How do you integrate your wired and wireless clients so that they share an Internet connection and LAN services all in one big happy subnet? You know that when you have multiple Ethernet interfaces on the same box they cannot all be on the same subnet, but must all have addresses from separate subnets. You want everyone all in a single subnet, and don't want a lot of administration headaches, so how will you do this?
Your routerboard needs at least three network interfaces: your Atheros interface, plus two Ethernet interfaces. ath0 is your wireless interface, eth0 is the LAN interface, and eth1 is your WAN interface.
What we will do is build an Ethernet bridge between ath0 and
eth0. Copy this example
/etc/network/interfaces, substituting your own
LAN addresses and your own ESSID. Remember to run /sbin/rw first to make the Pyramid
filesystem writable:
pyramid:~# /sbin/rwpyramid:~# nano /etc/network/interfaces##/etc/network/interfaces ## wireless bridge configuration auto lo iface lo inet loopback auto br0 iface br0 inet static address 192.168.1.50 network 192.168.1.0 netmask 255.255.255.0 broadcast 192.168.1.255 bridge_ports ath0 eth0 post-down wlanconfig ath0 destroy pre-up wlanconfig ath0 create wlandev wifi0 wlanmode ap pre-up iwconfig ath0 essid "alrac-net" channel 01 rate auto pre-up ifconfig ath0 up pre-up sleep 3
You can test this now by networking with some LAN hosts that have static IP addresses. First restart networking on the router:
pyramid:~# /etc/init.d/networking restartThis creates a wide-open wireless access point. Point your clients to 192.168.1.50 as the default gateway, and you should be able to easily join any wireless clients to your LAN, and ping both wired and wireless PCs. When you're finished, remember to return the filesystem to read-only:
pyramid:~# /sbin/roThis recipe is totally insecure, but it lets you test your bridge and wireless connectivity before adding more services.
Let's review the options used in this configuration:
bridge_portsDefine the two interfaces to bridge.
post-down wlanconfig ath0
destroyThis command tears down the access point when the network interfaces go down. wlanconfig is part of MadWiFi-ng. Use it to create, destroy, and manage access points. With wlanconfig, you can have multiple access points on a single device.
pre-up wlanconfig ath0 create
wlandev wifi0 wlanmode apwifi0 is the name the kernel gives to your Atheros interface, which you can see with dmesg. Next, wlanconfig creates the virtual access point, ath0, on top of wifi0.
pre-up iwconfig ath0 essid
"alracnet" channel 01 rate autoAssign the ESSID, channel, and bit-rate. To see the channels, frequencies, and bit-rates supported by your interface card, use this command:
pyramid:~# wlanconfig ath0 list chanHow do you know which channel to use? If you have only one access point, channel 1 should work fine. If you have up to three, try using channels 1, 6, and 11. For more complex networks, please refer to Matthew Gast's excellent book, 802.11 Wireless Networks: The Definitive Guide (O'Reilly):
pre-upifconfigath0
upBring up ath0 before the bridge comes up.
pre-upsleep3Brief pause to make sure that everything comes up in order.
You don't have to build the bridge in the traditional way, by configuring eth0 with a zero-IP address, or bringing it up before the bridge is built, because scripts in /etc/network/if-pre-up.d handle that for you.
I'm sure some of you are wondering about ebtables. ebtables is like iptables for Ethernet bridges. iptables cannot filter bridge traffic, but ebtables can. There are many ingenious ways to use ebtables and Ethernet bridges in your network. In this chapter, I'm leaving ebtables out on purpose because we will be running an iptables Internet firewall on our access point. ebtables is not suitable for an Internet firewall, and trying to use both on the same box is too complicated for this old admin.
Pyramid Linux does not include manpages, so you should either install the applications in this chapter on a PC, or rely on Google
wlanconfig is part of MadWiFi-ng
man 8 brctl for bridge
options
iwconfig is part of the wireless-tools package
man 8 iwconfig
Pyramid Linux: http://pyramid.metrix.net/
802.11 Wireless Networks: The Definitive Guide, by Matthew Gast (O'Reilly)