Wireless Linux Networking made easy

Updated 9.16.2003

Well the time had come. My wife wanted a wireless connection for her laptop despite my pleas that it was insecure and much slower than our wired network. These caveats aren’t of any concern to her, she want to sit on the sofa and surf. Fair enough, off to Frys I go.
Her laptop runs WindowsXP, so any card I throw in it should work, so I opt for the cheapest card I see, a Airlink WLC010 PCMCIA card. (I never heard of this brand before, think Bob’s Computer Parts.) It’s based on the Prism chip and is damn cheap, $29. Now I need a PCI card that has Linux drivers. Uh-oh. None of the products at Frys make such a statement on the box so I ask one of the *knowledgeable* sales guys who tells me that the Netgear MA311 PCI card will work, just download the drivers from their website. Well, turns out, Netgear apparently has never heard of Linux, and I was suckered into buying the $80 card when the $40 Airlink (Bob’s) would have worked. Oh well, I’ll be sure to shoplift something worth $40 next time I’m there. Now faced with the task of finding drivers for this card and the ever-growing impatience of my wife, I once again turn to Google.
After searching for about an hour, and investigating several options, I come to two conclusions:

  • 1. Fry’s really sucks. What the hell? At least be honest and say “I don’t have a freaking clue.” Make that $45 dollars worth the shoplifting, and maybe vandalize the bathroom a little bit while I’m there, too.
  • 2. Dispite the MS Frontpage template website from hell, (ahh, sweet, sweet irony…) the linux-wlan site, http://www.linux-wlan.com , looks like a pretty good option.

A quick look at the README (you know, the file with all the answers that nobody ever reads) reveals that RPMS are available here: http://prism2.unixguru.raleigh.nc.us . Hey, I’m not too proud to admit that I’m lazy! So I got them and installed them. I had to set up a couple of things but overall, unlike the service at Frys, it was pretty painless.

This is how I did it.
Per the instructions, I verified my hardware platform by checking the contents of /boot/kernel.h.

[root@milkbar root]# more /boot/kernel.h
/* This file is automatically generated at boot time. */
#ifndef __BOOT_KERNEL_H_
#define __BOOT_KERNEL_H_

/* Kernel type i686 */

I also verified my kernel version by typing uname –a.

[root@milkbar root]# uname -a
Linux ibm.et.com 2.4.20-20.9 #1 Mon Aug 18 11:45:58 EDT 2003 i686 i686 i386 GNU/Linux

So I grab the correct RPMS and the source RPM.
I run rpm –ivh *.rpm and off we go. I answer a few questions, it spits out some text, and its finished. I actually thought that it didn’t work because it went so quick and smoothly.

The next thing you’ll have to do is edit your conf files. First verify/change the IP settings for wlan0 to meet your networks requirements. Note I have commented out GATEWAYDEV. Since this system has several networks, having several gateways would break things.

[root@milkbar root]# vi /etc/sysconfig/network-scripts/ifcfg-wlan0

DEVICE=wlan0
ONBOOT=yes
BOOTPROTO=static # change this to static to specify an IP addr
IPADDR=192.168.0.1
NETMASK=255.255.255.0
NETWORK=192.168.0.0
BROADCAST=192.168.0.255
#GATEWAYDEV=wlan0 # this is for setting default route
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes # this lets DHCP define the DNS setup

Next things to edit are in the /etc/wlan. First edit your wlan.conf and tell it the name of your SSID (think wireless network name). Accept defaults except for the SSID. Let’s say that I want the name of my network to be clockworkorange:

[root@milkbar wlan]# vi wlan.conf

SSID_wlan0=”clockworkorange”
ENABLE_wlan0=y

Now copy the wlancfg-DEFAULT to the name of your new SSID and edit. My goals here are to make an Adhoc network (think peer-to-peer) that uses 128 bit WEP encryption.

[root@milkbar wlan]# cp wlancfg-DEFAULT wlancfg-clockworkorange

You can enter a text string that will be hased into WEP keys or generate your own using /sbin/nwepgen and fill them in. I tried to have mine generated automatically, but it never worked until I made my own and put them in. Here are the relevant parts of my wlancfg-clockworkorange.

[root@milkbar wlan]# nwepgen
nwepgen: generates Neesus Datacom compatible WEP keys from a string
Usage: nwepgen

[root@ibm wlan]# /sbin/nwepgen rassoodocks 13
68:f2:41:82:63:40:d7:79:91:c0:7f:4c:f6
31:89:59:8e:75:de:38:99:97:ee:e6:36:0c
e9:23:33:39:32:18:24:36:11:3d:b2:d2:a8
7a:36:d7:28:8d:87:8f:44:ab:0f:86:e6:6a
[root@milkbar wlan]#

[root@milkbar wlan]# vi wlancfg-clockworkorange

IS_ADHOC=y
lnxreq_hostWEPEncrypt=true
lnxreq_hostWEPDecrypt=true
dot11PrivacyInvoked=true
dot11WEPDefaultKeyID=0
dot11ExcludeUnencrypted=true
dot11WEPDefaultKey0=68:f2:41:82:63:40:d7:79:91:c0:7f:4c:f6
dot11WEPDefaultKey1=31:89:59:8e:75:de:38:99:97:ee:e6:36:0c
dot11WEPDefaultKey2=e9:23:33:39:32:18:24:36:11:3d:b2:d2:a8
dot11WEPDefaultKey3=7a:36:d7:28:8d:87:8f:44:ab:0f:86:e6:6a
AuthType=”sharedkey”

Now just restart the relevant services and you should see you new wireless network.

[root@milkbar wlan]# service network restart
[root@milkbar wlan]# service wlan restart

NOW SECURE ACCESS TO YOUR WIRELESS NETWORK!!!

I use a “defense-in-depth” approch and use IPTables to limit what IP’s and ports that can get on the system. I also use NoCatAuth from http://www.nocat.net to make it just a little more painful for would-be droogs, war-drivers, netstumblers and the like. I also found a nice little piece of software that generates thousands of fake AP names to further obscure your network. Have fun with that one!

Now back to Frys to give their bathroom a few lashings of the old ultraviolent…