Raspberry Pi - Static IP Address

For some reason, the configuration of static IP addresses in /etc/network/interfaces in the manner I've been using since Redhat 4.0 back in the mid to late 90s no longer works on the recent Raspbian Jessie images for the Raspberry Pi.

I've not researched why, I think its related to the GUI tools. I only use the cmd line and never even boot a GUI on so have come to the conclusion life is too short. So its time to learn something new again, but once you know where it is configured it isn't too difficult.

The configuration is now performed in the file /etc/dhcpcd.conf with the follow entries being added:-

  interface eth0
  static ip_address=192.168.0.10/24
  static routers=192.168.0.1
  static domain_name_servers=208.67.222.222 208.67.220.220


Obviously you need to change the details above to reflect your particular network.

The DNS servers listed are for the OpenDNS servers

Its as easy as Pi, just I quiet liked my old Pi.

Perl - CPAN shell

Brief guide to setting up CPAN shell to easily install Perl modules.

    sudo perl -MCPAN -e shell

If this fails with error message "Can't locate local/lib.pm in @INC" or make not found, either way you may need to install supporting tools. In a debian world this is as easy as:-

    sudo apt-get install build-essential liblocal-lib-perl

Once in the Perl CPAN shell its a good idea to update the shell:-

    sudo perl -MCPAN -e shell

    install CPAN

    reload cpan

Finally to install a module such as Net::Telnet simply:-

    sudo perl -MCPAN -e shell

    install Net::Telnet

Thats all for now.

Linux - Debian Media Content Server

I've decided to combine a number of server functions I currently have onto a single Debian box for ease of sharing media etc. Having now got to the point where I have a spare HP Microserver N40 freed up which has 1 x 250GB and 3 x 2TB HDDs, its time to get this project started. Several minutes later I had the latest stable Debian (8.2.0) NetInstall ISO downloaded and burnt to a CD all ready to get started. Upon booting, I always use the expert install, not because that reflects my skill level, more from habit following years of the graphical installers not working on all sorts of old hardware I've accumulated over the years. Anyway, before we get started ensure the system is up to date, it should be as it was a fresh Net Install, but old habits die hard.

apt-get update
apt-get upgrade
apt-get install vim vsftpd apache2 samba

Following the installation two new directories are to be created. Using the -p option, any parent directories are also created.

mkdir -p /home/TRUSTEDUSER/content/media/video
mkdir -p /home/TRUSTEDUSER/content/media/audio

FTP Access As I am hosting the media within my home directory, it is simple enough to allow me ReadWrite FTP access to it all by making the following changes in the /etc/vsftpd.conf file.

local_enable=YES
write_enable=YES
local_umask=022

Following the edits, restart the service.

service vsftpd restart

Web Browser (HTTP) Access I need read access to all my media content using a nothing more than a browser. This isn't destined to be publically available so I'm happy with the security implications of such a broad approach to access and security. In this simple scenario it is easiest to just update the default Document Root as below:

vi /etc/apache2/sites-available/000-default.conf

DocumentRoot /var/www/html
DocumentRoot /home/TRUSTEDUSER/content

Once the default document root has been updated, we need to turn attention to the apache2.conf file. In this file we delete (or comment if you prefer) the eisting Directory statements before adding a new one and restarting apache as shown below:

vi /etc/apache2/apache2.conf

<Directory /home/TRUSTEDUSER/content/>
  Options Indexes FollowSymLinks
  Require all granted
</Directory>

service apache2 restart

Samba (Microsoft Networking Access) For samba I wanted 3 shares, one hidden which would be write enabled for me, and two others which were read only by anyone using the guest account. My target folder structure and permissions are shown below

/home/TRUSTEDUSER/content/media          # Write access enabled for me (TRUSTEDUSER)
/home/TRUSTEDUSER/content/media/audio    # Read only access for Guest account
/home/TRUSTEDUSER/content/media/video    # Read only access for Guest account

The supplied Samba config file /etc/samba/smb.conf is replaced with one containing just the elements I require. Of course, I take a backup first.

cp /etc/samba/smb.conf /etc/samba/smb.conf.original

The file below is my new /etc/samba/smb.conf file. For simplicity I've just copied it here.

