Permalink
Browse files

recipe james::wifi for setting up device as wirless access point

  • Loading branch information...
drue committed Feb 26, 2012
1 parent c518e77 commit 2e96dbaac210712c325cf83eb18b1f607150fd08
@@ -0,0 +1,2 @@
+INTERFACES="br0"
+
@@ -0,0 +1,122 @@
+#
+# Sample configuration file for ISC dhcpd for Debian
+#
+# Attention: If /etc/ltsp/dhcpd.conf exists, that will be used as
+# configuration file instead of this file.
+#
+#
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# option definitions common to all supported networks...
+option domain-name "example.org";
+option domain-name-servers 8.8.8.8, 8.8.4.4;
+
+default-lease-time 600;
+max-lease-time 7200;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+#authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+log-facility local7;
+
+
+# Subnet for DHCP Clients
+subnet 10.1.1.0 netmask 255.255.255.0 {
+ option domain-name-servers 8.8.8.8, 8.8.4.4;
+ max-lease-time 7200;
+ default-lease-time 600;
+ range 10.1.1.50 10.1.1.60;
+ option subnet-mask 255.255.255.0;
+ option broadcast-address 10.1.1.255;
+ option routers 10.1.1.1;
+ }
+
+# No service will be given on this subnet, but declaring it helps the
+# DHCP server to understand the network topology.
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+# range 10.254.239.10 10.254.239.20;
+# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+# range dynamic-bootp 10.254.239.40 10.254.239.60;
+# option broadcast-address 10.254.239.31;
+# option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+# range 10.5.5.26 10.5.5.30;
+# option domain-name-servers ns1.internal.example.org;
+# option domain-name "internal.example.org";
+# option routers 10.5.5.1;
+# option broadcast-address 10.5.5.31;
+# default-lease-time 600;
+# max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements. If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+# hardware ethernet 0:0:c0:5d:bd:95;
+# filename "vmunix.passacaglia";
+# server-name "toccata.fugue.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts. These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP. Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+# hardware ethernet 08:00:07:26:c0:a5;
+# fixed-address fantasia.fugue.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that. The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+# match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+# subnet 10.17.224.0 netmask 255.255.255.0 {
+# option routers rtr-224.example.org;
+# }
+# subnet 10.0.29.0 netmask 255.255.255.0 {
+# option routers rtr-29.example.org;
+# }
+# pool {
+# allow members of "foo";
+# range 10.17.224.10 10.17.224.250;
+# }
+# pool {
+# deny members of "foo";
+# range 10.0.29.10 10.0.29.230;
+# }
+#}
@@ -0,0 +1 @@
+DAEMON_CONF="/etc/hostapd/hostapd.conf"
@@ -0,0 +1,36 @@
+interface=wlan0
+driver=nl80211
+
+# YOUR BRIDGE NAME
+bridge=br0
+
+# YOUR COUNTRY HERE
+country_code=US
+ieee80211d=1
+
+# MODIFY YOUR SSID HERE
+ssid=Deputy
+
+# CHANGE MODE HERE IF NEEDED
+hw_mode=g
+
+# CHANGE CHANNEL EVENTUALLY
+channel=6
+
+wme_enabled=0
+macaddr_acl=0
+auth_algs=1
+
+# WE USE WPA2
+wpa=2
+
+# MODIFY YOUR PASSPHRASE HERE
+wpa_passphrase=downwithfob
+
+wpa_key_mgmt=WPA-PSK
+wpa_pairwise=TKIP
+rsn_pairwise=CCMP
+
+## iphone stuff?
+ieee8021x=0
+eap_server=0
@@ -0,0 +1,27 @@
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+auto eth0
+iface eth0 inet dhcp
+pre-up iptables-restore < /etc/iptables.rules
+post-down iptables-save > /etc/iptables.rules
+
+# wireless
+auto wlan0
+iface wlan0 inet dhcp
+wireless-mode master
+wireless-essid deputy
+
+#Bridge interface
+auto br0
+iface br0 inet static
+ address 10.1.1.1
+ network 10.1.1.0
+ netmask 255.255.255.0
+ broadcast 10.1.1.255
+ bridge-ports wlan0
+
+# Example to keep MAC address between reboots
+#hwaddress ether DE:AD:BE:EF:CA:FE
+
@@ -0,0 +1,18 @@
+# Generated by iptables-save v1.4.10 on Fri Feb 17 16:23:50 2012
+*filter
+:INPUT ACCEPT [8:658]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [3:412]
+-A FORWARD -s 10.1.1.0/24 -o eth0 -j ACCEPT
+-A FORWARD -d 10.1.1.0/24 -i eth0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+COMMIT
+# Completed on Fri Feb 17 16:23:50 2012
+# Generated by iptables-save v1.4.10 on Fri Feb 17 16:23:50 2012
+*nat
+:PREROUTING ACCEPT [2:137]
+:INPUT ACCEPT [2:137]
+:OUTPUT ACCEPT [2:240]
+:POSTROUTING ACCEPT [2:240]
+-A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE
+COMMIT
+# Completed on Fri Feb 17 16:23:50 2012
@@ -0,0 +1,61 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+# Enabling this option disables Stateless Address Autoconfiguration
+# based on Router Advertisements for this host
+#net.ipv6.conf.all.forwarding=1
+
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+vm.min_free_kbytes = 8192
@@ -0,0 +1,40 @@
+package "bridge-utils"
+package "iptables"
+package "dhcp3-server"
+package "hostapd"
+
+cookbook_file "/etc/network/interfaces" do
+ source "interfaces"
+ mode "0644"
+end
+
+cookbook_file "/etc/sysctl.conf" do
+ source "sysctl.conf"
+ mode "0644"
+end
+
+cookbook_file "/etc/iptables.rules" do
+ source "iptables.rules"
+ mode "0644"
+end
+
+cookbook_file "/etc/dhcp/dhcpd.conf" do
+ source "dhcpd.conf"
+ mode "0644"
+end
+
+cookbook_file "/etc/default/dhcp3-server" do
+ source "dhcp3-server"
+ mode "0644"
+end
+
+cookbook_file "/etc/hostapd/hostapd.conf" do
+ source "hostapd.conf"
+ mode "0600"
+end
+
+cookbook_file "/etc/default/hostapd" do
+ source "hostapd"
+ mode "0644"
+end
+

0 comments on commit 2e96dba

Please sign in to comment.