[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
howtos:network_services:running_an_access_point_from_a_slackware_box [2022/06/11 07:46 (UTC)] – [10 Conclusions] louigi600howtos:network_services:running_an_access_point_from_a_slackware_box [2023/01/20 09:43 (UTC)] – [4.3 DNS and DHCP Servers] fix typos tim
Line 16: Line 16:
 Look at the section  Look at the section 
      
-   software interface modes:+   Supported interface modes:
                  * AP/VLAN                  * AP/VLAN
                  * monitor                  * monitor
-AP needs to be among the software interface modes.+AP needs to be among the Supported interface modes.
  
 Ok there is still some Wireless NICs that support hardware master mode but that's 3 against all the rest I'm not going to bother going into any detail with those 3 exceptions, google is your friend if you want to insist in the hardware master mode way.  Ok there is still some Wireless NICs that support hardware master mode but that's 3 against all the rest I'm not going to bother going into any detail with those 3 exceptions, google is your friend if you want to insist in the hardware master mode way. 
 +
 +
 +Should you want to have Virtual Access Poits (more than one AP on a single physical wireless NIC) you will want to look at the section "valid interface combinations".
 +Here's the output from two cards :
 +
 +  [root@nuc8i5 ~]# for Phy in $(iw dev |grep ^phy); do   echo "$Phy";   iw $Phy info | grep  "valid interface combinations" -A 2; done
 +  phy#1
 +        valid interface combinations:
 +                 * #{ AP, mesh point } <= 8,
 +                   total <= 8, #channels <= 1
 +  phy#0
 +        valid interface combinations:
 +                 * #{ managed } <= 1, #{ AP, P2P-client, P2P-GO } <= 1, #{ P2P-device } <= 1,
 +                   total <= 3, #channels <= 2
 +  [root@nuc8i5 ~]#
 +  
 +The first one would allow more than on vAP (up to a maximum of 8) but they all got to be on the same channel.
 +The second one would allow for one AP and one managed client to be used at the same time even of different channels but the total number of live APs need to be no more than one.
  
 ====== 3 Software Requirements ====== ====== 3 Software Requirements ======
Line 74: Line 92:
   * rp-pppoe (*)   * rp-pppoe (*)
  
-(*) only if you want your AP to actually manage your internet connection. +(*) only if you want your AP to actually manage your internet connection trough some sort of point PPP modem
  
  
 ===== 3.3 Other Software ===== ===== 3.3 Other Software =====
   * hostapd   * hostapd
-  * miniupnpd (only required if you have appliances that require it)+  * miniupnpd (only required if you have appliances that require upnp)
  
 Neither of these are included in the slackare installation packages, only hostap is mandatory to gae basic AP functionality.  Neither of these are included in the slackare installation packages, only hostap is mandatory to gae basic AP functionality. 
Line 100: Line 118:
 If your AP also acts a router it's probably going to be exposed to malware and even if you do your best to keep malicious users out of your work they might still find a way in. If your router is exposed to internet you might want to consider some sort of file integrity tool that would alert you if files have been tampered with. File integrity checking could be a whole article so I'm not going to go into any detail beyond advising to read more about it on security oriented communities like [[http://www.securityfocus.com|security focus]] or maybe just do a google search on "file integrity tool".   If your AP also acts a router it's probably going to be exposed to malware and even if you do your best to keep malicious users out of your work they might still find a way in. If your router is exposed to internet you might want to consider some sort of file integrity tool that would alert you if files have been tampered with. File integrity checking could be a whole article so I'm not going to go into any detail beyond advising to read more about it on security oriented communities like [[http://www.securityfocus.com|security focus]] or maybe just do a google search on "file integrity tool".  
 ====== 4 Configuring ====== ====== 4 Configuring ======
-Now let's have a look at how to configure everything to that it will work right.+Now let's have a look at how to configure everything so that it will work right.
  
 ===== 4.1 Hostapd ===== ===== 4.1 Hostapd =====
Line 181: Line 199:
 ===== 4.3 DNS and DHCP Servers ===== ===== 4.3 DNS and DHCP Servers =====
 Now it's time to start dnsmasq. You can actually leave it running from boot if you like or even run specific servers at your choice. I now run separate dnsmasq instances for each AP so I've abandoned Slackware's rc.dnsmasq and start it from my custom network scripts which requires separate config files for each interface (like /etc/dnsmasq/br0.conf and /etc/dnsmasw/wlan1.conf). Now it's time to start dnsmasq. You can actually leave it running from boot if you like or even run specific servers at your choice. I now run separate dnsmasq instances for each AP so I've abandoned Slackware's rc.dnsmasq and start it from my custom network scripts which requires separate config files for each interface (like /etc/dnsmasq/br0.conf and /etc/dnsmasw/wlan1.conf).
-Configuring it is something you should look into to suit best your networking needs ... let's just look at some of the most common tings.+Configuring it is something you should look into to suit best your networking needs ... let's just look at some of the most common things.
 Supposing that you want to assign ip addresses belonging to 192.168.0.0/24 and this are the options you will need: Supposing that you want to assign ip addresses belonging to 192.168.0.0/24 and this are the options you will need:
  
Line 193: Line 211:
   * dhcp-leasefile=/run/dnsmasq/dnsmasq.leases   * dhcp-leasefile=/run/dnsmasq/dnsmasq.leases
   * conf-dir=/etc/dnsmasq.d   * conf-dir=/etc/dnsmasq.d
-The options local and domain allow dnsmasq to tell clients they belong to a domain and in return serve as authoritative for that domain. Some distributions that use NetworkManager will not get local resolution to work unless yo define these 2 options.+The options local and domain allow dnsmasq to tell clients they belong to a domain and in return serve as authoritative for that domain. Some distributions that use NetworkManager will not get local resolution to work unless you define these 2 options.
  
