Using any Debian box as a wireless access point

I just lost an hour trying to configure a Thinkpad T41 as a wireless access point. Most of that time was due to problems with the built-in wlan interface and a kernel recompile to use a prism54-based PCMCIA card. This is mostly a post to remind myself what to do, and how to do it on Debian. It's not the first time I create an access point, but I do it so infrequently that I always forget something.

The NIC

Make sure there's a Linux driver for your network interface card. Make sure the card can be run in master mode.

DHCP

The boxes that will connect need an IP. Install dhcp3-server and do something like this in /etc/dhcp3/dhcpd.conf:

[...]
option domain-name "192.168.6.0";
option domain-name-servers 192.168.6.1;
[...]
subnet 192.168.6.0 netmask 255.255.255.0 {
  range 192.168.6.10 192.168.6.15;
  option routers 192.168.6.1;
}
[...]

Configure the network

Configure the interface so that it can be started with ifup. Usually you want the connected boxes to have access to whatever internet connection the access point has, so I enable forwarding and masquerading in /etc/network/interfaces:
iface eth1 inet static
    address 192.168.6.1
    netmask 255.255.255.0
    network 192.168.6.0
    wireless-mode master
    wireless-essid debianftw
    wireless-key1 s:12345
    post-up /bin/echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up /sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
    post-up /etc/init.d/dhcp3-server restart
13245 is the WEP password and the network will be called debianftw.

Optional: DNS

You may want to have name servers for the connected boxes. A quick solution is to take those from your /etc/resolv.conf and to put them in your /etc/dhcp3/dhcpd.conf. There are other solutions, like a caching only DNS server.

Security

WEP isn't a very good encryption but it's enough for me. You probably don't want to run this setup for a long time, it's really just some notes to get me started quickly. Maybe I'll add more about security in an update.

2 comments

  1. avatar
    wrote this comment on

    If you want DHCP and DNS, I'd install the "dnsmasq" package. This covers both services in one server and is much easier to configure than dhcp3 and bind.

    1. avatar
      wrote this comment on

      Thanks for the suggestion! Configuring the Internet Software Consortium's dhpdc is indeed not that easy and might confuse some people.

Start a new thread

Cancel reply
Markdown. Syntax highlighting with <code lang="php"><?php echo "Hello, world!"; ?></code> etc.