Custom 802.11g Access Point (Soekris 4801-50 and Belkin F5D7000)
At home I run a rather complex network, I take the chance with my home network to mirror and experiement with some of the concepts that we use at work. I have a heavily subnet’d/vlan’d network, each server sits on a /30 point to point, all network devices have a management IP and if possible it’s on the management vlan, the VoIP network is again seperate.
I decided to create two main client networks, these are known as the “inner lan” and “outer lan”, in the “inner lan” we have the trusted periment computers this is the least restricted subnet, the router still has a default to deny policy, but there are many more open ports. The “outer lan” on the otherhand has absolutly no access to other networks.
The idea is that untrusted computers are put on the “outer lan” and they must either by VPN/IPsec tunnels, proxys or a closed garden except a log in before allowed through. So what does this have to do with a 11g access point?
I intend to run open access points so that anyone can log onto the AP, once they have they are placed in the “outer lan” and must validate in order to gain access to the rest of the network or internet.
Consumer access points have come a long way in the five years that I have been using them, however there is something quite critical to my plan that prevents me from using one, commercial access points support this feature, but you’re looking at shelling out over £200 (at least).
The problem is that all APs are configurable over IP, this means their IP is reachable once logged onto wireless lan. I trust my “outer lan” router to be secure, however there are numerious issues with various APs that could be exploited.
So what do I need? I need to be able to put the APs IP on a seperate VLAN and trunk that back to the feeding switch. This relativly simple function isn’t available until you start spending serious money. I put my mind to it and woundered how I could do it on the cheap.
I already had a Soekris single board computer, it is a 266Mhz 586 processor with 128Mb of RAM, there’s a compact flash slot, a mini-pci slot, and importantly to me a full size 3.3V PCI slot.
I did some research about 802.11g PCI cards and my favourite OS (FreeBSD) and found that the Belkin F5D7000 PCI card was supported by the “ral” driver. First step was to build a small version of FreeBSD that would be able to run on the Soekris, I found the guide for miniBSD was very help full and without tuning makes an image of about 13Mb (with tweaking, lighttpd and php5-fastcgi I have managed 15Mb).
So I took the Soekris appart and on my work bench ran the SBC with the PCI card and was happily suprised to find that it was capable of acting as access point.
This was fine until disaster struck, occasionally when transfering data (probably due to the speed of moving data between the CPU and the network cards), the onboard nic would stop recieving data. It turns out that if the sis chip overflows it’s DMA recieve buffer the card shuts down the RX engine. I did some more research and developed a patch that stoped the network card from stopping.
I now have a fully working access point and with the help of the ral, sis, if_bridge and vlan drivers I have been able to build an AP I would have had to pay of £200 for.
So how much did it actually cost… the Soekris 4801-50 cost £115, the Belkin F5D7000 was £17 and a 64Mb CF card was free with a digital camera of the past. You maybe thinking that £132 is not that cheap, but because this is running FreeBSD you can do anything you want with it still, plug in ng_flow and generate netflows for auditing, if WPA is your thing then hostapd will help you.
If anyone wants any hints of what I did then leave me a comment (w/ email) and I’ll get back to you.