ߜ Encryption type (default is Disabled; you should really enable this): This is currently a secure type of encryption, but it does require more work on your PC to properly set it up. And for my favorite subject, encryption type, I recommend using at least the minimum of WPA-PSK. Earlier, I recommend Disabled, but that was just for the initial setup. After you have your setup working, I recommend you change this to Enabled. The extra work is worth the extra peace of mind it gives you. ߜ Passkey or shared key: Your choices are WPA Pre-Shared key, WPA RADIUS, RADIUS, and WEP. RADIUS is a server that you’ll need to install. (It’s one of the available packages.) I don’t cover that in this book, so don’t use the RADIUS settings. When you select your key, make sure it’s a decent key that can’t be easily guessed. Mine is . . . I’m not telling! If you’ve disabled the encryption type, you can leave this blank. If you’re using a JavaScript-blocking application (such as NoScript in Firefox), make sure that you enable it for this site (http://192.168.1.1/). Without it, you won’t be able to do much with OpenWrt’s Web interface because it relies on Javascript. Upgrading Your WAP to OpenWrt These instructions assume you’re using the original Linksys firmware for your WAP. If you’re using another third-party firmware, the instructions will be different, and I recommend you visit the third party’s Web site for upgrade instructions. If you already have your WAP configured, make sure you copy the important information such as IP addresses, masks, DNS, hostname, ESSID, channel number, encryption type, and key. You can use the worksheet to write down your existing information. You need to reset the WAP to its fac- tory defaults; otherwise, very odd problems can occur. Now that you’ve written down the important information and reset the WAP to factory defaults, it’s time to start the upgrade — but first, read the follow- ing points that can save you trouble while you perform the upgrade. It’s very important that the upgrade process not be interrupted while it’s going on. So here are a few rules to follow: ߜ Don’t use the wireless connection to perform your upgrade. If you’re knocked off the wireless connection while in the middle of the upgrade, you can brick (render useless) your WRT54GL. There are recovery meth- ods, but they’re difficult to perform. ߜ Don’t let your cables (the power or Ethernet) hang out. Dangling cables can trip someone. Make sure that the cables can’t entangle even your own feet. One kick, and it’s a brick! 78 Part II: Connecting Multiple Computers without the Wires 09_598236 ch04.qxp 6/27/06 7:40 PM Page 78 ߜ Don’t upgrade during inclement weather. If a thunderstorm or other weather event might knock out the power, I advise you not to do the upgrade until the weather is better. ߜ Don’t wander off. During the upgrade of my WRT54GL, Firefox popped up a message saying that the script was taking too long and asked whether I would like to continue or cancel. I clicked continue several times until my router finally rebooted. When your router finally finishes the upgrade, it will reboot on its own. (The power link light will start blinking, and other lights will follow.) I don’t know whether the script continues on its own or whether the script simply stops and waits for your reply. (I wasn’t going to take a chance; I’m not as thick . . . as a brick.) After you make sure you aren’t committing any of the preceding list of don’ts, here is what you do to perform the upgrade: 1. Open a terminal session on your computer. 2. Type su - and press Enter (enter the password for root). 3. If you aren’t using the 192.168.1.0 network, type ifconfig eth0:1 192.168.1.19 and press Enter. If you are using the 192.168.1.0 network, you can skip this step. This step is really important if you aren’t using the 192.168.1.0 network. This step enables you to get to the WRT54GL when it’s reset to its fac- tory setting. This is because the WRT54GL is on the 192.168.1.0 network. Its address will be 192.168.1.1 when it’s done. 4. Connect your WRT54GL to your local LAN and use port 1. (Refer to Figure 4-1.) Do not connect your Internet connection at this time. You do that later. 