#======================= Global Settings =======================
[global]
workgroup = WORKGROUP
dns proxy = no
load printers = no
printcap name = /dev/null
disable spoolss = yes

#### Networking ####
interfaces = 127.0.0.0/8 eth0
bind interfaces only = yes

#### Debugging/Accounting ####
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0

####### Authentication #######
server role = standalone server
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user

############ Misc ############
usershare allow guests = yes

#======================= Share Definitions =======================
[media]
comment = Media Share
path = /home/TRUSTEDUSER/content/media
valid users = "TRUSTEDUSER"
write list = "TRUSTEDUSER"
guest ok = no
browseable = no

[audio]
comment = Audio Media Share
path = /home/TRUSTEDUSER/content/media/audio
read only = yes
guest ok = yes

[video]
comment = Video Media Share
path = /home/TRUSTEDUSER/content/media/video
read only = yes
guest ok = yes

Once the /etc/samba/smb.conf file has been updated, its a good idea to use the testparm command to catch any mistakes. Once that looks ok, reload samba with the following:

/etc/init.d/samba restart

Samba stores it user accounts seperate from the Linux system running Samba, therefore I need to create a Samba Password as below:

smbpasswd -a TRUSTEDUSER

If you want to use a Samba username that doesn't already have a Linux account, you can either create a Linux account the normal way with useradd, or as below if you do not want the user to be able to log into the Linux host.

useradd -c "Another Users Name" -d /home/AnotherUsersName -s /sbin/nologin AnotherUsersName
smbpasswd -a AnotherUsersName

After samba is configured, and the new user has been configured we can test to make sure the access works as expected. I am not going to document all that here, but if what I have written helps someone then great. Final things to think about, are the underlying Linux file permissions on the appropriate directories and files. I have mine configured for 755, but there are other schools of thought out there.

Linux - expanding LVM volume

I have set up a new media sharing Debian box which I need to expand the size of the existing home logical volume to allow me to store my media content in one place. The process is relatively straight forward assuming the server has LVM up and running already. We need to follow the process of:-

1. Install the new disk(s)
2. Partition the new disk(s)
3. Prepare the PV's (Physical Volumes)
4. Extend the existing VG (Volume Group)
5. Extend the existing LV (Logical Volume) and the associated filesystem

Currently the server has a single 250GB drive, to which I am adding 2 x 2TB disks that have been liberated from Desktop USB HD enclosures. Sure they may not be the fastest drives, or have the best MTBF numbers but they were cheap and serve my reuse and make do approach to IT. After powering the system down, installing the drives and booting back up again I can check my drives are in place using the command fdisk -l. Assuming the disk(s) are all present and correct simply delete any existing partitions and create a new one on each disk. Use caution with fdisk as you could delete your data if you make errors. Use your favorite search engine if you are not sure. In my example there are 2 x 2TB disks, so I have 2 new PV's to create as shown below:

root@content:~#pvcreate /dev/sdb1
  Physical volume "/dev/sdb1" successfully created
root@content:~#pvcreate /dev/sdc1
  Physical volume "/dev/sdc1" successfully created

Once the PV's are created we need to extend the existing volume group (which on my system is called content-vg):

root@content:~#vgextend content-vg /dev/sdb1
  Volume group "content-vg" successfully extended
root@content:~#vgextend content-vg /dev/sdc1
  Volume group "content-vg" successfully extended

Once we have extended the volume group to include the 2 new disks, we just need to expand the logical volume and file system to use the free space:

root@content:~#lvextend -r -l 100%FREE /dev/content-vg/home

Now when we check with df we can see the increased space available on my home volume. Other command useful along the way are pvdisplay vgdisplay and lvdisplay. I am not about to document them all here, as compious information is available 3 clicks from your favorite search engine. Once we have extended the volume group to include the 2 new disks, we just need to expand the logical volume and file system to use the free space: Thats All Folks.

