SlideShare ist ein Scribd-Unternehmen logo

Setup Ubuntu Server as WAP

Anatoliy Okhotnikov
Anatoliy Okhotnikov

What is WAP? Why bother? Router setup Setting up NIC Setting up bridge Security Firewall DHCP DNS Resources

Technologie
1 von 14
Downloaden Sie, um offline zu lesen
Ubuntu Server based WAP (Wireless Access Point) What is WAP? Security Why bother? Firewall Router setup DHCP Setting up NIC DNS Setting up Resources bridge
What is WAP? In computer networking, a wireless access point (WAP or AP) is a device that connects wireless comm. devices together to form a wireless network. The WAP usually connects to a wired network, and can relay data between wireless devices and wired devices. Several WAPs can link together to form a larger network that allows "roaming". (In contrast, a network where the client devices manage themselves - without the need for any access points - becomes an ad-hoc network.)
Why bother? Cheap consumer WAPs under $100 as a rule has a slow CPU about 150 MHz and low RAM – about 8- 16Mb, this causes low performance on huge traff c i and peer-to-peer traff c, possible glitches, etc. i With a custom-build Linux based WAP we are getting carrier grade device that could cost up to $1500 retail for under $400 only. It is flexible and customizable. Want a firewall? No problem. Custom routing? NAT? Bridges? VLAN? All easily managed. Custom Web-based configuration, etc. and finally it's fun :)
Router setup We have a box with two wired interfaces eth0 and eth1 and one wireless ath0. eth0 is WAN, eth1 and ath0 - LAN
Setting up wireless NIC There are three main operation modes for wireless NICs - Managed, when a NIC is bind to WAP that manages it - Ad-hoc, when a NIC is one level peer-to-peer network - Master, when a NIC acts as WAP to manage others #Wireless Setup at /etc/network/interfaces auto ath0 iface ath0 inet manual wireless-mode master wireless-essid pivotpoint wireless-key s:tolik
Setting up bridge Network bridge connects multiple network segments at the data link layer (layer 2) of the OSI model, and the term layer 2 switch is very often used interchangeably with bridges. #Bridge interface at /etc/network/interfaces auto br0 iface br0 inet static address 10.1.1.1 network 10.1.1.0 netmask 255.255.255.0 broadcast 10.1.1.255 bridge-ports eth1 ath0
Security There is a number of security algorithms for WAP: WEP-40 and WEP-104 (deprecated), WEP2, WEPplus, Dynamic WEP, LEAP and f nally WPA and i WPA2 (IEEE 802.11i standard). WEPs are very weak and WPA is crackable. To secure wireless network you should use WPA2 in combination with other security approaches like static DHCP(forbidding unknown clients), ACLs, etc. For our simple proof-of-concept project we had used WEP-40 algorithm with the key given as passphrase: #Wireless Setup at /etc/network/interfaces wireless-key s:tolik
Firewall We need to set up masquerading and forwarding on the WAN interface for our bridged network to allow Internet or Intranet access: iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE iptables -A FORWARD -s 10.1.1.0/24 -o eth0 -j ACCEPT iptables -A FORWARD -d 10.1.1.0/24 -m state --state ESTABLISHED,RELATED -i eth0 -j ACCEPT Save and restore our frewall rules over reboot: #Gateway interface config /etc/network/interfaces auto eth0 iface eth0 inet dhcp pre-up iptables-restore < /etc/iptables.rules post-down iptables-save > /etc/iptables.rules
Firewall: Packet forwarding Enable packet forwarding in the kernel (over reboot): # set it in /etc/sysctl.conf net.ipv4.ip_forward = 1 Immediately allow the forwarding of packets: echo 1 > /proc/sys/net/ipv4/ip_forward
DHCP A basic 10 machine DHCP server. Nothing fancy sudo apt-get install dhcp3-server # Subnet for DHCP Clients /etc/dhcp3/dhcpd.conf subnet 10.1.1.0 netmask 255.255.255.0 { option domain-name-servers 10.1.1.1; max-lease-time 7200; default-lease-time 600; range 10.1.1.50 10.1.1.60; option subnet-mask 255.255.255.0; option broadcast-address 10.1.1.255; option routers 10.1.1.1; }
DNS Domain Name Service (DNS) is an Internet service that maps IP addresses and fully qualifed domain names (FQDN) to one another: zone "home.tolik" { type master; file "/etc/bind/home.tolik.db"; notify no; }; zone "1.1.10.in-addr.arpa" { type master; file "/etc/bind/rev.1.1.10.in-addr.arpa"; };
DNS:Forward Setting up the forward zone tolik.home: $TTL 3D @ IN SOA ns.tolik.home. acidumirae.gmail.com. ( 200903231 ; serial, today + # 2H ; refresh, seconds 1H ; retry, seconds 4H ; expire, seconds 1H ) ; minimum, seconds NS ns ; name server MX 10 mail ; Mail Exchanger ns A 10.1.1.1 gw A 10.1.1.1 TXT "Network gateway" mail A 10.1.1.1
DNS:Reverse Setting up the reverse zone to resolve 10.1.1.*: $TTL 24h ; 10.1.1.rev @ IN SOA home.tolik acidumirae@gmail.com ( 2007052500 10800 3600 604800 86400 ) IN NS ns.home.tolik. 1 IN PTR gw.home.tolik.
Resources https://help.ubuntu.com/community/Wif Docs/WirelessAccessPoint i https://help.ubuntu.com/community/Wif Docs/MasterMode i http://www.linux.com/feature/55617 https://help.ubuntu.com/8.10/serverguide/C/dns.html http://www.ibm.com/developerworks/linux/library/l-wap.html