5. Open your browser to your WRT54GL’s IP address. If it’s a WRT54GL that you’ve had for a while, use your existing address. If it’s a brand new WRT54GL, use the URL http://192.168.1.1/. You’ll be greeted by the Linksys Setup page. (See Figure 4-2.) 6. Reset the config to its factory defaults by starting at the main Web page. Click the Administration link. 7. Click the Factory Defaults link. 8. Click OK. 9. It might be necessary to re-enter the URL http://192.168.1.1/ into your browser if a timeout error appears in your browser. 10. Click the Administration link. 11. Click the Firmware Upgrade link. (See Figure 4-3.) 79 Chapter 4: Creating a Wireless Access Point 09_598236 ch04.qxp 6/27/06 7:40 PM Page 79 Figure 4-3: Firmware upgrade. Figure 4-2: The Linksys Setup page. 80 Part II: Connecting Multiple Computers without the Wires 09_598236 ch04.qxp 6/27/06 7:40 PM Page 80 12. Click Browse and look on the CD for the binary file: openwrt-open- wrt-wrt54g-squashfs.bin. It’s under the chapter04/OpenWRT/bin directory. 13. Select upgrade and wait. (See Figure 4-4.) 14. Wait patiently by your computer! This will take several minutes. (It took me less than five minutes, but it did seem like forever.) Configuring Your WAP After you have OpenWrt on the WRT54GL (see the preceding section), you can configure it. Just follow these steps: 1. In your browser, open the URL http://192.168.1.1/. You’re greeted by the OpenWrt welcome screen. (See Figure 4-5.) 2. Click the >>Router Info<< link near the top of the page. Figure 4-4: Firmware upgrade in progress. 81 Chapter 4: Creating a Wireless Access Point 09_598236 ch04.qxp 6/27/06 7:40 PM Page 81 The router will ask you to enter a new password for root. root is your login name. (It’s lowercase.) 3. Carefully enter your password (once in each entry box). Click the Save Changes button when you’re done. 4. Click the white Systems link. 5. Enter your hostname from your worksheet. You can name it just about anything you want. 6. Change the boot_wait to Enable. 7. Change the Language entry to the language of your choice. 8. Click the Apply Changes link and then click the Save Changes button. 9. Click the Network link. You’re greeted by the LAN configuration screen. (See Figure 4-6.) 10. Enter your IP address, netmask, and default gateway from your LAN worksheet. You can also add local DNS servers (if any). Most homes don’t have a DNS server. Yeah, I have one; I have many devices. Figure 4-5: OpenWrt welcome page. 82 Part II: Connecting Multiple Computers without the Wires 09_598236 ch04.qxp 6/27/06 7:40 PM Page 82 11. Click the Save Changes button. Don’t click the Apply Changes link at this time because it might drop your connection. 12. Reconnect with your browser and enter the login ID (root) and pass- word (the new password you just entered). 13. Click the WAN link. You’re greeted by the WAN configuration screen. (See Figure 4-7.) 14. Select your connection type and enter your WAN/Internet information from the worksheet. The page will change appearance to match the connection type. 15. Click the Save Changes button. 16. Click the Wireless link. You’re greeted by the LAN configuration screen. (See Figure 4-8.) 17. Enter the information from the Wireless worksheet, click Apply Changes, and then click Save Changes. Now you can connect your Internet cable to the Internet port on your WAP. Figure 4-6: OpenWrt LAN config page. 83 Chapter 4: Creating a Wireless Access Point 09_598236 ch04.qxp 6/27/06 7:40 PM Page 83 Figure 4-8: OpenWrt wireless configur- ation page. Figure 4-7: OpenWrt WAN config page. 84 Part II: Connecting Multiple Computers without the Wires 09_598236 ch04.qxp 6/27/06 7:40 PM Page 84 Touring OpenWrt After configuring your WAP, you probably want to take a tour of it. If you want to have a look at the command line interface, open a terminal window and type ssh root@192.168.1.1 (replace the IP address with new your LAN IP address). I don’t describe that here because the Web interface will cover most of your needs, but it’s nice to know it’s there. Enter the URL http://192.168.1.1/ (replace the IP address with your new LAN IP address) in your