Raspberry Pi - SMS Texting using 3G dongle

The problem I'm having to solve is that the 3G Dongle isn't being recognised as a serial port, it is being recognised as a storage device. Even though the description obtained from lsusb clearly identifies it as a modem.

  root@rasp-storage:~# lsusb

  Bus 001 Device 002: ID 0424:9512 Standard Microsystems Corp.

  Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

  Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp.

  Bus 001 Device 004: ID 1a40:0101 Terminus Technology Inc. 4-Port HUB

  Bus 001 Device 005: ID 1a40:0101 Terminus Technology Inc. 4-Port HUB

  Bus 001 Device 006: ID 12d1:1446 Huawei Technologies Co., Ltd. E1552/E1800/E173 (HSPA modem)

Anyway, before we get started ensure the system is up to date. I'm using the latest Raspian so its a simple case of:

  apt-get update
  apt-get upgrade

The tool we are going to be using is called usb-modeswitch.

  root@rasp-storage:~# apt-cache search modeswitch 
  usb-modeswitch - mode switching tool for controlling "flip flop" USB devices
  usb-modeswitch-data - mode switching data for usb-modeswitch
  root@rasp-storage:~# apt-get install usb-modeswitch usb-modeswitch-data

I found the information for the usb_modeswitch elements by googling the "Huawei E173 modem", the details below are unlikely to work on other 3G modems. Create a file named 12d1:1446 under /etc/usb_modeswitch.d/ which contains:

  DefaultVendor=0x12d1
  DefaultProduct=0x1446
  MessageContent="55534243123456780000000000000011062000000100000000000000000000" 

Create a file /usr/local/sbin/3gmodemswitch containing.

  usb_modeswitch -I -W -c /etc/usb_modeswitch.d/12d1\:1446

Create a file /etc/udev/rules.d/99-3gmodem.rules which contains:

  ACTION=="add", ATTRS{idVendor}=="12d1", ATTRS{idProduct}=="1446", RUN+="/usr/local/sbin/3gmodemswitch"

So when the modem is plugged in, udev rules pick it up and execute the 3gmodemswitch script, which in turn calls usb_modeswitch. If we have a look at the output from lsusb now, we see:

  lsusb Bus 001 Device 002: ID 0424:9512 Standard Microsystems Corp.
  Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
  Bus 001 Device 009: ID 12d1:1506 Huawei Technologies Co., Ltd. E398 LTE/UMTS/GSM Modem/Networkcard
  Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp.
  Bus 001 Device 004: ID 0781:5571 SanDisk Corp.
  Bus 001 Device 005: ID 1a40:0101 Terminus Technology Inc. 4-Port HUB
  Bus 001 Device 006: ID 1a40:0101 Terminus Technology Inc. 4-Port HUB
  root@rasp-sms:/etc/usb_modeswitch.d#

I was able to reboot, and do a complete power down restart, and the modem continued to be recognized as a 3G modem. It should be noted I have in the past experienced an issue where the root filesystem was not on the SD card, but a USB drive. However when starting the Pi in that configuration sometimes the built in storage of the 3G modem was identified as SDA rather than the USB thumb drive. To fix this situation I made sure to use the root=PARTUUID=XXXXX notation in the /boot/cmdline.txt file. Finally, install smstools using:

  apt-get install smstools

Following which edit the /etc/smsd.conf file and append the following to the bottom (using the correct ttyUSB device:-

  [GSM1]
  #init =
  device = /dev/ttyUSB0
  incoming = yes
  #pin =
  baudrate = 19200

Now when I drop a file into the /var/spool/sms/outgoing/ directory in the format:

  To: 444797575B134

  Hello From My Raspberry Pi. :)

Incidentally the number above is random, furthermore I put a letter B in the text on purpose just to save some poor soul getting unsolicited texts by anyone reading this and simply copying the text.