Empfohlen

Webinar: Network Automation [Tips & Tricks]
Webinar: Network Automation [Tips & Tricks]Webinar: Network Automation [Tips & Tricks]
Webinar: Network Automation [Tips & Tricks]Cumulus Networks
 
Operationalizing BGP in the SDDC
Operationalizing BGP in the SDDCOperationalizing BGP in the SDDC
Operationalizing BGP in the SDDCCumulus Networks
 
Configuration Firewalld On CentOS 8
Configuration Firewalld On CentOS 8Configuration Firewalld On CentOS 8
Configuration Firewalld On CentOS 8Kaan Aslandağ
 
How deep is your buffer – Demystifying buffers and application performance
How deep is your buffer – Demystifying buffers and application performanceHow deep is your buffer – Demystifying buffers and application performance
How deep is your buffer – Demystifying buffers and application performanceCumulus Networks
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking ExplainedThomas Graf
 
Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxjasembo
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...Jisc
 
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.LF_OpenvSwitch
 

Empfohlen

Webinar: Network Automation [Tips & Tricks]
Webinar: Network Automation [Tips & Tricks]Webinar: Network Automation [Tips & Tricks]
Webinar: Network Automation [Tips & Tricks]Cumulus Networks
 
Operationalizing BGP in the SDDC
Operationalizing BGP in the SDDCOperationalizing BGP in the SDDC
Operationalizing BGP in the SDDCCumulus Networks
 
Configuration Firewalld On CentOS 8
Configuration Firewalld On CentOS 8Configuration Firewalld On CentOS 8
Configuration Firewalld On CentOS 8Kaan Aslandağ
 
How deep is your buffer – Demystifying buffers and application performance
How deep is your buffer – Demystifying buffers and application performanceHow deep is your buffer – Demystifying buffers and application performance
How deep is your buffer – Demystifying buffers and application performanceCumulus Networks
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking ExplainedThomas Graf
 
Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxjasembo
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...Jisc
 
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.LF_OpenvSwitch
 
Cumulus Networks: Automating Network Configuration
Cumulus Networks: Automating Network ConfigurationCumulus Networks: Automating Network Configuration
Cumulus Networks: Automating Network ConfigurationCumulus Networks
 
NFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesNFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesCumulus Networks
 
Cisco ISR 4351 Router
Cisco ISR 4351 RouterCisco ISR 4351 Router
Cisco ISR 4351 RouterNetProtocol Xpert
 
