PhotoBox Fragment Drei – Network Configuration

Network configuration

There are some changes to be made to the networking for the PhotoBox to be useful, for example connecting to the internet. In part ‘duo’, the Wi-Fi was working as an access point, however the configuration means that no information would be transferred. This section contains the details on how the network is configured so that devices connected to the access point can ‘talk’ to each other and the internet

Four step outline:

  1. Configure an static IP address for the access point.
  2. Configure the address allocation (for when you connect to the hotspot).
  3. Make the internet work from the hotspot (note: this means having the USB Wi-Fi dongle or connected network cable connected.
  4. Set-up more permanent hostapd configuration.

Step 1: IP Address

A static IP address is required to be able to forward requests from devices connected through the hotspot. This is set in the network config file “/etc/network/interfaces”. My full file now looks like:
 

auto lo eth0
iface lo inet loopback
iface eth0 inet dhcp

auto wlan1
iface wlan1 inet dhcp
wpa-conf /etc/wpa.conf

auto wlan0
iface wlan0 inet static
address 10.1.1.1
network 10.1.1.0
netmask 255.255.255.0
broadcast 10.1.1.255
post-up /usr/local/bin/hostapd -B /etc/hostapd.conf -f /var/log/hostapd.log
The first two networks are the wired ethernet and USB Wi-Fi dongle. wlan0 has static IP address configuration which will appear similar to that of other devices when then connect (but with a different last-digit in the address).

The last line will cause the hostapd program to be launched whenever the wlan0 network is ‘up’.

Last line breakdown:
  • post-up = process will run after the network is ‘connected’; or the physical cable is plugged in.
  • the location of the hostapd application (always use full path to applications if you can).
  • -B = means run the process in the background.
  • the location of my configuration file.
  • -f = the location to log events, connections and issues; as the process is running in the background, there is no console to view the output of connections.

Step 2: Address allocation (DHCP)

When a Wi-Fi device connects, it needs to be give a ‘free’ IP address to use to talk to the other network devices. 
 
$ sudo apt-get install isc-dhcp-server
To provide this, edit the service configuration file “/etc/default/isc-dhcp-server”
DHCPD_CONF=/etc/dhcp/dhcpd.conf
INTERFACES="wlan0"
You will also need to edit the DHCP network configuration file “/etc/dhcp/dhcp.conf” add/update to include the new network
# This is a very basic subnet declaration.
subnet 10.1.1.0 netmask 255.255.255.0 {
        option domain-name-servers 10.1.1.1;
        max-lease-time 7200;
        default-lease-time 600;
        range 10.1.1.50 10.1.1.60;
        option subnet-mask 255.255.255.0;
        option broadcast-address 10.1.1.255;
        option routers 10.1.1.1;
        }
The router and name-server should be the IP address that you set as the static IP address in the network configuration file in the previous setup.
Test
Testing the configuration works is pretty simple. Run the commands, connect with a client device, and check that you can ping the servers IP address (the internet does not yet work).
$ sudo ifconfig wlan0 down
$ sudo ifconfig wlan0 up

Step 3: Internet

You can setup the DNS server using the following:
$ sudo apt-get install tasksel
$ sudo tasksel
$ tasksel
Check the DNS server and finish the configuration.
Configure an iptables firewall file (you can manually run and add items, but I have it already working so why not just use the export) “/etc/firewall.conf”. Because the internet is connected (possible) via wth0 and/or wlan1, use the same rule(s) for each interface.
# Generated by iptables-save v1.4.12 on Tue May 12 03:41:45 2015
*nat
:PREROUTING ACCEPT [61:3453]
:INPUT ACCEPT [13:815]
:OUTPUT ACCEPT [16:1311]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o wlan1 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Tue May 12 03:41:45 2015
# Generated by iptables-save v1.4.12 on Tue May 12 03:41:45 2015
*filter
:INPUT ACCEPT [87:11400]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [49:8111]
-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan1 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -j ACCEPT
-A FORWARD -i wlan0 -o wlan1 -j ACCEPT
-A FORWARD -j LOG
COMMIT
# Completed on Tue May 12 03:41:45 2015
To get the file into iptables, use the following:
$ iptables-restore < /etc/firewall.conf
To get this done at boot time, just export the file to “/etc/network/if-up.d/iptables”:
#!/bin/sh
iptables-restore < /etc/firewall.conf

Step 4: Hostapd configuration

Lastly, hostapd should have a more complete Wi-Fi configuration (I’d suggest with some security). So the end configuration file that I use (slightly modified) is “/etc/hostapd.conf”
logger_syslog=1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
auth_algs=1
beacon_int=50
channel=3
country_code=US
disassoc_low_ack=1
driver=nl80211
hw_mode=g
ht_capab=[HT20][RX-HT20-SGI]
ieee80211d=1
ieee80211n=1
interface=wlan0
require_ht=0
rsn_pairwise=CCMP
ssid=PhotoBox
wmm_enabled=1
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_passphrase=password

Some of the configurations worth changing:

  • channel=3 : the wifi channel (and subsequently frequency) to run the hotspot at
  • ssid=PhotoBox : this is the wifi ID
  • wpa_passphrase=password : the password is still specified in the config file, it is possible to put this elsewhere, but I’m keeping things simple

When happy that the settings are correct it’s time to reboot the box (you could just restart the wifi, however above configurations are set to run at boot and now is a good time to check).

This is the end of the ‘get it running and stable’ section for Networking, next post will have other configurations of my box.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s