So with a little more scripting, I now use this Raspberry Pi as a notification server, it polls other devices (predominately network equipment) and services and text's me if there are problems. I can also sent it texts to perform simple actions, but that element is still very much a work in progress.

Hope someone other than myself find this information useful. :)

Raspberry Pi - Basic Setup

This is the initial setup and configuration I use for Raspberry Pi's. It isn't an all encompassing How-To, more a simple task list to jog my memory along the way:-

• Download the latest debian based image; Raspbian Latest
• Write the image to a SD Card.
• Boot the Raspberry Pi.
• Run through the raspi-config script that runs automatically.
• After the Raspberry Pi has booted customize the required elements below.

IP Addressing, change from dynamic to static in /etc/network/interfaces.
  iface eth0 inet dhcp  iface eth0 inet static
    address 192.168.0.10
    netmask 255.255.255.0

    gateway 192.168.0.1

Setup your own user account:
  sudo adduser fred

Enable sudo access on your new account and delete it from pi account:
  sudo visudo

  pi All=(ALL) NOPASSWD: ALL

  fred All=(ALL) NOPASSWD: ALL


Logout as the pi user and log back in as your new use defined above. Once logged back in as your new user remove the pi account if you wish.
  sudo deluser pi

If preferred you can just lock the pi account:
  sudo passwd -l pi


Name Resolution, configure DNS if desired in /etc/resolv.conf you only really need 1 or 2 nameserver entries, the multiple addresses are there for my reference only.

  domain localdomain.com         # Whatever domain name you wish to use
  search localdomain.com         #
  nameserver 8.8.4.4             # Public DNS provided by Google
  nameserver 8.8.8.8             # Public DNS provided by Google
  nameserver 208.67.222.222      # Public DNS provided by opendns
  nameserver 208.67.220.220      # Public DNS provided by opendns
  nameserver 192.168.0.111       # Private hosted DNS server

Finally update using:
  sudo apt-get update

  sudo apt-get dist-upgrade

At this point, I usually shutdown the PI and take a backup of the SD card before moving on to more specific installation and configuration.

Raspberry Pi - 1 Wire OWFS i2c bus

In this basic How-To I work through the software configuration steps I use so that the Raspberry Pi can read values from a 1-wire DS18B20 temp sensors. The basic Raspberry Pi is fully operational with the latest fully updated Raspbian image. It is possible to interface directly to the GPIO pins, which I tested on a breadboard before deciding to go with the dedicated add on module (the RPI3v1) from Sheepwalk Electronics, which provides me with a convenient connection options given I have Cat5E wiring throughout my house. Sad I know, but useful none the less. :) The first thing we need to do is to enable the required kernel nodules. To achieve this across reboots insert the lines below in the /etc/modules file:

i2c-bcm2708
i2c-dev

If ic2detect isn't already installed it is available through the standard repository. Whilst we are installing the i2c-tools we will install the owfs and ow-shell packages as well:

sudo apt-get install i2c-tools owfs ow-shell

The command below will probe the i2c bus. Change the value of -y accordingly (0 = RPi-V1 1 = RPi-V2):

pi@rasp-owfs ~ $ sudo i2cdetect -y 0
 0 1 2 3 4 5 6 7 8 9 a b c d e f
 00: -- -- -- -- -- -- -- -- -- -- -- -- --
 10: -- -- -- -- -- -- -- -- -- -- -- -- 1c -- -- --
 20: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
 30: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
 40: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
 50: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
 60: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
 70: -- -- -- -- -- -- -- --
 pi@rasp-owfs ~ $

Edit the /etc/owfs.conf file as appropriate below:

server: FAKE = DS18S20,DS2405
 #server: FAKE = DS18S20,DS2405
 # Chose appropriate line below based on rev1 or rev2 RPi
 # server: device=/dev/i2c-0
 # server: device=/dev/i2c-1

Assuming everything is operational and configured correctly, restart the service and check to see the connected 1-wire sensors are being read.

