Create a wireless local area network
To create a wireless local area network, you set up an access point.
It is fairly simple to setup an AP in linux. This is how I did.
I purchased a D-Link DWL-G520 pci card. You need a card that supports Master mode. Check this (linux-wless.passys.nl) site for compatibility with Linux, I think ndiswrapper doesn't have support for Master mode, not sure though.
Creating the AP
Then if your interface is ath0:
$ iwconfig ath0 mode Master $ iwconfig ath0 essid "LinuxAP" $ ifconfig ath0 192.168.1.1 up
I chose an IP that wasn't in my wired LANs subnet. Now you should be able to see the AP if you scan for APs.
Configure statically your client's card
Then on the client side (if your interface is ath0) you do:
$ iwconfig ath0 mode Managed $ iwconfig essid "LinuxAP" $ iwconfig ap 00:11:22:AA:22:11 $ ifconfig ath0 192.168.1.10 netmask 255.255.255.0 up $ route add -net default gw 192.168.1.1
It's not always necessary to specify the mac address for the ap, but sometimes it's a good thing. As you can see I chose an ip that was in the same subnet as the ap, it's important.
DHCP server, firewall and stuff
Now, that was the static ip way and you probably want a dhcp-server and some firewall-rules for the ap. Guess what... here they come!
iptables
I have some rules with iptables in a script:
#!/bin/sh IPTABLES='/sbin/iptables' EXTIF='eth0' INTIF='eth1' WLAN='ath0' WAN='85.235.31.133' /bin/echo 1 > /proc/sys/net/ipv4/ip_forward $IPTABLES -F $IPTABLES -X $IPTABLES -X -t nat $IPTABLES -F -t nat $IPTABLES -X -t filter $IPTABLES -F -t filter # enable masquerading to allow LAN internet access $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE # forward LAN traffic from $INTIF1 to Internet interface $EXTIF $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -m state --state NEW,ESTABLISHED -j ACCEPT # allow ping $IPTABLES -A INPUT -p icmp -i $EXTIF -j ACCEPT # Allowing access to the FTP server" $IPTABLES -A INPUT -i $EXTIF -p tcp --dport 21 -j ACCEPT # Allowing access to the ssh server on port 2200 (I've changed it) $IPTABLES -A INPUT -i $EXTIF -p tcp --dport 2200 -j ACCEPT # block out all other Internet access on $EXTIF $IPTABLES -A INPUT -i $EXTIF -m state --state NEW,INVALID -j DROP $IPTABLES -A FORWARD -i $EXTIF -m state --state NEW,INVALID -j DROP
dnsmasq
And my dnsmasq.config looks like this:
resolv-file=/etc/resolv.conf no-poll domain-needed bogus-priv strict-order interface=ath0 dhcp-range=192.168.1.10,192.168.1.50,12h interface=eth1 dhcp-range=192.168.0.10,192.168.0.50,12h # alice and bob are declared in /etc/hosts dhcp-host=00:0A:E4:52:6B:12,alice dhcp-host=00:40:CA:45:10:9C,bob dhcp-authoritative
And that's it! Just run the script, start dnsmasq and connect to the ap described in the top of this wiki.
stuff
By the way, if you want to ping some host in the 192.168.0.0 subnet make sure that you don't have another interface that's not alive with an ip in that subnet. So if you have an ordinary wired card eth0 with an ip in the 192.168.0.0 subnet (but no cable in maybe) make sure that you bring that interface down.
$ ifconfig eth0 down
Now you can ping hosts in that subnet with your wifi card.