Understanding Open vSwitch
Understanding Open vSwitch Understanding Open vSwitch
Understanding Open vSwitch YongKi Kim
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networkingLorenzo Fontana
 
debugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitchdebugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitch어형 이
 
Cisco ASR 1001-X Router
Cisco ASR 1001-X RouterCisco ASR 1001-X Router
Cisco ASR 1001-X RouterNetProtocol Xpert
 
Configuration of BIND DNS Server On CentOS 8
Configuration of BIND DNS Server On CentOS 8Configuration of BIND DNS Server On CentOS 8
Configuration of BIND DNS Server On CentOS 8Kaan Aslandağ
 
OpenStack networking juno l3 h-a, dvr
OpenStack networking juno l3 h-a, dvrOpenStack networking juno l3 h-a, dvr
OpenStack networking juno l3 h-a, dvrSim Janghoon
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Diverajdeep
 
Demystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostDemystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostCumulus Networks
 
CentOS Server CLI Configuration (Nmcli & Hosts)
CentOS Server CLI Configuration (Nmcli & Hosts)CentOS Server CLI Configuration (Nmcli & Hosts)
CentOS Server CLI Configuration (Nmcli & Hosts)Kaan Aslandağ
 
Open Source Networking with Vyatta
Open Source Networking with VyattaOpen Source Networking with Vyatta
Open Source Networking with VyattaMatthew Turland
 
Basic command to configure mikrotik
Basic command to configure mikrotikBasic command to configure mikrotik
Basic command to configure mikrotikTola LENG
 
NetDevOps 202: Life After Configuration
NetDevOps 202: Life After ConfigurationNetDevOps 202: Life After Configuration
NetDevOps 202: Life After ConfigurationCumulus Networks
 
NAT in ASA Firewall
NAT in ASA Firewall NAT in ASA Firewall
NAT in ASA Firewall NetProtocol Xpert
 
DNS-SD
DNS-SDDNS-SD
DNS-SDnetvis
 
OVS v OVS-DPDK
OVS v OVS-DPDKOVS v OVS-DPDK
OVS v OVS-DPDKMd Safiyat Reza
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCMen and Mice
 
Morphology of Modern Data Center Networks - YaC 2013
Morphology of Modern Data Center Networks - YaC 2013Morphology of Modern Data Center Networks - YaC 2013
Morphology of Modern Data Center Networks - YaC 2013Cumulus Networks
 
ITIL (ukr)
ITIL (ukr)ITIL (ukr)
ITIL (ukr)Anatoliy Okhotnikov
 
ITEvent: Continuous Integration (ukr)
ITEvent: Continuous Integration (ukr)ITEvent: Continuous Integration (ukr)
ITEvent: Continuous Integration (ukr)Anatoliy Okhotnikov
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cumulus Networks: Automating Network Configuration
Cumulus Networks: Automating Network ConfigurationCumulus Networks: Automating Network Configuration
Cumulus Networks: Automating Network ConfigurationCumulus Networks
 
NFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesNFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesCumulus Networks
 
Understanding Open vSwitch
Understanding Open vSwitch Understanding Open vSwitch
Understanding Open vSwitch YongKi Kim
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networkingLorenzo Fontana
 
debugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitchdebugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitch어형 이
 
Configuration of BIND DNS Server On CentOS 8
Configuration of BIND DNS Server On CentOS 8Configuration of BIND DNS Server On CentOS 8
Configuration of BIND DNS Server On CentOS 8Kaan Aslandağ
 
OpenStack networking juno l3 h-a, dvr
OpenStack networking juno l3 h-a, dvrOpenStack networking juno l3 h-a, dvr
OpenStack networking juno l3 h-a, dvrSim Janghoon
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Diverajdeep
 
Demystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostDemystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostCumulus Networks
 
CentOS Server CLI Configuration (Nmcli & Hosts)
CentOS Server CLI Configuration (Nmcli & Hosts)CentOS Server CLI Configuration (Nmcli & Hosts)
CentOS Server CLI Configuration (Nmcli & Hosts)Kaan Aslandağ
 