pi@rasp-owfs ~ $ sudo service owserver restart
[ ok ] Restarting 1-Wire TCP Server: owserver.
pi@rasp-owfs ~ $
pi@rasp-owfs ~ $
pi@rasp-owfs ~ $ owdir
 /28.BAB11E050000
 /28.69EF1E050000
 /bus.7
 /bus.6
 /bus.5
 /bus.4
 /bus.3
 /bus.2
 /bus.1
 /bus.0
 /uncached
 /settings
 /system
 /statistics
 /structure
 /simultaneous
 /alarm
pi@rasp-owfs ~ $
pi@rasp-owfs ~ $
pi@rasp-owfs ~ $ owread /28.BAB11E050000/temperature ;echo
23.9375
pi@rasp-owfs ~ $ owread /28.69EF1E050000/temperature; echo
23.9375
pi@rasp-owfs ~ $

We have now got 2 sensors plugged in and being read, they even agree and report the same temperature, which given they are next to each other is hardly surprising. Wouldn't it be good though to change the long hexidecimal strings so we can refer to the sensors using a location name. Fortunately with a bit more editing that's exactly what we can do. Work out which one you wish to name first by simply removing the other one. When we down run the owdir command the only one listed will be that of the one to rename.

pi@rasp-owfs ~ $ owdir
 /28.CE1613050000
 /bus.7
 /bus.6
 /bus.5
 /bus.4
 /bus.3
 /bus.2
 /bus.1
 /bus.0
 /uncached
 /settings
 /system
 /statistics
 /structure
 /simultaneous
 /alarm 
pi@rasp-owfs ~ $

The observant may have noticed that this is a different sensor to those addressed before. This is a waterproof one that is mounted outside in a wind sheltered spot. It should be noted though that using this method to create alias breaks the built in web server front end to owserver. If you use that interface such as browsing to http://yourIPaddr:2121, then this isn't for you. I am sure it can be solved, I've just never needed to so haven't looked into it.So to proceed, simply create a owfs.alias file in /etc with the format as below:-

pi@rasp-owfs ~ $ sudo vi /etc/owfs.alias
 28.69EF1E050000 = datacab1
 28.D9301F050000 = lounge1
 28.CC871E050000 = loft1
 28.A8A21E050000 = kitchen1
 28.BAB11E050000 = bedroom2
 28.EB4C1E050000 = bedroom1
 28.1ADE1F050000 = office1
 28.22A61E050000 = garage2
 28.CE1613050000 = outside

Now the alias file has been created, we need to instruct the owserver to use those names. Simply edit the /etc/init.d/owserver file find the section below (not far from the top) :-

d_start() {
 [ -d $PIDDIR ] || {
 mkdir -m 0775 -p $PIDDIR
 chown root:root $PIDDIR >/dev/null 2>&1
 }
 start-stop-daemon --start --quiet --oknodo --exec $DAEMON -- -c $CONFFILE \
 --pid-file $PIDFILE
 # ensure the daemon has been started
 sleep 1
 pidofproc -p $PIDFILE $DAEMON >/dev/null
 }

Under the start-stop-daemon section we need to change it to as shown below for it to use the alias file we created earlier.

start-stop-daemon --start --quiet --oknodo --exec $DAEMON -- -c $CONFFILE \
 -a /etc/owfs.alias --pid-file $PIDFILE

Once we have updated, either reboot the RPi or, issue the following command:-

sudo /etc/init.d/owserver restart

Personally I would recommend a reboot, but either should work as shown below.

pi@rasp-owfs ~ $ owdir
 /outside
 /bedroom2
 /datacab1
 /bus.7
 /bus.6
 /bus.5
 /bus.4
 /bus.3
 /bus.2
 /bus.1
 /bus.0
 /uncached
 /settings
 /system
 /statistics
 /structure
 /simultaneous
 /alarm
 pi@rasp-owfs ~ $
 pi@rasp-owfs ~ $ owread /outside/fasttemp;echo
 3
 pi@rasp-owfs ~ $ owread /outside/temperature;echo
 3.1875
 pi@rasp-owfs ~ $

That's all folks. Feel free to leave a comment.

