12
Configuration
The changes below assume an OpenWrt default configuration, the
relevant files are:
·
/etc/config/network
·
/etc/config/wireless
·
/etc/config/dhcp
·
/etc/config/firewall
Edit /etc/config/network and define a new interface section:
config 'interface' 'wifi'
option
'proto' 'static'
option
'ipaddr' '192.168.2.1'
option
'netmask' '255.255.255.0'
|
Note that no ifname option is set
here, it is not required since the wireless network will reference this section
later.
Make sure that the chosen IP address is in a different
subnet than the one used by the lan interface.
|
In /etc/config/wireless, locate the existing wifi-iface section and change its network option to
point to the newly created interface section.
config
'wifi-iface'
option 'device' 'wl0'
option 'network' 'wifi'
option
'mode' 'ap'
option
'ssid' 'OpenWrt'
option
'encryption' 'none'
|
In the existing section, network was changed to
point to the wifi interface defined in the previous step.
Optionally change the last line for option encryption 'psk2' and add the line option
key 'secret key' to enable WPA encryption
Since wireless is not bridged to LAN anymore, no DHCP leases
are served to wireless clients yet. In order to support DHCP on
wireless as well, a new dhcp pool must be defined in /etc/config/dhcp:
config 'dhcp' 'wifi'
option
'interface' 'wifi'
option
'start' '100'
option
'limit' '150'
option
'leasetime' '12h'
|
By default, traffic originating from the
wireless network is not allowed to reach the WAN or the LAN
interface. There is also no firewall zone defined for it yet, so only the
default policies apply to the wireless network.
Edit /etc/config/firewall and add new zone section covering the wifi interface:
config
'zone'
option
'name' 'wifi'
option
'input' 'ACCEPT'
option
'output' 'ACCEPT'
option
'forward' 'REJECT'
|
Now that the zone is defined, traffic forwarding
control for the wireless network can be implemented. To allow wireless clients
to use the WAN interface, add the following forwarding section:
config
'forwarding'
option
'src' 'wifi'
option
'dest' 'wan'
|
If LAN clients should be able to contact wireless clients, add the
following forwarding:
config
'forwarding'
option 'src' 'lan'
option
'dest' 'wifi'
|
To allow wireless clients to reach the LAN network, add the
reversed rule below as well:
config
'forwarding'
option 'src' 'wifi'
option
'dest' 'lan'
|
1.
Enable the new wireless network
2.
ifup wifi
wifi
3.
Restart the firewall
/etc/init.d/firewall restart
4.
Restart the DHCP service
/etc/init.d/dnsmasq restart