I have a custom built home security system I am working on using Arch Linux, Zoneminder, and a set of Foscam FI9800P wireless IP cameras.
The system being built has a gigabit ethernet port which I would like to use to connect it to the primary home network to access the Zoneminder web UI. It also has a PCIe wireless card which I would like to use to host a completely separate wireless network isolated from the primary network. This network will be used exclusively for the IP cameras to help eliminate bandwidth usage on the primary network.
The issue I'm running into and can't seem to find a solution for is that I can use create_ap to establish an access point but I want it to be a separate network. All resources I've found searching online describe access points only and nothing regarding a wireless router. There are article on the archwiki for creating a router (which I've followed), and internet sharing (which doesn't detail wireless APs) but I can't find anything for this circumstance.
Can anyone help in either pointing to documentation or detailing any methods to use a Linux based PC as a wireless router?
EDIT (For clarification)
It's mainly just the wireless aspect I need info on. I have another computer on my nework set up nearly the same in a hardwired configuration as my home router, were this two ethernet interfaces I'd be golden, it's the wireless AP and getting it working that I'm having the trouble with.
Answer
This is actually much easier than you think, you just need to install and deploy hostapd and dnsmasq.
hostapd transforms your wifi interface into an access point. There is a pre-condition to this, that the wifi card supports AP mode: you test it as follows,
iw list | less
.....
software interface modes (can always be added):
* AP/VLAN
* monitor
If AP appears where it is, then you are good to go. A typical hostapd configuration file, /etc/hostapd/hostapd.conf, looks like this:
interface=wlan0
driver=nl80211
beacon_int=100
hw_mode=g
ieee80211n=1
wme_enabled=1
country_code=US
ssid=MySSID
ieee80211d=1
channel=3
wpa=2
wpa_passphrase=MySuperSecretPassword
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
auth_algs=1
macaddr_acl=0
ignore_broadcast_ssid=0
#logger_syslog=-1
#logger_syslog_level=2
#logger_stdout=-1
#logger_stdout_level=2
This configuration file does not include the statement
bridge=br0
because you indicated no desire to set up a wired component of the LAN, just the wireless one. The bridge is generally used so that the router appears at the same IP address to both wired and wireless clients, and to simplify routing.
The wifi needs an IP address,
ip addr add 192.168.251.1/24 dev wlan0
and IPv4 forwarding to allow wifi clients to talk to the world. Lastly, you need to setup dnsmasq to setup DHCP and DNS services for your clients. A typical /etc/dnsmasq.conf configuration file looks like this,
domain-needed
bogus-priv
dhcp-authoritative
no-dhcp-interface=eth0
interface=wlan0
server=/someremote.lan/192.168.1.1
local=/my.lan/
server=8.8.8.8
server=8.8.4.4
expand-hosts
domain=my.lan
dhcp-range=192.168.251.32,192.168.251.90,12h
dhcp-host=AA:BB:CC:DD:EE:FF,SomeName,192.168.251.129,12h
dhcp-host=00:11:22:33:44:55,hp-printer,192.168.251.210,12h
dhcp-option=119,my.lan,someremote.lan
dhcp-option=252,"\n"
dhcp-host=AA:11:BB:22:CC:33,ignore
cname=SomeOtherName.my.lan,elastix
where I kept some features which may or may not be of interest to you.
Enable both services via systemctl, make sure the wifi card has an address at boot time, enable MASQUERADING on the internet-connected interface,
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
and you are good to go.
No comments:
Post a Comment