Linux router

From Jorg Bosman
Jump to: navigation, search

Setting up a Linux router for the Wireless Leiden network

Contents

What this document is about

i'm trying to explain how NodeJorg is setup to be a node for the Wireless Leiden network. (Note: This setup is from before the wireless leiden nodes switched to a soekris with bsd)

The hardware

  • Mainboard: Asus P/I-P55TVP4
  • Processor: Intel Pentium 133MHz
  • Memory: 48MB (2x16MB, 2x8MB)
  • Harddisk: Seagate ST34321A, 4GB
  • Network Card: PCI Intel Ethernet Pro 100 (was 3com, but that was too buggy)
  • Wireless Card: PCI Linksys WMP11
  • Video Card: PCI S3 ViRGE (was Matrox Millenium II, but that produced too much heat)

See the gallery for the Antennas.

The Operating System

Debian GNU/Linux (easier upgrades/configuration and better security than most other Linux-distributions). Woody is at this moment (november 2002) the stable-version of Debian.

Partitioning the harddisk: 

Device    Boot   Size  Id  System  Mountpoint
/dev/hda1    *     8M  83  Linux   /boot
/dev/hda2       2048M  83  Linux   /
/dev/hda3        512M  83  Linux   /var
/dev/hda6        256M  83  Linux   /cache
/dev/hda7        256M  83  Linux   /tmp
/dev/hda8        256M  82  Linux   Swap


Modify some configuration files

Put the debian-mirrors with all the latest upgrades in /etc/apt/sources.list: 

deb ftp://ftp.nl.debian.org/debian stable main contrib non-free
deb-src ftp://ftp.nl.debian.org/debian stable main contrib non-free

deb ftp://non-us.debian.org/debian-non-US stable/non-US main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free

deb ftp://ftp.fi.debian.org/debian stable main contrib non-free
deb-src ftp://ftp.fi.debian.org/debian stable main contrib non-free


Make the screen 50 lines high so you see some more info in case the system totally crashes in /etc/lilo.conf: 

...
# Specifies the VGA text mode at boot time. (normal, extended, ask, )
#
# vga=ask
# vga=9
#
vga=extended
...

Lot's of informative command are in the sbin-directories and since we only login to manage the system we'll put them in the path in /etc/profile: 

# /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).

PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/bin/X11:/usr/games"

Now upgrade your system with the latest packages with dselect


Building the kernel

Download the latest kernel-source from www.kernel.org and some patches if you like. in my case that was 2.4.20-rc2-ac3: 

apt-get install kernel-package
apt-get install wget
cd /usr/local/src
wget http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.19.tar.gz
wget http://www.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.20-rc2.gz
wget http://www.kernel.org/pub/linux/kernel/people/alan/linux-2.4/2.4.20/patch-2.4.20-rc2-ac3.gz

Extract it from the gz-file: 

cd /usr/src
gzip -dc linux-2.4.19.tar.gz | tar -xvf -
cd linux-2.4.19
gzip -dc ../patch-2.4.20-rc2.gz | patch -p1 -N -F4
gzip -dc ../patch-2.4.20-rc2-ac3.gz | patch -p1 -N -F4
ln -s /usr/src/linux-2.4.19 /usr/src/linux

Configure the kernel. Modify the maintainer and email-field in /etc/kernel-pkg.conf first so the correct name comes in the kernel. 

cd /usr/src/linux-2.4.19
make oldconfig
make-kpkg --revision=jorg.1 clean
make menuconfig

Make sure the following options are set correctly: 

   Code maturity level options  --->
     [*] Prompt for development and/or incomplete code/drivers
   Processor type and features  --->
     (Pentium-Classic) Processor family
     [ ] Symmetric multi-processing support
   General setup  --->
     [ ] Support for hot-pluggable devices
     [*] BSD Process Accounting
      Kernel support for a.out binaries
      Kernel support for MISC binaries
     [ ] Power Management support
   Plug and Play configuration  --->
     < >   ISA Plug and Play support
   Block devices  --->
     [*] Per partition statistics in /proc/partitions
   Networking options  --->
     [*]   Packet socket: mmapped IO
     [*] Network packet filtering (replaces ipchains)
     [*]   Network packet filtering debugging (NEW)
     [*] Socket Filtering
     [*]   IP: advanced router
       IP: Netfilter Configuration  --->
       <*> Connection tracking (required for masq/NAT) (NEW)
       <*>   FTP protocol support (NEW)
       <*>   IRC protocol support (NEW)
       <*> IP tables support (required for filtering/masq/NAT) (NEW)
       <*>   Packet filtering
       <*>   Full NAT (NEW)
       <*>     MASQUERADE target support (NEW)
       <*>     REDIRECT target support (NEW)
   ATA/IDE/MFM/RLL support  --->
     IDE, ATA and ATAPI Block devices  --->
     [ ]   CMD640 chipset bugfix/support
     [ ]   RZ1000 chipset bugfix/support
   SCSI support  --->
     < > SCSI support
   Network device support  --->
     Ethernet (10 or 100Mbit)  --->
       [*]   3COM cards
       <*>     3c590/3c900 series (592/595/597) "Vortex/Boomerang" support (NEW)
       [ ]   EISA, VLB, PCI and on board controllers
     Wireless LAN (non-hamradio)  --->
       [*] Wireless LAN (non-hamradio)
   Character devices  --->
     [*]   Support for console on serial port
     Mice  --->
       < > Mouse Support (not serial and bus mice)
     <*> Enhanced Real Time Clock Support
     < > /dev/agpgart (AGP Support)
     [ ] Direct Rendering Manager (XFree86 DRI support)
   File systems  --->
     <*> Ext3 journalling file system support (EXPERIMENTAL)
     [*]   JBD (ext3) debugging support
     <*> DOS FAT fs support
     <*>   MSDOS fs support
     <*>   VFAT (Windows-95) fs support
     [*]   Microsoft Joliet CDROM extensions
     Network File Systems  --->
       < > NFS file system support
       < > NFS server support
     Native Language Support  --->
       Default NLS Option: "iso8859-15" (NEW)
       <*> NLS ISO 8859-1  (Latin 1; Western European Languages) (NEW)
       <*> NLS ISO 8859-15 (Latin 9; Western European Languages with Euro) (NEW)
       <*> NLS UTF8 (NEW)
   Console drivers  --->
     [*] Video mode selection support
   Sound  --->
     < > Sound card support
   USB support  --->
     < > Support for USB
   Kernel hacking  --->
     [*] Kernel debugging
     [*]   Magic SysRq key (NEW)