Open Source Networking with Vyatta
Open Source Networking with VyattaOpen Source Networking with Vyatta
Open Source Networking with VyattaMatthew Turland
 
Basic command to configure mikrotik
Basic command to configure mikrotikBasic command to configure mikrotik
Basic command to configure mikrotikTola LENG
 
NetDevOps 202: Life After Configuration
NetDevOps 202: Life After ConfigurationNetDevOps 202: Life After Configuration
NetDevOps 202: Life After ConfigurationCumulus Networks
 
DNS-SD
DNS-SDDNS-SD
DNS-SDnetvis
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCMen and Mice
 
Morphology of Modern Data Center Networks - YaC 2013
Morphology of Modern Data Center Networks - YaC 2013Morphology of Modern Data Center Networks - YaC 2013
Morphology of Modern Data Center Networks - YaC 2013Cumulus Networks
 

Was ist angesagt? (20)

Cumulus Networks: Automating Network Configuration
Cumulus Networks: Automating Network ConfigurationCumulus Networks: Automating Network Configuration
Cumulus Networks: Automating Network Configuration
 
NFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesNFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center Architectures
 
Cisco ISR 4351 Router
Cisco ISR 4351 RouterCisco ISR 4351 Router
Cisco ISR 4351 Router
 
Understanding Open vSwitch
Understanding Open vSwitch Understanding Open vSwitch
Understanding Open vSwitch
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networking
 
debugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitchdebugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitch
 
Cisco ASR 1001-X Router
Cisco ASR 1001-X RouterCisco ASR 1001-X Router
Cisco ASR 1001-X Router
 
Configuration of BIND DNS Server On CentOS 8
Configuration of BIND DNS Server On CentOS 8Configuration of BIND DNS Server On CentOS 8
Configuration of BIND DNS Server On CentOS 8
 
OpenStack networking juno l3 h-a, dvr
OpenStack networking juno l3 h-a, dvrOpenStack networking juno l3 h-a, dvr
OpenStack networking juno l3 h-a, dvr
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Dive
 
Demystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostDemystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the Host
 
CentOS Server CLI Configuration (Nmcli & Hosts)
CentOS Server CLI Configuration (Nmcli & Hosts)CentOS Server CLI Configuration (Nmcli & Hosts)
CentOS Server CLI Configuration (Nmcli & Hosts)
 
Open Source Networking with Vyatta
Open Source Networking with VyattaOpen Source Networking with Vyatta
Open Source Networking with Vyatta
 
Basic command to configure mikrotik
Basic command to configure mikrotikBasic command to configure mikrotik
Basic command to configure mikrotik
 
NetDevOps 202: Life After Configuration
NetDevOps 202: Life After ConfigurationNetDevOps 202: Life After Configuration
NetDevOps 202: Life After Configuration
 
NAT in ASA Firewall
NAT in ASA Firewall NAT in ASA Firewall
NAT in ASA Firewall
 
DNS-SD
DNS-SDDNS-SD
DNS-SD
 
OVS v OVS-DPDK
OVS v OVS-DPDKOVS v OVS-DPDK
OVS v OVS-DPDK
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISC
 
Morphology of Modern Data Center Networks - YaC 2013
Morphology of Modern Data Center Networks - YaC 2013Morphology of Modern Data Center Networks - YaC 2013
Morphology of Modern Data Center Networks - YaC 2013
 

Andere mochten auch

ITEvent: Continuous Integration (ukr)
ITEvent: Continuous Integration (ukr)ITEvent: Continuous Integration (ukr)
ITEvent: Continuous Integration (ukr)Anatoliy Okhotnikov
 
iPhone Objective-C Development (ukr) (2009)
iPhone Objective-C Development (ukr) (2009)iPhone Objective-C Development (ukr) (2009)
iPhone Objective-C Development (ukr) (2009)Anatoliy Okhotnikov
 
Project Management: Burn-Down Chart / OrangeHRM Project MOD (eng)
Project Management: Burn-Down Chart / OrangeHRM Project MOD (eng)Project Management: Burn-Down Chart / OrangeHRM Project MOD (eng)
Project Management: Burn-Down Chart / OrangeHRM Project MOD (eng)Anatoliy Okhotnikov
 

