I just reconfigured my LEAF Bering uClibc router to act as a wireless access point. Previously my wireless network was operating in ad-hoc mode, which caused some occasional headaches (someone nearby is using a Linksys WiFi router to which my clients occasionally connect. Nothing as bad as what DrBacchus experienced, though, thankfully). The Orinoco Gold card that I'd been using is not supported by HostAP, so I bought a used Microsoft MN-520 PCMCIA wireless adapter for $20. This card uses the Prism2 chipset which is supported by HostAP. (See this page for a rather comprehensive list if you're looking for one.)
... insert obligatory joke about using a Microsoft product to further my Free Software implementations ...
The whole thing was surprisingly easy to set. The only real challenge I experienced was that the LEAF hostap packages do not include the kernel modules necessary! A quick query to the leaf-user mailing list, and I had all the info that I needed. For posterity, here's what I needed to do.
Download and install the following LEAF packages:
Note: The PCMCIA system handles the process of bringing up the wlan0 interface. Once it's up, the system then launches the hostapd daemon.
auto lo iface lo inet loopback
Step 1: configure external interface
auto eth0 iface eth0 inet static address 188.8.131.52 netmask 255.255.255.0 gateway 184.108.40.206
Step 2: configure internal interface
Default: eth1 / fixed IP = 192.168.0.254
auto eth1 iface eth1 inet static address 192.168.0.254 netmask 255.255.255.0 broadcast 192.168.0.255
Step 3: configure WiFi
Default: wlan0 / fixed IP = 192.168.1.254
auto wlan0 -- PCMCIA brings this up
iface wlan0 inet static address 192.168.1.254 netmask 255.255.255.0 broadcast 192.168.1.255 up /usr/sbin/hostapd -B /etc/hostapd/hostapd.conf
interface=wlan0 debug=0 dumpfile=/tmp/hostapd.dump ssid=skippy macaddracl=0 denymacfile=/etc/hostapd/hostapd.deny ownipaddr=127.0.0.1There are a lot more configuration items available; these are only a select few for documentation purposes.
Configure shorewall: /etc/shorewall/zones:
ZONE DISPLAY COMMENTS
net Net Internet loc Local Local networks wifi WLAN Wireless network
ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect dhcp,routefilter,norfc1918 loc eth1 detect dhcp wifi wlan0 detect dhcp
SOURCE DEST POLICY LOG LIMIT:BURST
loc wifi ACCEPT wifi loc ACCEPT wifi net REJECT
INTERFACE SUBNET ADDRESS PROTO PORT(S)
eth0 eth1 eth0 wlan0
ACCEPT wifi fw udp 53,67,68 ACCEPT wifi fw tcp 22,80
squid; allow outbound HTTP / HTTPS from the firewall
ACCEPT fw net tcp 80,443 ACCEPT wifi fw tcp 3128
secured skippy.net services
ACCEPT wifi net:220.127.116.11 tcp 25,443,993,995
Install and configure the LEAF squid.lrp package: /etc/squid/squid.conf:
httpport 3128 cachemem 2 MB maximumobjectsize 1024 KB minimumobjectsize 10 KB maximumobjectsizeinmemory 8 KB ipcachesize 500 ipcachelow 90 ipcachehigh 95 fqdncachesize 10 cachedir ufs /tmp/cache 5 8 32 cacheaccesslog /var/log/access.log cachelog /var/log/cache.log cachestorelog none pidfilename /var/run/squid.pid dnschildren 4 acl alloweddstdomains dstdomain "/etc/squid/okdomains" httpaccess allow alloweddstdomains httpaccess deny all icpaccess allow all cachemgr firstname.lastname@example.org visiblehostname firewall logfilerotate 3 appenddomain .skippy.net forwardedfor onAgain, there are tons more config options. I've tweaked my cache behavior since I'm using this as a policy tool rather than a performance enhancing caching tool. That, and this system is running on a 486 DX4/100 with 32 megs of RAM, 12 of which are allocated to the system in a RAM disk. And I'm currently only providing access to two wireless hosts (unless my neighbors want to access any of the following sites, which is okay by me...) /etc/squid/okdomains:
.microsoft.com .windowsupdate.com .google.com .bbc.co.uk
.skippy.net .upsoclose.com .everythinggirl.com .funbrain.com .nickjr.com .noggin.com .paulysplayhouse.com .scholastic.com .citycreator.com transfer.go.com .disney.com .disney.go.com .pbskids.org .care-bears.com .iknowthat.com .hhmi.org .sanrio.com
Configure dnsmasq to provide DHCP addresses to wireless hosts: /etc/dnsmasq.conf:
BACK UP EVERYTHING.
Done. I hope this helps someone else save a little bit of time and effort.