Difference between revisions of "Episode75"

From Security Weekly Wiki
Jump to navigationJump to search
 
Line 1: Line 1:
= Wireless Guest Network =
+
= Wireless Guest Network: Part I =
  
 
Equipment Used:
 
Equipment Used:
Line 14: Line 14:
 
nvram set boot_wait="on"
 
nvram set boot_wait="on"
 
nvram set wan_hostname="myap1"
 
nvram set wan_hostname="myap1"
 +
nvram set wan_proto="none"
  
* Step 3 -
+
* Step 3 - Create a separate VLAN or physical network, preferably with a separate Internet connection.  Put that APs on that subnet.
 +
 
 +
* Step 4 - Harden and perfomance tune OpenWrt - Remove the packages that are not required:
 +
 
 +
ipkg update
 +
 
 +
ipkg remove ppp ppp-mod-ppoe webif haserl kmod-ppp kmod-pppoe
 +
 
 +
ipkg upgrade
 +
 
 +
Disable services not required:
 +
 
 +
cd /etc/init.d
 +
mv S50httpd disabled_S50httpd
 +
mv S50telnet disabled_S50telnet
 +
 
 +
* Step 5 - Enable DHCP on each of the access points:
 +
 
 +
cat > /etc/init.d/S60dnsmasq
 +
#! /bin/ash
 +
 
 +
/usr/sbin/dnsmasq &
 +
 
 +
<CRTL-D>
 +
 
 +
Now, remove the DHCP configuration from the /etc/dnsmasq.conf, and replace it with:

Revision as of 14:40, 3 July 2007

Wireless Guest Network: Part I

Equipment Used:

  • 2 WRT54GLs
  • 2 LINKSYS POE Adapter WAPPOE12 12V
  • OpenWrt "Whiterussian" 0.9
  • Step 1 - Unbox and flash the routers. For the WRT54GL, you must use the web interface to put the initial OpenWrt image on them. (Question, why does Linksys not enable boot_wait by default?). Also, do not use the PoE adapters when flashing!
  • Step 2 - Change the IP address of the routers, enable boot_wait, and set the hostname:

nvram set lan_ipaddr="10.10.10.5" nvram set boot_wait="on" nvram set wan_hostname="myap1" nvram set wan_proto="none"

  • Step 3 - Create a separate VLAN or physical network, preferably with a separate Internet connection. Put that APs on that subnet.
  • Step 4 - Harden and perfomance tune OpenWrt - Remove the packages that are not required:

ipkg update

ipkg remove ppp ppp-mod-ppoe webif haserl kmod-ppp kmod-pppoe

ipkg upgrade

Disable services not required:

cd /etc/init.d mv S50httpd disabled_S50httpd mv S50telnet disabled_S50telnet

  • Step 5 - Enable DHCP on each of the access points:

cat > /etc/init.d/S60dnsmasq

  1. ! /bin/ash

/usr/sbin/dnsmasq &

<CRTL-D>

Now, remove the DHCP configuration from the /etc/dnsmasq.conf, and replace it with: