# FreeBSD as a wireless hotspot?



## mrjayviper (Oct 6, 2012)

I am using the guide from the handbook. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-wireless.html (begins at chapter 32.3.5)
---------------------------
My setup:
1. PC (via em0 and gets an IP in the 192.168.1.x range) => modem/router => WWW

2. Atheros wireless card that has HOSTAP support (check using ifconfig wlan0 list caps)
---------------------------
I tried connecting from the iPad/HTC One X and it seems to work. I get prompted for the passphrase which I supplied correctly. I know it's correct because I get an error message if I supplied a wrong one. 1 thing I notice is that instead of getting an IP in 192.168.0.x range, my iPad gets something that starts with 169. 

I've searched the net but the guides/articles I've seen seems for the older versions

Any suggestions?

Thanks
--------------------------------

```
# [color="Green"]ifconfig wlan0 create wlandev ath0 wlanmode hostap[/color]
# [color="green"]ifconfig wlan0 inet 192.168.0.1 netmask 255.255.255.0 ssid myhotspot mode 11g channel 1[/color]
```

These are the contents of /etc/hostap.conf

```
interface=wlan0
debug=1
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=myhotspot
wpa=1
wpa_passphrase=qwerty
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP TKIP
```


----------



## mamalos (Oct 6, 2012)

Are you sure you're running an DHCP server that is responsible for providing IP's for connecting hosts on your wlan interface? If not, you can try net/isc-dhcp42-server.


----------



## mrjayviper (Oct 6, 2012)

Thank you for that.  Do I also need to setup some firewall rules?


----------



## mamalos (Oct 6, 2012)

If you're running a firewall, then you need to set it up to allow UDP ports 68 and 67, if I remember correctly, but I don't remember directions and destination hosts, I'll have to see some of my configs...If you're running PF, then you can easily see which packets are stopped by running:

`# tcpdump -neti pflog0`

...if you log your dropped packets...


----------



## mrjayviper (Oct 6, 2012)

I'm not running any sort of firewall at the moment. I'm just wondering how traffic will get redirected to the em0 interface with any firewall rules


----------



## mrjayviper (Oct 7, 2012)

I added the following entries to:

*/etc/rc.conf*

```
gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
hostapd_enable="YES"
named_enable="YES"
natd_enable="YES"
natd_interface="em0"
natd_flags=""
ntpd_enable="YES"
```

*/etc/resolv.conf*

```
nameserver 192.168.1.1
```

*ifconfig info*

```
root@myhotspot:/etc/namedb # ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
        ether 00:1c:c0:4c:ea:38
        inet 192.168.1.13 netmask 0xffffff00 broadcast 192.168.1.255
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 2290
        ether f8:d1:11:71:5e:f3
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
        status: running
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0xb
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether f8:d1:11:71:5e:f3
        inet 192.168.13.1 netmask 0xffffff00 broadcast 192.168.13.255
        inet6 fe80::fad1:11ff:fe71:5ef3%wlan0 prefixlen 64 scopeid 0xc
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
        status: running
        ssid myhotspot channel 1 (2412 MHz 11g) bssid f8:d1:11:71:5e:f3
        regdomain 32924 country CN indoor ecm authmode WPA privacy MIXED
        deftxkey 3 TKIP 2:128-bit TKIP 3:128-bit txpower 20 scanvalid 60
        protmode CTS wme burst dtimperiod 1 -dfs
ipfw0: flags=8801<UP,SIMPLEX,MULTICAST> metric 0 mtu 65536
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
```

*netstat info*

```
root@myhotspot:/etc/namedb # netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            192.168.1.1        UGS         0   755723    em0
127.0.0.1          link#11            UH          0        8    lo0
192.168.1.0/24     link#1             U           0  4630985    em0
192.168.1.13       link#1             UHS         0       30    lo0
192.168.13.0/24    link#12            U           0        0  wlan0
192.168.13.1       link#12            UHS         0        0    lo0
```

My iPad has successfully connected to my FreeBSD hotspot and displaying the following info.

```
IP Address: 192.168.13.12
Subnet Mask: 255.255.255.0
Router: 192.168.13.1
DNS: 192.168.1.1
```

Sadly still no net. I tried connecting to my net provider's homepage using its URL and its IP and it's not working. :/


----------



## kpa (Oct 7, 2012)

You have two possibilities:

1) Tell the modem/router how to reach the 192.168.13.0/24 network with a static route. The route should have network set to 192.168.13.0/24 or 192.168.13.0 netmask 255.255.255.0, gateway 192.168.1.13.

2) NAT all traffic from the WLAN network to the external address 192.168.1.13, this solution hides the 192.168.13.0/24 net from the network between the modem/router and the FreeBSD machine.


----------



## mrjayviper (Oct 7, 2012)

kpa said:
			
		

> You have two possibilities:
> 
> 1) Tell the modem/router how to reach the 192.168.13.0/24 network with a static route. The route should have network set to 192.168.13.0/24 or 192.168.13.0 netmask 255.255.255.0, gateway 192.168.1.13.



just configured my modem/router (see attachment).



			
				kpa said:
			
		

> 2) NAT all traffic from the WLAN network to the external address 192.168.1.13, this solution hides the 192.168.13.0/24 net from the network between the modem/router and the FreeBSD machine.



I thought this would be taken care of this entry from */etc/rc.conf*?

```
natd_interface="em0"
```
-------------------

I tried 1st suggestion and still no net. :/


----------



## mrjayviper (Oct 7, 2012)

I got it to work doing NAT using PF (which I've used like 6 years ago). I've removed the firewall/nat and named options in my rc.conf and have replaced those with pf_enable.

------------------

basically it's an open firewall (pass in/out quick all) but the magic that fixed it was 

```
nat on $ext_if from !($ext_if) -> ($ext_if:0)
```

haven't touched PF since I decided to use a billion router many years ago.

Thanks for the help.


----------



## mix_room (Oct 8, 2012)

I'm not sure if this is needed, but I think I had it in when I last built a FreeBSD wireless AP

In /etc/rc.conf

```
gateway_enable="YES"
```
"32.2.4 Building a Router" - http://www.freebsd.org/doc/handbook/network-routing.html

EDIT: Ooops. Just saw that you have already done this.


----------