browser and you should be greeted by a request for your login ID and password. Enter root and the password. After that, you’ll be greeted by the main Web page. (Refer to Figure 4-5.) The main Web page features these links across the top: ߜ Info: This is the general information shown on the main page in Figure 4-5, which appears earlier in this chapter. ߜ Status: Clicking this link shows you the router’s status for Connections, LAN DHCP, and Wireless. (See Figure 4-9.) ߜ System: Click this link to see system settings, passwords, and installed and available software and firmware upgrades. (See Figure 4-10.) ߜ Network: Click this link for the LAN, WAN, Wireless, DHCP, and Firewall settings (Refer to Figure 4-6.) Figure 4-9: OpenWrt status page. 85 Chapter 4: Creating a Wireless Access Point 09_598236 ch04.qxp 6/27/06 7:40 PM Page 85 One of the nice things about OpenWrt is that the pages aren’t spread out. Everything is kept simple. There are two screens I’d like to direct your attention to. The first is the Configured Hosts screen, which you access by clicking the Network link and then the Hosts link. On this page is a Static IP Addresses section (for DHCP), as shown in Figure 4-11. Here, you can enter the MAC address (usually found on the device, such as an IP camera) and assign it an IP address. Entering this information here ensures that the same IP address is given to the device every time. Otherwise, DHCP can give it any address that’s available. You enter the MAC address (which looks like this: AA:00:04:00:04:01) and the IP address and click the Add button. On my network, I have a long list of cam- eras, printers, and other devices. It’s important to know the IP address of anything that has a Web server because you can’t easily guess it. The second screen is the Firewall Configuration screen. To see it, click the Firewall link (which is next to the Hosts link). In Chapter 18, I show you how to set up ssh on your Linux server so that you can securely access it from anywhere on the Internet. To do that, you must punch a hole in your firewall. Figure 4-10: OpenWrt system page. 86 Part II: Connecting Multiple Computers without the Wires 09_598236 ch04.qxp 6/27/06 7:40 PM Page 86 Normally, ssh uses port 22, but that port quickly comes under attack, so I advise you to use another port number, such as 13218 (which is the example from Chapter 18). On the Firewall page (see Figure 4-12), select Forward from the New Rule drop-down list and then click the Add button. Now, select Destination Ports and click the Add button. This adds a new field. In this field, enter the port number 13218; in the Forward field, enter the IP address of your Linux server; and in the Port field, enter 13218. When you’re satisfied with the information, click the Save button. I want to point out one more important link: the Installed Software link. From the main page, click the System link and then click the Installed Software link. You’ll be greeted by a long list of installed and available software. Click the Update Package Lists link so that you can get an updated list of what’s avail- able. Then scroll down past what’s installed to what’s available. That’s a pretty impressive list. Remember that you can’t install it all because you have only about 2MB of flash memory free for packages. Also be wary of removing packages; think before you remove anything. If you remove something impor- tant, you could turn your WAP into a brick (a useless piece of equipment). Figure 4-11: Enter your IP addresses here to ensure consistency. 87 Chapter 4: Creating a Wireless Access Point 09_598236 ch04.qxp 6/27/06 7:40 PM Page 87 [...]... static, R - RIP, O - OSPF, I - ISIS, B - BGP, > - selected route, * - FIB route K>* 0.0.0.0/0 via 192.168. 24. 2 54, eth0 C>* 127.0.0.0/8 is directly connected, lo K>* 169.2 54. 0.0/16 is directly connected, eth0 O 192.168.1.0/ 24 [110/10] is directly connected, eth0, 02:18:07 C>* 192.168.1.0/ 24 is directly connected, eth0 O>* 192.168.2.0/ 24 [110/20] via 192.168.1.1, eth0, 02:01 :46 O 192.168. 24. 