cqure ap - The trinux based "one floppy" ap by Patrik Karlsson -------------------------------------------------------------- This document will try to describe the configuration and options of cqure ap. It is still very incomplete and maybe unclear. Please feel free to add information to it or send me information on what you want improved. patrik@cqure.net. Most of the options are controlled from /tux/options on floppy1. When an option is turned on, by placing a file with the option name in the folder, it reads its configuration from /tux/config. The configuration file should have the same name as the option. Currently the following options are supported: dhcpd - activate the dhcpdaemon firewall - activate the firewall script bridge - run in bridged mode. If not present run in gateway mode. Under /tux/config/net there are 4 folders ifaces, bridges, routes and samples. Ifaces contains configuration about the interfaces present on the host. Typically wlan0 and eth0. The bridges folder holds information on how bridgeing is supposed to be set up on the ap. This config only has effect if the bridge option is activated on the ap. The routes folder holds all routing information, such as default gateway for example. Running in bridged mode ----------------------- 1. Create a file named bridge in /tux/options 2. Create a file named br0 in /tux/config/net/bridges containing: BRIF1="eth0" - this is the first interface to be bridged. In most cases eth0 will do fine. Check what the name of your interface is. BRIF2="wlan0" - this is the second interface to be bridged. Most probably wlan0. BRIP="123.123.123.123" - This is the IP of the bridge createt. You are set to go ... Running in gateway mode ----------------------- 1. The ap will automatically run in gateway mode if the bridge file is missing in /tux/options. See "running in bridged mode" 2. If you want to have masquerading then create a file called firewall in the /tux/options folder. The firewall rules are in /tux/config/firewall. Modifying the firewall rules ---------------------------- The firewall rules are stored in the file /tux/config/firewall It is a iptables based firewall and the documentation is available from http://www.iptables.org There are plenty of example iptables scripts available on the internet that could point you in the right direction if you are new to this. Please supply your firewall scripts, so that I can include them as samples to patrik@cqure.net Adding support for dhcp server ------------------------------ 1. "bind" the interface to the dhcp daemon by adding DHCPD="eth0 wlan0" to the /tux/config/bindings file. This will enable the dhcpdaemon on interface eth0 and wlan0. If you only want to have dhcp active on eth0 use DHCPD="eth0". 2. Set the dhcpd option to true by creating a file named dhcpd in /tux/options/dhcpd 3. Configure the dhcp daemon by modifying the /tux/config/dhcpd file to reflect your setup. Configuring network interfaces ------------------------------ Depending on if the interface you are configuring is a wireless interface or not there are a few differences. Here is a sample configuration for a wireless interface: ESSID="foobarnet" -- the network name ENCKEY="12345" -- the encryption key (wep) RATE="11M" -- the speed of the network CHANNEL="3" -- channel of network IP="192.168.123.111" -- the ip of the interface, set this to IP="dhcp" to use dhcp for this interface. NETMASK="255.255.255.0" -- the netmask of the network MODE="" -- the wireless mode of the interface For a nonwireless interface you would basically just need IP and subnetmask. Configuring routing information ------------------------------- The routing configuration is stored under /tux/config/net/routes. Simple add a new file containing appropriate information about the route you are adding. You may or may not need to configure this depending on if you are running dhcp or not. Here is a sample routing entry: TARGET="-net" -- we are adding a route to a whole net use -host here if you are adding an entry for a single host. NETWORK="default" -- the network we are routing to. This is usually an IP e.g 123.123.123.123. Here we are adding the default gateway. GATEWAY="192.168.123.1" -- which gateway should we use to reach this network. METRIC="1" -- distance DEVICE="wlan0" -- which interface should we add the route to ---------------------------------------------------------------------- patrik@cqure.net