DESIGN AND IMPLEMENTATION

OF A WIRELESS LAN HOT SPOT

Group members:

M.S.A.Ahamed (E/02A/006)
S.Atchuthan (E/02A/017)
S.M.Rinos (E/02A/217)
Supervisor:

Dr.M.Sandirigama
 Objectives
 The objective of this project is to understand how
routing and IP network security (firewalls and IP
masquerading – Network Address and Port
translation) can be integrated to offer secure wireless
connectivity. Hot spot service.

 Applications:
 WLAN Access Offered in Coffee shop, Airport and
Library …..etc
 Knowledge Gathered
 Functioning of 802.11 based wireless access network
 DHCP daemon (DHCPd) use and configuration
 ipchains use for firewalling and IP masquerading
 Configuring a notebook running Linux to work as a
router and moderately sophisticated security gateway.
 Web-based authentication
 PHP
 Apache Web Server
Configuration Setup
 Setup
 Installed RedHat Linux Enterprise Edition
 Wireless LAN
 DHCP server installation & configuration
 IPchains for IP masquerading
 Shell script
 Wireless LAN
 An Access Point (AP)
 Two USB wireless adapters
 A Linux Server (gateway)
 A windows client
 Driver for the windows was provided by vendor.
 For Linux ZD1211 driver was downloaded , installed
and configured
 Hotplug
 DHCP Server
 Installed during the red hat installation.
 Created dhcpd.conf file -This is the configuration file
for the DHCP daemon, for the wireless network
 Copied the file into /etc.
 Edited /etc/sysconfig/dhcpd
 Created files stores the DHCP client lease database
 touch /var/lib/dhcp/dhcpd.leases
 Start the daemon.
 /etc/rc.d/init.d/dhcpd start
 Shell scripting
 Learned the fundamental of Unix shell
scripting techniques
 Shell programming
 Variables, rules and shell arithmetic
 Programming commands
 echo, if and test commands
 Loop and case statements
 Example script for starting dhcpd
daemon

# vi start_dhcpd.sh
/etc/rc.d/init.d/dhcpd start
# chmod +x start_dhcpd.sh
# ./start_dhcpd.sh
 IPmasquerading
 For a Linux server which has more than one
external interface, it is possible to use the
Linux server as a NAT Firewall.
# ipchains -P forward DENY
# ipchains -A forward -j MASQ -s y.y.y.y/24 -d
0.0.0.0/0

 Filtering by IP address
 # ipchains -A input -j DENY -p all -l -s x.x.x.x/x -d
0.0.0.0/0
 IP masquerading …
 Filtering by port
 # ipchains -A input -j DENY -p tcp -l -s
0.0.0.0/0 -d y.y.y.y/32 513
 # ipchains -A input -j ACCEPT -p tcp -s
x.x.x.x/24 -d y.y.y.y/32 513

 Filtering by interface
 # ipchains -A input -j DENY -p tcp -l -s 0.0.0.0/0 -i
ppp0 -d y.y.y.y/32 80

 Enabling IP forwarding

# echo "1" > /proc/sys/net/ipv4/ip_forward
 Tasks for Next Semester
 Web base Authentication using –apache server
and php.
 Set up script which includes all initializations
and configurations commands.
 Security gateway
 Miscellaneous settings
 Problems encountered
 Couldn’t find a notebook to set up security Gateway,
due to limited resources.
 PCs are used by other people for their projects,
 Couldn’t get an iPAQ to work as a client.
 Problems arose in continuing virtual machine
approach which we mentioned in the last BWR, due
to lack of memory (RAM). We only had 128 MB
memory in our personnel computer. So it became
impossible to test Server and client in computer.
 USB wireless adapter is not suitable for Gateway
 Demonstration

Linux gateway

Access Point

Windows client
Thank you