Home Networking With HALNet ADSL

Home Networking With HALNet ADSL

Home Print this page

FreeBSD Wireless Access Point

     Please follow the Router/Firewall instructions before continuing. This section is realy more of a proof of concept than anything else. I have a setup such as this working at my home and have no major problems to speak of, but there is currently no easy way to maintain it AND make it secure, so there are quite a few steps involved and it is an absolutly manual process.

     Now that your router is working, we can make it wireless. First thing to do is find a wireless card that is supported. I'm using a D-Link DWL520 802.11b card that just so happens to have a Prism chipset. CAUTION: The DWL520+ is NOT supported since it uses a special TI chip. Pay close attention to EXACT model numbers and revisions. See the hardware compatability list for your version before purchasing a wireless card. I would HIGHLY recommend getting one that's Prism (802.11b) or Atheros (802.11a/b/g) based. NOTE: Only the Atheros 802.11a/b/g and 802.11a are supported as in the D-Link DWL-AG650, NOT the 802.11b/g as in the D-Link DWL-G650 (at the time of writing at least). Supported wireless cards can be found here for versions 4.9 and 5.2. Look for your card under the "wi" (Intersil Prism based chip) or "ath" (Atheros based chips) drivers. NOTE: Atheros has a copyright on the term "Super G". All of the Atheros based cards I've seen have a little 1/2" or so square emblem that says "Super G, Powered by Atheros" or have a short blirb in the copyright notice somewhere on the package, so they should be easy to spot. You may also want to see http://customerproducts.atheros.com/customerproducts/ for a more complete list of Atheros based cards.

     NOTE: The Prism based cards are limited to 2Mb when in access point mode. The Atheros chip works at full speed in a/b/g, however I've only been able to get it to do one at a time (ie. a, b, or g, but not all). If you find a way, then please let me know.

     The first thing to do is tell it what interfaces to bridge and to activate the firewall on the bridged interfaces. See the Router/Firewall page for information on how to determine what interface is what.

Edit/Create /etc/rc.local with the folling entry depending on your version:
Earlier than 5.2-RELEASE:


		sysctl net.link.ether.bridge_config=WiLAN,LAN

5.2-RELEASE and above:


		sysctl net.link.ether.bridge_cfg=WiLAN,LAN

And the following for both:


		sysctl net.link.ether.bridge.enable=1

		sysctl net.inet.ip.forwarding=1

		sysctl net.link.ether.bridge_ipfw=1

		sysctl net.link.ether.ipfw=1

Now to install the suite of wireless utilities called bsd-airtools from Dachb0den Labs.
As root type:


	pkg_add -r bsd-airtools

This should return some output simillar to:


	Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-5.2.1-release/Latest/bsd-airtools.tbz... Done.

OR, you can install it from the ports tree:


	cd /usr/ports/net-mgmt/bsd-airtools

	make install clean

If you don't already have a WEP key that you would like to use, then you may generate a set of them with dwepkeygen from the bsd-airtools package you just installed, or use mine for a web based key generator.

Once you have your key we can configure the wireless interface (WiLAN) to use it and set itself up to accept connections from your wireless clients
As root, add/modify the following in /etc/rc.conf :


	ifconfig_WiLAN="up station NameOfYourMachine ssid NameOfYourNetwork channel ChannelFrom1-11 media DS/11Mbps wepmode on wepkey 0xYourKeyInHex mediaopt hostap"

Uppon reboot the access point should be visible from the wireless client machines. If not then you may test your configuration with the following commands while logged in as root:
First is to see that the wireless card was configured correctly. Try "ifconfig WiLAN" to see that the card is configured according to the entry you made in /etc/rc.conf.
It should return something like:


	wi0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500

        inet6 fe80::205:5dh4:feb3:cdd6%wi0 prefixlen 64 scopeid 0x1 

        atalk 65280.76 range 65280-65534 phase 2 broadcast 0.255

        ether 00:05:5e:a9:c4:a4

        media: IEEE 802.11 Wireless Ethernet DS/11Mbps  (DS/2Mbps )

        status: associated

        ssid NameOfYourNetwork 1:NameOfYourNetwork

        stationname NameOfYourMachine

        channel ChannelFrom1-11 authmode OPEN powersavemode OFF powersavesleep 100

        wepmode MIXED weptxkey 1

        wepkey 1:40-bit

If it does not match or there are other oddities then try to manually configure the card with:


	ifconfig WiLAN up station NameOfYourMachine ssid NameOfYourNetwork channel ChannelFrom1-11 media DS/11Mbps wepmode on wepkey 0xYourKeyInHex mediaopt hostap

If this fails, it should give you a hint as to what value was not supported by your wireless card, and thus should be corrected in /etc/rc.conf.

If you are using the 5.x branch then you also have the ability to do MAC filtering with the new ipfw2 firewall. If you would like to utilize this feature then modify /etc/rc.firewall as shown in the Router / Firewall page and add the following MAC rules to /etc/rc.firewall (where you have #services, #local net, and #deny ALL) with the rule numbers 60301, 60302, 60303, etc. for EACH and EVERY machine on the wireless network:


     #MAC filtering for wireless

	
	${fwcmd} add 60301 skipto 60400 all from any to any in via WiLAN MAC any 1st_Machine (ie: 00:65:09:a3:a6:04)

	${fwcmd} add 60302 skipto 60400 all from any to any in via WiLAN MAC any 2nd_Machine

	${fwcmd} add 60303 skipto 60400 all from any to any in via WiLAN MAC any 3rd_Machine

	etc, etc, etc...

	${fwcmd} add 60399 deny all from any to any in via WiLAN MAC any any

	${fwcmd} add 60400 count all from any to any in via WiLAN MAC any any


     A list of devices in the arp table can be obtained with "arp -a" while logged in as root.  This will produce a convienent list of the MAC addresses of the machines currently active on your network.

     A list of currently associated stations can be produced with "wicontrol -i WiLAN -l"

     When testing from a FreeBSD workstation, you may check the quality of the connection with "wicontrol -i WiLAN | grep -i quality", or my personal favorite, wmwave (Dock app for WindowMaker).

     







Join HAL-PC

http://www.hal-pc.org

4543 Post Oak Place Dr. Suite 200

Houston, Tx 77027-3103
713/993-3300




This site is designed to be of some assistance, however is not meant to be your sole source of information.  By following the suggestions given on this page you understand that you do these things at your own risk.  The steps mentioned here may or may not work for your purposes.  There is no warranty or support of any kind provided by HAL-PC for the topics discussed in this site.  The only support for your home network that is given is by me personally, at my choosing, on my own time, and via email only.

I know...  I hate disclaimers too.