 The options except-interface bind-interfaces and listen-address are particularly useful if you want to run more then one instance of dnsmasq. The options except-interface bind-interfaces and listen-address are particularly useful if you want to run more then one instance of dnsmasq.
Line 577: Line 595:
  
 Please note the above script only works on 2.6 kernels or above. This probably also applies to socklist. Please note the above script only works on 2.6 kernels or above. This probably also applies to socklist.
 +
 +===== 5.5 Virtual AP =====
 +If your wireless NIC supports it you might like to run multiple virtual APs. As mentioned in Chapter 2 to be able to do this 
 +you will need the "valid interface combinations" sections to have #AP to be greater than one and if you optionally want them to live on separate channels you will need #channels to be greater than 1.
 +If this is the case then you can add virtual AP like this
 +
 +  iw phy0 interface add vap0 type __ap
 +or
 +  iw wlan0 interface add vap0 type __ap
 +  
 +this will create a new virtual AP, arbitrarily called vap0 on which you will need to activate a separate instance of hostapd as explained in Chapter 4.
 +Incidentally the type can be any of of these (as long as your wireless NIC supports them):
 +
 +  * monitor
 +  * managed 
 +  * wds
 +  * mesh 
 +  * ibss 
 +  * __ap
 +
 +
 +if you subsequentlt want to remove the virtual AP toy can terminate the hostapd running on it, optionally put the nick in down state and then tell iw you want to delete the virtual device:
 +
 +  iw vap0 del
 +  
  
 ====== 6 Remote Administration ====== ====== 6 Remote Administration ======
Line 953: Line 996:
   * save the random-seed to unused sector on flash when shutting down (rc.0 ... well it's a link to rc.6) and load it back to /dev/urandom from rc.S when system comes up again   * save the random-seed to unused sector on flash when shutting down (rc.0 ... well it's a link to rc.6) and load it back to /dev/urandom from rc.S when system comes up again
  
-You could optionally have fstab specify that root should be mounted ro like this:+You could optionally have fstab specify that root should be mounted ro like this: (example below is relative to when I was using ubifs on the DocStar)
  
-/dev/ubi0_0      /               ubifs  ro                       1+  /dev/ubi0_0      /               ubifs  ro                       1
  
-You will also haveto make some links in various places so that they end up writing in /run that has been mounted tmpfs. I do that manually just once with / mounted rw and then remount it ro.+You will also have to make some links in various places so that they end up writing in /run that has been mounted tmpfs. I do that manually just once with / mounted rw and then remount it ro.
  
 If you're interested in actually making such changes to the init scripts I've shared how I go about it on [[http://www.linuxquestions.org/questions/slackware-arm-108/anyone-else-interested-in-running-some-of-their-arm-devices-with-root-mounted-read-only-4175590642/ | Linux Questions]]. If you're interested in actually making such changes to the init scripts I've shared how I go about it on [[http://www.linuxquestions.org/questions/slackware-arm-108/anyone-else-interested-in-running-some-of-their-arm-devices-with-root-mounted-read-only-4175590642/ | Linux Questions]].
Line 990: Line 1033:
 Over the years I've done several remakes adding some new features. The last upgrade was using a Friendlyelec NanoPi R1S with integrated wifi and 2 ethernet nics requiring no extra usb dongles. Over the years I've done several remakes adding some new features. The last upgrade was using a Friendlyelec NanoPi R1S with integrated wifi and 2 ethernet nics requiring no extra usb dongles.
  
-Gen 5+Gen 5 (Friendlyelec NanoPI R1S)
  
 {{howtos:network_services:g5_nanopi.jpeg| NanoPi R1S}} {{howtos:network_services:g5_nanopi.jpeg| NanoPi R1S}}
Line 996: Line 1039:
 The original case has 2 issues: cappy internal antenna and tendency to overheat ... so I 3d-printed my own [[https://www.thingiverse.com/thing:5408048|case]]. The original case has 2 issues: cappy internal antenna and tendency to overheat ... so I 3d-printed my own [[https://www.thingiverse.com/thing:5408048|case]].
  
-Gen 4+{{howtos:network_services:nanopi_r1s_diy_case.jpg| DIY Case}} 
 + 
 +Gen 4 (RPi2 with display)
  
 {{howtos:network_services:g4_rpi.jpeg| RPi2 with shoft buttons}} {{howtos:network_services:g4_rpi.jpeg| RPi2 with shoft buttons}}
  
  
-Gen 3+Gen 3 (RPi2 with buttons and leds)
  
 {{howtos:network_services:g3_rpi.jpg| RPi2 with hardware buttons}} {{howtos:network_services:g3_rpi.jpg| RPi2 with hardware buttons}}
  
-Gen 2+Gen 2 (RPi2 in aluminum Sandwich)
  
 {{howtos:network_services:g2_rpi.jpg| RPi2}} {{howtos:network_services:g2_rpi.jpg| RPi2}}
  
-Gen 1+Gen 1 (Seagate DocStar in aluminum Sandwich)
  
 {{howtos:network_services:g1_seagate_docstar.jpg| Seagate DocStart}} {{howtos:network_services:g1_seagate_docstar.jpg| Seagate DocStart}}

Trace:

howtos:network_services:running_an_access_point_from_a_slackware_box ()