables).
Ralink cards
Personally I tried this on my netbook with integrated 802.11n card (rt2800pci). There is quick howto on the rt2x00 project page. But it didn't work for me - the client was unable to associate and I was getting in the log: "IEEE 802.11: did not acknowledge association response". I found the resolution of this problem on the Ez nem egy blog. The author stated there that the driver is unable to ack several frames, but the hostapd needs them to be acked. The simple hack is to patch the hostapd to blindly assume it gets acked. I used the following patch (it differs from the original one from the above link by not logging the errors):
diff -up src/ap/ieee802_11.c.orig src/ap/ieee802_11.c
--- src/ap/ieee802_11.c.orig 2010-09-07 17:43:39.000000000 +0200
+++ src/ap/ieee802_11.c 2011-10-08 21:02:17.000000000 +0200
@@ -1475,13 +1475,6 @@ static void handle_auth_cb(struct hostap
u16 auth_alg, auth_transaction, status_code;
struct sta_info *sta;
- if (!ok) {
- hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211,
- HOSTAPD_LEVEL_NOTICE,
- "did not acknowledge authentication response");
- return;
- }
-
if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
printf("handle_auth_cb - too short payload (len=%lu)\n",
(unsigned long) len);
@@ -1518,13 +1511,6 @@ static void handle_assoc_cb(struct hosta
int new_assoc = 1;
struct ieee80211_ht_capabilities ht_cap;
- if (!ok) {
- hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211,
- HOSTAPD_LEVEL_DEBUG,
- "did not acknowledge association response");
- return;
- }
-
if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) :
sizeof(mgmt->u.assoc_resp))) {
printf("handle_assoc_cb(reassoc=%d) - too short payload "
Then it worked like a charm.
I also tried the rt73usb based dongle. This one shouldn't work according to rt2x00 project page, because they don't know how to get the status messages (ACK/FAIL) for sent packets from the HW. I think there should be a way how to get the ACKs, because the Windows driver works OK. The simple association hack from the above is not enough here, probably more blindly acks would be needed. This is really dirty solution, so I give it up for today. I will look on this more deep later.
Žádné komentáře:
Okomentovat