Rogue Linux Wireless Bridge v1.1 Written by deadly_muffin for Bluebox Underground ################################################ Introduction - This document is about turning a low-spec PC, with wireless card and network interfaces, running Linux into a wireless bridge device. After setting up the bridge, we can implement DHCP services and issue out IP address to our workstations on the wired network that, through the bridge we build, should use the wireless access point for internet connectivity. Software we use with Linux will provide NAT and ip forwarding. ### Why do this ? - There are many reasons to consider building a wireless bridge device. This is a DISCLAIMER, as we only suggest you build this device for all of the good reasons. - Increase range and/or distribution of wireless network connectivity. - Allow multiple wired clients to connect through a single wireless connection (through wired VLAN) - Alright, and yeah, we *can* hi-jack other wireless networks and distribute them as our own. With little network footprint. ### How it came about - Bluebox example wired network consists of a single cable modem connecting to a wired router, which connects to a small 10 port switch, giving about 12 ports of wired connectivity within Bluebox. On this network, is our webserver box, our KDX server, my primary workstation, and my laptop. While playing around on my laptop, examining wireless networks in the surrounding area with my laptop's wireless card, I discovered some open AP networks. After connecting to one, I decided that I wanted to figure out a way to connect to the access point, yet somehow distribute that connection to computers on the WIRED connection (INTRANET) inside my pad. ### Building Bridges to Burn - Before starting, you will need a low-spec PC that has at least one wired network interface and one wireless network interface. I will list below our specs that we used and we suggest, but you can change at your will. You will also need Linux, etc. We are using Fedora Core 4 Linux 2.6.15. - OS: Fedora Core 4 - Software: IPTables (for NAT and forwarding), DHCPD (for DHCP server), iwconfig (wireless-tools) - WiredNIC1: RT81XX Standard NIC - WirelessNIC1: Lucent Technologies WaveLAN/IEEE Adapter with orinoco_cs 15rc4 drivers (We also suggest cards with Atheros chipset using madwifi drivers) ### Configuring The Cards - After installing Linux, you need to configure your cards. You can do this manually through console, or use network scripts. Assuming you installed Fedora Core 4 and are using network scripts (/etc/sysconfig/network-scripts/), the following will show you our setup for our network interfaces. This is the script for the WIRED nic, which will connect to our hub or switch and distribute IPs with the DHCP server software (DHCPD). Clients on our wired network will connect to this interface as the gateway to retrieve IP and DNS information. Information from the wireless interface will be forwarded through this interface. /etc/sysconfig/network-scripts/ifcfg-eth0 IPV6INIT-no ONBOOT=yes USERCTL=no PEERDNS=no TYPE=Ethernet DEVICE=dev21125 HWADDR=00:e0:18:31:ac:e8 BOOTPROTO=none NETMASK=255.0.0.0 IPADDR=10.0.0.1 NETWORK=10.0.0.0 This is the script for the WIRELESS interface, which will connect to the wireless access point that we are trying to hi-jack, and then will use iptables to forward information to the wired gateway above. /etc/sysconfig/network-scripts/ifcfg-eth1 IPV6INIT=no ONBOOT=yes USERCTL=no PEERDNS=yes GATEWAY=192.168.1.1 TYPE=Wireless DEVICE=eth1 HWADDR=00:02:2d:5e:da:60 BOOTPROTO=dhcp NETMASK= DHCP_HOSTNAME= IPADDR= DOMAIN= ESSID='stealingAP' CHANNEL=1 MODE=Managed RATE='11 Mb/s' Save and exit. ### Setup Forwarding - By using ip_forward and iptables with nat, we can forward data from the wireless interface to the wired interface. The easiest way to do this without editing our existing iptables configuration is to edit the rc.local file so that forwarding is activated during the boot process. Our /etc/rc.d/rc.local file looks like this... /etc/rc.d/rc.local #Activate ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward #thisactivatesipforwarding # apply rules /sbin/iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -A FORWARD -o eth0 -i eth1 -j ACCEPT /sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE Save and exit. ### Install DHCP Server - If you have configured your yum update properly, you should be able to simply type "yum install dhcp*" in console and download the DHCPD server. After installing the daemon, you need to edit the .conf file. Our /etc/dhcpd.conf looks like the following... /etc/dhcpd.conf option routers 10.0.0.1; option domain-name-servers 195.235.113.3, 195.235.96.90; subnet 10.0.0.0 netmask 255.0.0.0 { range 10.0.0.100 10.0.0.250; } ddns-update-style ad-hoc; Save and exit. Start DHCPD Services - Open your services and set DHCPD service for boot. Restart the Computer. ### Configuring the clients - Assuming your client box is Windows: ipconfig /release ipconfig /renew NOTES: - If your DHCPD service is configured correctly on the Linux Bridge, it will assign a lease to the client and you will be actually using the bridged wireless connection. - If you have another DHCP service (such as on your Linksys router) you will need to turn it off or it will compete with the bridge. OR YOU CAN USE STATIC IPS on the bridge or router, choose one for DHCP. - If you use static IP addressing on the bridge, you will need to type in the bridge gateway (i.e. 10.0.0.1 in this example) and DNS info manually. - On my configuration, dhcpd did not want to start at boot, but works when I manually start it by typing "dhcpd" in console. If your configuration is correct, it should work. - Also, I suggest running KSystemLog while doing all of this because you can view some of the /var/log/messages easily, which helped me determine my problems. -deadly_muffin Bluebox Underground https://bluebox.haxors.com/