and finally, make and install the kernel: 

make-kpkg --revision=jorg.1 clean
make-kpkg --revision=jorg.1 kernel_image
cd ..
dpkg -i kernel-image-2.4.20-rc2-ac3_jorg.1_i386.deb

Now, reboot the system and hope it comes up with the new kernel.

Making your filesystem more crash-proof

Convert the ext2-partitions to the journalled ext3-filesystem: 

tune2fs -j /dev/hda2
tune2fs -j /dev/hda3
tune2fs -j /dev/hda5
tune2fs -j /dev/hda6
tune2fs -j /dev/hda7

(yes, that's right, skip /dev/hda1)

Replace all the ext2's with ext3 in /etc/fstab Except for /boot, keep that one on ext2 so you are always sure to boot the system if you don't have ext3-support in the kernel. Set the '/'-partition to ext3,ext2 so you can mount it if you booted without ext3-support: 

# /etc/fstab: static file system information.
#
#                        
/dev/hda1       /boot           ext2    defaults                0       2
/dev/hda2       /          ext3,ext2    errors=remount-ro       0       1
/dev/hda3       /var            ext3    defaults                0       2
/dev/hda5       /chroot         ext3    defaults                0       2
/dev/hda6       /cache          ext3    defaults                0       2
/dev/hda7       /tmp            ext3    defaults                0       2
/dev/hda8       none            swap    sw                      0       0
proc            /proc           proc    defaults                0       0
/dev/fd0        /floppy         auto    user,noauto             0       0
/dev/cdrom      /cdrom       iso9660    ro,user,noauto          0       0


Now, reboot again so the journalled filesystem is enabled.

Network setup

Download the hostap driver: 

cd /usr/local/src
export CVSROOT=":pserver:anonymous@hostap.epitest.fi:/cvs"
cvs login
cvs checkout hostap
cd hostap
make clean pci install_pci

Configure the network interfaces in /etc/network/interfaces: 

   # the lan-connection
   auto eth0
   iface eth0 inet static
   	address 192.168.0.2
   	netmask 255.255.255.0
   	gateway 192.168.0.1
   	network 192.168.0.0
   	broadcast 192.168.0.255

   # wireless clients
   auto wlan0
   iface wlan0 inet static
           address 172.20.0.1
           netmask 255.255.255.192
           network 172.20.0.0
           broadcast 172.20.0.63
           up /usr/local/scripts/ipaccounting
           up /usr/local/scripts/enablenat
           up /usr/local/scripts/setwireless

   # connection to nodecope (172.16.0.21)
   auto wlan0:1
   iface wlan0:1 inet static
           address 172.16.0.22
           netmask 255.255.255.252
           network 172.16.0.20
           broadcast 172.16.0.23

   # connection to nodehuub (172.16.0.17)
   auto wlan0:2
   iface wlan0:2 inet static
           address 172.16.0.18
           netmask 255.255.255.252
           network 172.16.0.16
           broadcast 172.16.0.19


Make the scripts in /usr/local/scripts:

vi /usr/local/scripts/ipaccounting 

   #!/bin/sh

   iptables -A INPUT -d 172.20.0.1
   iptables -A INPUT -d 172.16.0.22
   iptables -A INPUT -d 172.16.0.18
   iptables -A OUTPUT -d 172.20.0.1
   iptables -A OUTPUT -d 172.16.0.22
   iptables -A OUTPUT -d 172.16.0.18


vi /usr/local/scripts/enablenat 

   #!/bin/sh

   # redirect all wireless http traffic through squid
   iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080

   # enable nat
   iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
   echo 1 > /proc/sys/net/ipv4/ip_forward


vi /usr/local/scripts/setwireless 

   #!/bin/sh

   # configure the wireless interface
   iwconfig wlan0 essid centrum.jorg0.wleiden.net
   iwconfig wlan0 channel 6
   iwconfig wlan0 sens 3
   iwconfig wlan0 nick "NodeJorg"
   iwconfig wlan0 txpower 20
   iwconfig wlan0 rate 11M
   iwconfig wlan0 mode master
Retrieved from "http://www.jorgbosman.eu/wiki/index.php?title=Linux_router&oldid=126"
Personal tools