Build Asus EeePC Debian Wifi Access Point

Background

I have a number of old netbooks and laptops, gathering dust in my office that have been discarded over the years by family members, friends and myself as they have been replaced by newer faster models. Many of them are in various stages of being dismantled as they have been cannibalised to keep other machines going. In addition to old computer equipment, my office is also littered with old networking equipment including access points and even some wireless antennas that I seem to have accumulated over the years. Even with all this old hardware available to me, I still find myself wanting a Linux based access point for two reasons.

• The challenge of getting it working, and learn a few things on the way.
• To provide a Linux machine for future projects I have in mind.

Hardware

Looking at the equipment I have available to experiment with, I have chosen to use one of the two original Asus EeePC available. After all, these were the machines that created the whole netbook category as I see it. I have a 701 4G Surf in a rather fetching baby blue and white colour, and a 701 8G model.

Despite the rather girlie colour its the 4G Surf that I have chosen as I don't need much storage space, and the battery is in better condition than the 8G alternative.

 

Debian OS

The Asus has a Atheros wifi card which is supported in the ath5k driver. This is included in the kernel of Debian distributions since 2.6.25. Debian Squeeze (at time of writing) is the current stable release, so I headed over to the downloads page and several minutes later had a Net Install CD burnt ready for action.

 If you need help installing Debian there is a lot of useful information in the Debian EeePC Wiki.

 

OS Installation

The install itself is simple enough, I chose to do an expert text only install. Previously on other netbooks I've had problems with GUI installs and the different resolutions. I didn't even try the GUI, it may work fine, text although not pretty always works though.

When it came to partitioning the disks, I went with a single 4GB ext3 partition. I didn't bother with a swap space as I don't have a lot of space to play with, but primarily because the internal disk is flash memory, I can't see how it will actually add much to the performance anyway. I don't have conclusive information either way, so just chose a simple set-up for my needs.

During the Software Selection of the install process I opted for the three following options.

• SSH Server
• Laptop
• Standard System Utilities

If at a later date I find I need some additional functionality I can always install the relevant package at that time. At the moment I am keen to avoid installing all sorts of software and risk wasting valuable disk space which is at a premium on the EeePC.

Following a reboot, and logging in with the credentials provided during the install it all looks good with both my ethernet and wifi interfaces being available.

root@eeepc:~#$ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:1f:c6:3e:1f:b9
 inet addr:10.1.1.158 Bcast:10.1.1.255 Mask:255.255.255.0
 inet6 addr: fe80::21f:c6ff:fe3e:1fb9/64 Scope:Link
 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
 RX packets:182 errors:0 dropped:0 overruns:0 frame:0
 TX packets:104 errors:0 dropped:0 overruns:0 carrier:1
 collisions:1 txqueuelen:1000
 RX bytes:21877 (21.3 KiB) TX bytes:14862 (14.5 KiB)
 Memory:fbfc0000-fc000000

lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0
 inet6 addr: ::1/128 Scope:Host
 UP LOOPBACK RUNNING MTU:16436 Metric:1
 RX packets:8 errors:0 dropped:0 overruns:0 frame:0
 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:0
 RX bytes:560 (560.0 B) TX bytes:560 (560.0 B)

pan0 Link encap:Ethernet HWaddr 9a:12:2c:14:30:5b
 BROADCAST MULTICAST MTU:1500 Metric:1
 RX packets:0 errors:0 dropped:0 overruns:0 frame:0
 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:0
 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

wlan0 Link encap:Ethernet HWaddr 00:15:af:8e:04:7c
 BROADCAST MULTICAST MTU:1500 Metric:1
 RX packets:0 errors:0 dropped:0 overruns:0 frame:0
 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1000
 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

 

Additional Packages Required

Pretty much everything you need to get up and running will probably be installed now, there are some exceptions of course. For my access point I will need to be able to put the Atheros wifi card into Master mode, to enable me to do this I need Hostapd.

apt-get install hostapd

In addition I also will be requiring the ability to bridge the Wlan0 and Eth0 interfaces and will need the bridge utils package to achieve this.

apt-get install bridge-utils

 

Post Installation Configuration - Hostapd

Once hostapd is installed you need to edit a couple of config files to enable it to start up as a daemon with the required configuration.