Andere mochten auch (17)

ITIL (ukr)
ITIL (ukr)ITIL (ukr)
ITIL (ukr)
 
ITEvent: Continuous Integration (ukr)
ITEvent: Continuous Integration (ukr)ITEvent: Continuous Integration (ukr)
ITEvent: Continuous Integration (ukr)
 
iPhone Objective-C Development (ukr) (2009)
iPhone Objective-C Development (ukr) (2009)iPhone Objective-C Development (ukr) (2009)
iPhone Objective-C Development (ukr) (2009)
 
Php unit (eng)
Php unit (eng)Php unit (eng)
Php unit (eng)
 
Web application security (eng)
Web application security (eng)Web application security (eng)
Web application security (eng)
 
Jenkins CI (ukr)
Jenkins CI (ukr)Jenkins CI (ukr)
Jenkins CI (ukr)
 
Debug (ukr)
Debug (ukr)Debug (ukr)
Debug (ukr)
 
Php web app security (eng)
Php web app security (eng)Php web app security (eng)
Php web app security (eng)
 
Xdebug (ukr)
Xdebug (ukr)Xdebug (ukr)
Xdebug (ukr)
 
Continuous integration (eng)
Continuous integration (eng)Continuous integration (eng)
Continuous integration (eng)
 
ITEvent: Kanban Intro (ukr)
ITEvent: Kanban Intro (ukr)ITEvent: Kanban Intro (ukr)
ITEvent: Kanban Intro (ukr)
 
Db design (ukr)
Db design (ukr)Db design (ukr)
Db design (ukr)
 
Linux introduction (eng)
Linux introduction (eng)Linux introduction (eng)
Linux introduction (eng)
 
Project Management: Burn-Down Chart / OrangeHRM Project MOD (eng)
Project Management: Burn-Down Chart / OrangeHRM Project MOD (eng)Project Management: Burn-Down Chart / OrangeHRM Project MOD (eng)
Project Management: Burn-Down Chart / OrangeHRM Project MOD (eng)
 
Agile Feedback Loops (ukr)
Agile Feedback Loops (ukr)Agile Feedback Loops (ukr)
Agile Feedback Loops (ukr)
 
Ldap introduction (eng)
Ldap introduction (eng)Ldap introduction (eng)
Ldap introduction (eng)
 
Agile (IF PM Group) v2
Agile (IF PM Group) v2Agile (IF PM Group) v2
Agile (IF PM Group) v2
 

Ähnlich wie Setup Ubuntu Server as WAP

14 network tools
14 network tools14 network tools
14 network toolsShay Cohen
 
Anton Moldovan "Building an efficient replication system for thousands of ter...
Anton Moldovan "Building an efficient replication system for thousands of ter...Anton Moldovan "Building an efficient replication system for thousands of ter...
Anton Moldovan "Building an efficient replication system for thousands of ter...Fwdays
 
L2TP 101 ON-RAMP TO CONSUMING WHOLESALE BROADBAND SERVICES
L2TP 101 ON-RAMP TO CONSUMING WHOLESALE BROADBAND SERVICESL2TP 101 ON-RAMP TO CONSUMING WHOLESALE BROADBAND SERVICES
L2TP 101 ON-RAMP TO CONSUMING WHOLESALE BROADBAND SERVICESFaelix Ltd
 
Introduction to nfv movilforum
Introduction to nfv movilforumIntroduction to nfv movilforum
Introduction to nfv movilforumvideos
 
FlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerFlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerHolger Winkelmann
 
VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話upaa
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slidesadam_merritt
 
Design of a campus network
Design of a campus networkDesign of a campus network
Design of a campus networkAalap Tripathy
 
Open stack networking_101_part-2_tech_deep_dive
Open stack networking_101_part-2_tech_deep_diveOpen stack networking_101_part-2_tech_deep_dive
Open stack networking_101_part-2_tech_deep_diveyfauser
 
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...ir. Carmelo Zaccone
 
Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view IPv6 Conference
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...idsecconf
 