0/ 24 [110/10]... for Free password Zebra enable password Zebra ! interface eth0 ip ospf cost 10 ipv6 nd suppress-ra ! interface lo ! interface sit0 ipv6 nd suppress-ra ! router ospf ospf router-id 0.0.0.1 network 192.168.1.0/ 24 area 0.0.0.0 network 192.168. 24. 0/ 24 area 0.0.0.3 default-information originate always metric 110 ! ip forwarding ! line vty ! Quagga# sh ip route Codes: K - kernel route, C - connected, S -. .. ################################################## 7 14/ 7 14 Added 3 14 new packages, deleted 0 old in 3.29 seconds Parsing package install arguments Resolving Dependencies > Populating transaction set with selected packages Please wait -> Downloading header for quagga-devel to pack into transaction set quagga-devel-0.98. 5 -4 .i38 100% |=========================| 13 kB 00:00 -> Package quagga-devel.i386 0:0.98. 5 -4 set to be updated >... ! OpenWrt# sh ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - ISIS, B - BGP, > - selected route, * - FIB route O>* 0.0.0.0/0 [110/110] via 192.168.1.19, br0, 01:03:21 C>* 127.0.0.0/8 is directly connected, lo O 192.168.1.0/ 24 [110/10] is directly connected, br0, 02:05 :48 C>* 192.168.1.0/ 24 is directly connected, br0 O 192.168.2.0/ 24 [110/10] is directly connected,... quagga-contrib.i386 0.98. 5 -4 core Matched from: quagga-contrib contrib tools for quagga Contributed/3rd party tools which may be of use with quagga http://www.quagga.net (continued) 93 94 Part II: Connecting Multiple Computers without the Wires Listing 5-3 (continued) quagga.i386 0.98. 5 -4 core Matched from: quagga Quagga is a free software that manages TCP/IP based routing protocol It takes multi-server... RIPng (IPv6) protocol Chapter 5: Routing Network Traffic for Free • disable-ospfd: This turns off support for the OSPF (v2 and v3) protocol • disable-ospf6d: This turns off support for the OSPF IPv6 protocol • disable-bgpd: This turns off support for the BGP (v4 and v4+) protocol • enable-isisd: Finally, this one turns on support for the IS-IS protocol By default, the configure script sets up the... information 103 1 04 Part II: Connecting Multiple Computers without the Wires Listing 5-8 : Various Networking Commands on the Linux PC [root@Quagga ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:11:22:33 :44 :55 inet addr:192.168. 24. 1 Bcast:192.168. 24. 255 Mask:255.255.255.0 inet6 addr: fe80::211:22ff:fe33 :44 55/ 64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets :49 0215 errors:0 dropped:0... MULTICAST MTU:1500 Metric:1 RX packets :49 0215 errors:0 dropped:0 overruns:0 frame:0 TX packets :40 6717 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes :49 0751 549 (46 8.0 MiB) TX bytes :48 340 7 14 (46 .1 MiB) Interrupt:18 Base address:0xa000 eth0:1 Link encap:Ethernet HWaddr 00:11:22:33 :44 :55 inet addr:192.168.1.19 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST... ߜ My Linux HA server, named Quagga, is participating in two OSPF areas (0 and 3) and is redistributing the default route ߜ The WRT54GL, called OpenWrt, is also participating in two areas (0 and 1) Wireless Laptop Broadband Router OpenWRT Internet 3 192.168.2.0 Area 1 Figure 5-3 : Routing in your home network PC 2 1 1 2 54 192.168. 24. 0 Area 3 1 Linux HA Server 192.168.1.0 Area 0 Quagga 19 Listing 5-8 contains... daemon separately • enable-snmp: This turns on SNMP (Simple Network Management Protocol) support • disable-ipv6: This option turns off support for all IPv6 routing • disable-zebra: This turns off support for the Zebra routing manager • disable-ripd: Choose this option to turn off support for the RIP (v1 and v2) protocol • disable-ripngd: With this, you turn off support for the RIPng (IPv6) protocol . WAP. Figure 4- 6 : OpenWrt LAN config page. 83 Chapter 4: Creating a Wireless Access Point 09_598236 ch 04. qxp 6/27/06 7 :40 PM Page 83 Figure 4- 8 : OpenWrt wireless configur- ation page. Figure 4- 7 : OpenWrt WAN. Wires 09_598236 ch 04. qxp 6/27/06 7 :40 PM Page 80 12. Click Browse and look on the CD for the binary file: openwrt-open- wrt-wrt54g-squashfs.bin. It’s under the chapter 04/ OpenWRT/bin directory. 13 Downloading header for quagga-devel to pack into transaction set. quagga-devel-0.98. 5 -4 .i38 100% |=========================| 13 kB 00:00 > Package quagga-devel.i386 0:0.98. 5 -4 set to be updated