1. In /etc/default/hostapd  replace the line #DAEMON_CONF="" with DAEMON_CONF="/etc/hostapd/hostapd.conf"
2. Edit /etc/hostapd/hostapd.conf file and include the configuration for your new wireless network. An example is shown below, but more information on the settings available can be found on this hostapd driver page, it is targeted towards PRISM based wifi cards, but is still a good reference.

The following can be used as a sample hostapd.conf for an open access point.

#
# Config for /etc/hostapd/hostapd.conf for an open wifi.
#
interface=wlan0
driver=nl80211
bridge=br0
ssid=open-wifi
auth_algs=1
channel=11
wpa=0
ignore_broadcast_ssid=0

It is very simple to add WPA security, as the example below shows.

#
# Config for /etc/hostapd/hostapd.conf for a secure wifi.
#
interface=wlan0
driver=nl80211
bridge=br0
ssid=secure-wifi
auth_algs=1
channel=1
wpa=3
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
wpa_passphrase=securewirelesspassword
macaddr_acl=0
ignore_broadcast_ssid=0

Even though we have not yet set-up the bridging function, it is probably worth restarting the hostapd process for the new configuration file to be used. To do this simply enter  the following:

/etc/init.d/hostapd restart

 

Post Installation Configuration - Bridging.

All that is left to do in this simple set-up is to build the bridge and allocate the real physical interfaces to the bridge. The commands below are all that is needed to do this.

ifconfig eth0 0.0.0.0 down
ifconfig wlan0 0.0.0.0 down
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 wlan0
brctl stp br0 off
ifconfig eth0 0.0.0.0 up
ifconfig wlan0 0.0.0.0 up
dhclient br0

Whilst this may look complicated, it is very simple really.

• Lines 1 & 2 remove any IP address on the Ethernet and Wifi interfaces and shuts them down.
• Line 3 defines a new interface br0
• Lines 4 and 5 add the Ethernet and Wifi interfaces into the bridge group br0
• Line 6 turns spanning-tree off. This is a function which prevents loops in a network, and isn't needed for a simple wireless network.
• Lines 7 & 8 bring up the two interfaces without an IP address assigned.
• Line 9 requests an IP address for the br0 interface so the host Debian box can accessed for management purposes.

It Works

I now have an old Asus EeePC up and running as a basic Access Point using Debian Linux.

 

Summary

This is a simple project but one I've been planning to do for a while now. This small portable laptop is now functioning as a simple access point. I have further projects planned, some of the ideas include

• Add a DHCP server and route rather than bridge between the Wifi and the Ethernet.
• Add NAT (or more specifically PAT) functionality to mascaraed the wireless clients so their IP addresses do not appear on the attached Ethernet.
• Build an OpenVPN connection from the laptop to a remote server so that the wireless clients are then tunnelled across the attached Ethernet. This will allow both traffic encryption and hiding of the end Wifi devices.
• As a simple data collection point to run capture tools such as tcpdump, dsniff and driftnet for testing and demonstration purposes.
• Building on that idea, add ettercap functionality to highlight the threat of MITM (Man In The Middle) attacks and educate people not to just use any open wireless network.
• Investigate the possibility of building some content filtering solution to protect children from stumbling (or finding) non appropriate web sites.

I have no idea what will come first on that list, or when I will find the time, but all of those things present a challenge and catch my interest.

I hope this information helps someone somewhere, if you have any thoughts or ideas, please leave a comment.