Neutron behind the scenes
Neutron behind the scenesNeutron behind the scenes
Neutron behind the scenesinbroker
 
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...Cloud Native Day Tel Aviv
 

Ähnlich wie Setup Ubuntu Server as WAP (20)

HP Virtual Connect technical fundamental101 v2.1
HP Virtual Connect technical fundamental101 v2.1HP Virtual Connect technical fundamental101 v2.1
HP Virtual Connect technical fundamental101 v2.1
 
14 network tools
14 network tools14 network tools
14 network tools
 
66 pf sensetutorial
66 pf sensetutorial66 pf sensetutorial
66 pf sensetutorial
 
66_pfSenseTutorial
66_pfSenseTutorial66_pfSenseTutorial
66_pfSenseTutorial
 
66_pfSenseTutorial
66_pfSenseTutorial66_pfSenseTutorial
66_pfSenseTutorial
 
Anton Moldovan "Building an efficient replication system for thousands of ter...
Anton Moldovan "Building an efficient replication system for thousands of ter...Anton Moldovan "Building an efficient replication system for thousands of ter...
Anton Moldovan "Building an efficient replication system for thousands of ter...
 
L2TP 101 ON-RAMP TO CONSUMING WHOLESALE BROADBAND SERVICES
L2TP 101 ON-RAMP TO CONSUMING WHOLESALE BROADBAND SERVICESL2TP 101 ON-RAMP TO CONSUMING WHOLESALE BROADBAND SERVICES
L2TP 101 ON-RAMP TO CONSUMING WHOLESALE BROADBAND SERVICES
 
Introduction to nfv movilforum
Introduction to nfv movilforumIntroduction to nfv movilforum
Introduction to nfv movilforum
 
Tcpip Intro
Tcpip IntroTcpip Intro
Tcpip Intro
 
FlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerFlowER Erlang Openflow Controller
FlowER Erlang Openflow Controller
 
VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slides
 
Design of a campus network
Design of a campus networkDesign of a campus network
Design of a campus network
 
Open stack networking_101_part-2_tech_deep_dive
Open stack networking_101_part-2_tech_deep_diveOpen stack networking_101_part-2_tech_deep_dive
Open stack networking_101_part-2_tech_deep_dive
 
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
 
Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
 
Neutron behind the scenes
Neutron behind the scenesNeutron behind the scenes
Neutron behind the scenes
 
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
 
IoT Secure Bootsrapping : ideas
IoT Secure Bootsrapping : ideasIoT Secure Bootsrapping : ideas
IoT Secure Bootsrapping : ideas
 

Kürzlich hochgeladen

UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 

Kürzlich hochgeladen (20)

UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 

Setup Ubuntu Server as WAP

  • 1. Ubuntu Server based WAP (Wireless Access Point) What is WAP? Security Why bother? Firewall Router setup DHCP Setting up NIC DNS Setting up Resources bridge
  • 2. What is WAP? In computer networking, a wireless access point (WAP or AP) is a device that connects wireless comm. devices together to form a wireless network. The WAP usually connects to a wired network, and can relay data between wireless devices and wired devices. Several WAPs can link together to form a larger network that allows "roaming". (In contrast, a network where the client devices manage themselves - without the need for any access points - becomes an ad-hoc network.)
  • 3. Why bother? Cheap consumer WAPs under $100 as a rule has a slow CPU about 150 MHz and low RAM – about 8- 16Mb, this causes low performance on huge traff c i and peer-to-peer traff c, possible glitches, etc. i With a custom-build Linux based WAP we are getting carrier grade device that could cost up to $1500 retail for under $400 only. It is flexible and customizable. Want a firewall? No problem. Custom routing? NAT? Bridges? VLAN? All easily managed. Custom Web-based configuration, etc. and finally it's fun :)
  • 4. Router setup We have a box with two wired interfaces eth0 and eth1 and one wireless ath0. eth0 is WAN, eth1 and ath0 - LAN
  • 5. Setting up wireless NIC There are three main operation modes for wireless NICs - Managed, when a NIC is bind to WAP that manages it - Ad-hoc, when a NIC is one level peer-to-peer network - Master, when a NIC acts as WAP to manage others #Wireless Setup at /etc/network/interfaces auto ath0 iface ath0 inet manual wireless-mode master wireless-essid pivotpoint wireless-key s:tolik
  • 6. Setting up bridge Network bridge connects multiple network segments at the data link layer (layer 2) of the OSI model, and the term layer 2 switch is very often used interchangeably with bridges. #Bridge interface at /etc/network/interfaces auto br0 iface br0 inet static address 10.1.1.1 network 10.1.1.0 netmask 255.255.255.0 broadcast 10.1.1.255 bridge-ports eth1 ath0
  • 7. Security There is a number of security algorithms for WAP: WEP-40 and WEP-104 (deprecated), WEP2, WEPplus, Dynamic WEP, LEAP and f nally WPA and i WPA2 (IEEE 802.11i standard). WEPs are very weak and WPA is crackable. To secure wireless network you should use WPA2 in combination with other security approaches like static DHCP(forbidding unknown clients), ACLs, etc. For our simple proof-of-concept project we had used WEP-40 algorithm with the key given as passphrase: #Wireless Setup at /etc/network/interfaces wireless-key s:tolik
  • 8. Firewall We need to set up masquerading and forwarding on the WAN interface for our bridged network to allow Internet or Intranet access: iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE iptables -A FORWARD -s 10.1.1.0/24 -o eth0 -j ACCEPT iptables -A FORWARD -d 10.1.1.0/24 -m state --state ESTABLISHED,RELATED -i eth0 -j ACCEPT Save and restore our frewall rules over reboot: #Gateway interface config /etc/network/interfaces auto eth0 iface eth0 inet dhcp pre-up iptables-restore < /etc/iptables.rules post-down iptables-save > /etc/iptables.rules
  • 9. Firewall: Packet forwarding Enable packet forwarding in the kernel (over reboot): # set it in /etc/sysctl.conf net.ipv4.ip_forward = 1 Immediately allow the forwarding of packets: echo 1 > /proc/sys/net/ipv4/ip_forward
  • 10. DHCP A basic 10 machine DHCP server. Nothing fancy sudo apt-get install dhcp3-server # Subnet for DHCP Clients /etc/dhcp3/dhcpd.conf subnet 10.1.1.0 netmask 255.255.255.0 { option domain-name-servers 10.1.1.1; max-lease-time 7200; default-lease-time 600; range 10.1.1.50 10.1.1.60; option subnet-mask 255.255.255.0; option broadcast-address 10.1.1.255; option routers 10.1.1.1; }
  • 11. DNS Domain Name Service (DNS) is an Internet service that maps IP addresses and fully qualifed domain names (FQDN) to one another: zone "home.tolik" { type master; file "/etc/bind/home.tolik.db"; notify no; }; zone "1.1.10.in-addr.arpa" { type master; file "/etc/bind/rev.1.1.10.in-addr.arpa"; };
  • 12. DNS:Forward Setting up the forward zone tolik.home: $TTL 3D @ IN SOA ns.tolik.home. acidumirae.gmail.com. ( 200903231 ; serial, today + # 2H ; refresh, seconds 1H ; retry, seconds 4H ; expire, seconds 1H ) ; minimum, seconds NS ns ; name server MX 10 mail ; Mail Exchanger ns A 10.1.1.1 gw A 10.1.1.1 TXT "Network gateway" mail A 10.1.1.1
  • 13. DNS:Reverse Setting up the reverse zone to resolve 10.1.1.*: $TTL 24h ; 10.1.1.rev @ IN SOA home.tolik acidumirae@gmail.com ( 2007052500 10800 3600 604800 86400 ) IN NS ns.home.tolik. 1 IN PTR gw.home.tolik.
  • 14. Resources https://help.ubuntu.com/community/Wif Docs/WirelessAccessPoint i https://help.ubuntu.com/community/Wif Docs/MasterMode i http://www.linux.com/feature/55617 https://help.ubuntu.com/8.10/serverguide/C/dns.html http://www.ibm.com/developerworks/linux/library/l-wap.html