Setting up a Linux router for the Wireless Leiden network
i'm trying to explain how NodeJorg is setup to be a node for the Wireless Leiden network. (Note: This setup is from before the wireless leiden nodes switched to a soekris with bsd)
See the gallery for the Antennas.
Debian GNU/Linux (easier upgrades/configuration and better security than most other Linux-distributions). Woody is at this moment (november 2002) the stable-version of Debian.
Partitioning the harddisk:
Device Boot Size Id System Mountpoint
/dev/hda1 * 8M 83 Linux /boot
/dev/hda2 2048M 83 Linux /
/dev/hda3 512M 83 Linux /var
/dev/hda6 256M 83 Linux /cache
/dev/hda7 256M 83 Linux /tmp
/dev/hda8 256M 82 Linux Swap
Modify some configuration files Put the debian-mirrors with all the latest upgrades in /etc/apt/sources.list:
deb ftp://ftp.nl.debian.org/debian stable main contrib non-free
deb-src ftp://ftp.nl.debian.org/debian stable main contrib non-free
deb ftp://non-us.debian.org/debian-non-US stable/non-US main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free
deb ftp://ftp.fi.debian.org/debian stable main contrib non-free
deb-src ftp://ftp.fi.debian.org/debian stable main contrib non-free
Make the screen 50 lines high so you see some more info in case the system totally crashes in /etc/lilo.conf:
...
# Specifies the VGA text mode at boot time. (normal, extended, ask, )
#
# vga=ask
# vga=9
#
vga=extended
...
Lot's of informative command are in the sbin-directories and since we only login to manage the system we'll put them in the path in /etc/profile:
# /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).
PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/bin/X11:/usr/games"
Now upgrade your system with the latest packages with dselect
Download the latest kernel-source from www.kernel.org and some patches if you like. in my case that was 2.4.20-rc2-ac3:
apt-get install kernel-package
apt-get install wget
cd /usr/local/src
wget http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.19.tar.gz
wget http://www.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.20-rc2.gz
wget http://www.kernel.org/pub/linux/kernel/people/alan/linux-2.4/2.4.20/patch-2.4.20-rc2-ac3.gz
Extract it from the gz-file:
cd /usr/src
gzip -dc linux-2.4.19.tar.gz | tar -xvf -
cd linux-2.4.19
gzip -dc ../patch-2.4.20-rc2.gz | patch -p1 -N -F4
gzip -dc ../patch-2.4.20-rc2-ac3.gz | patch -p1 -N -F4
ln -s /usr/src/linux-2.4.19 /usr/src/linux
Configure the kernel. Modify the maintainer and email-field in /etc/kernel-pkg.conf first so the correct name comes in the kernel.
cd /usr/src/linux-2.4.19
make oldconfig
make-kpkg --revision=jorg.1 clean
make menuconfig
Make sure the following options are set correctly:
Code maturity level options --->
[*] Prompt for development and/or incomplete code/drivers
Processor type and features --->
(Pentium-Classic) Processor family
[ ] Symmetric multi-processing support
General setup --->
[ ] Support for hot-pluggable devices
[*] BSD Process Accounting
Kernel support for a.out binaries
Kernel support for MISC binaries
[ ] Power Management support
Plug and Play configuration --->
< > ISA Plug and Play support
Block devices --->
[*] Per partition statistics in /proc/partitions
Networking options --->
[*] Packet socket: mmapped IO
[*] Network packet filtering (replaces ipchains)
[*] Network packet filtering debugging (NEW)
[*] Socket Filtering
[*] IP: advanced router
IP: Netfilter Configuration --->
<*> Connection tracking (required for masq/NAT) (NEW)
<*> FTP protocol support (NEW)
<*> IRC protocol support (NEW)
<*> IP tables support (required for filtering/masq/NAT) (NEW)
<*> Packet filtering
<*> Full NAT (NEW)
<*> MASQUERADE target support (NEW)
<*> REDIRECT target support (NEW)
ATA/IDE/MFM/RLL support --->
IDE, ATA and ATAPI Block devices --->
[ ] CMD640 chipset bugfix/support
[ ] RZ1000 chipset bugfix/support
SCSI support --->
< > SCSI support
Network device support --->
Ethernet (10 or 100Mbit) --->
[*] 3COM cards
<*> 3c590/3c900 series (592/595/597) "Vortex/Boomerang" support (NEW)
[ ] EISA, VLB, PCI and on board controllers
Wireless LAN (non-hamradio) --->
[*] Wireless LAN (non-hamradio)
Character devices --->
[*] Support for console on serial port
Mice --->
< > Mouse Support (not serial and bus mice)
<*> Enhanced Real Time Clock Support
< > /dev/agpgart (AGP Support)
[ ] Direct Rendering Manager (XFree86 DRI support)
File systems --->
<*> Ext3 journalling file system support (EXPERIMENTAL)
[*] JBD (ext3) debugging support
<*> DOS FAT fs support
<*> MSDOS fs support
<*> VFAT (Windows-95) fs support
[*] Microsoft Joliet CDROM extensions
Network File Systems --->
< > NFS file system support
< > NFS server support
Native Language Support --->
Default NLS Option: "iso8859-15" (NEW)
<*> NLS ISO 8859-1 (Latin 1; Western European Languages) (NEW)
<*> NLS ISO 8859-15 (Latin 9; Western European Languages with Euro) (NEW)
<*> NLS UTF8 (NEW)
Console drivers --->
[*] Video mode selection support
Sound --->
< > Sound card support
USB support --->
< > Support for USB
Kernel hacking --->
[*] Kernel debugging
[*] Magic SysRq key (NEW)
and finally, make and install the kernel:
make-kpkg --revision=jorg.1 clean
make-kpkg --revision=jorg.1 kernel_image
cd ..
dpkg -i kernel-image-2.4.20-rc2-ac3_jorg.1_i386.deb
Now, reboot the system and hope it comes up with the new kernel.
Convert the ext2-partitions to the journalled ext3-filesystem:
tune2fs -j /dev/hda2
tune2fs -j /dev/hda3
tune2fs -j /dev/hda5
tune2fs -j /dev/hda6
tune2fs -j /dev/hda7
(yes, that's right, skip /dev/hda1)
Replace all the ext2's with ext3 in /etc/fstab Except for /boot, keep that one on ext2 so you are always sure to boot the system if you don't have ext3-support in the kernel. Set the '/'-partition to ext3,ext2 so you can mount it if you booted without ext3-support:
# /etc/fstab: static file system information.
#
#
/dev/hda1 /boot ext2 defaults 0 2
/dev/hda2 / ext3,ext2 errors=remount-ro 0 1
/dev/hda3 /var ext3 defaults 0 2
/dev/hda5 /chroot ext3 defaults 0 2
/dev/hda6 /cache ext3 defaults 0 2
/dev/hda7 /tmp ext3 defaults 0 2
/dev/hda8 none swap sw 0 0
proc /proc proc defaults 0 0
/dev/fd0 /floppy auto user,noauto 0 0
/dev/cdrom /cdrom iso9660 ro,user,noauto 0 0
Now, reboot again so the journalled filesystem is enabled.
Download the hostap driver:
cd /usr/local/src
export CVSROOT=":pserver:anonymous@hostap.epitest.fi:/cvs"
cvs login
cvs checkout hostap
cd hostap
make clean pci install_pci
Configure the network interfaces in /etc/network/interfaces:
# the lan-connection
auto eth0
iface eth0 inet static
address 192.168.0.2
netmask 255.255.255.0
gateway 192.168.0.1
network 192.168.0.0
broadcast 192.168.0.255
# wireless clients
auto wlan0
iface wlan0 inet static
address 172.20.0.1
netmask 255.255.255.192
network 172.20.0.0
broadcast 172.20.0.63
up /usr/local/scripts/ipaccounting
up /usr/local/scripts/enablenat
up /usr/local/scripts/setwireless
# connection to nodecope (172.16.0.21)
auto wlan0:1
iface wlan0:1 inet static
address 172.16.0.22
netmask 255.255.255.252
network 172.16.0.20
broadcast 172.16.0.23
# connection to nodehuub (172.16.0.17)
auto wlan0:2
iface wlan0:2 inet static
address 172.16.0.18
netmask 255.255.255.252
network 172.16.0.16
broadcast 172.16.0.19
Make the scripts in /usr/local/scripts:
vi /usr/local/scripts/ipaccounting
#!/bin/sh
iptables -A INPUT -d 172.20.0.1
iptables -A INPUT -d 172.16.0.22
iptables -A INPUT -d 172.16.0.18
iptables -A OUTPUT -d 172.20.0.1
iptables -A OUTPUT -d 172.16.0.22
iptables -A OUTPUT -d 172.16.0.18
vi /usr/local/scripts/enablenat
#!/bin/sh
# redirect all wireless http traffic through squid
iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
# enable nat
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
vi /usr/local/scripts/setwireless
#!/bin/sh
# configure the wireless interface
iwconfig wlan0 essid centrum.jorg0.wleiden.net
iwconfig wlan0 channel 6
iwconfig wlan0 sens 3
iwconfig wlan0 nick "NodeJorg"
iwconfig wlan0 txpower 20
iwconfig wlan0 rate 11M
iwconfig wlan0 mode master