# /etc/config/bridge.conf #**************************************************************************** #.- 20070325 version #.- Script modified by Victor Escudero , #.- based on the excellent work of Antonio Anselmi (http://www.blogin.it) #.- ################################################################################################# # Current limitations: # 1) WEP repeating WEP: # If you are planning to repeat a wep encrypted signal, you must select exactly the SAME KEY # key for the interface you are connecting to (ath1 in station mode) and for the # interface acting as the expander AP also in wep. Otherwise although you can connect # through cable (eth0) the wireless signal you are broadcasting might not be utterly functional. # There are no other limitations with wep, so you can even change the authentication mode # from shared to open authentication or viceversa without any problems. # If you are have any concerns about security, its advisable to broadcast the signal with WPA2 # instead and block any attempt to your fonera though a list of authorized macs. # 2) If you are broadcasting a signal with WPA/WPA2 on ath0 as your AP on 'La Fonera' you must # not select bridge_mode, otherwise you would not be able to connect wirelessly. # # FEATURES: # a) convert a non-encrypted signal to wep or wpa/wpa2 # b) convert an encrypted signal to another signal without encryption # c) convert a wep signal from shared to open autentication and viceversa (same wepkeys) # d) convert a wep signal to wpa/wpa2 and viceversa (might have different keys, but wpa/2 signal should not be bridge) # e) switch from wpa/wpa2 to another wpa/wpa2 (might have different keys, but without bridge between ath0 & eth0) # f) Bridge your home router that provides internet connection to your Fonera through cable (normally dhcp) to a wireless # client that connects to your fonera. There is no need to start a dhcp server on your fonera, as your adsl/cable router # will make this for you. Your fonera "bridges" these two networks together so any traffic coming through your fonera from # one side is inmmediately seen on the other. # g) You can join your own home cable/adsl router with another signal of an AP near your Fonera. With this flavour both networks # are "bridge" (join) and at the same time broadcast wirelessly, so you can decide for example which internet connection you # want to use: the connection of your own router of the internet connection provided by the other AP near your home (maybe yours # or maybe one of your neighbour that authorizes you to access internet through his/her AP. This mode is very similar to WDS # (WDS, stands for Wireless Distribution System) but in this scenario you are not bridging two wireless signals together, but # joining one signal coming to your fonera wirelessly (ath1) with another coming from a cable (eth0) # ... # h) .... lot of things you can't even think were possible ################################################################################################# #**************************************************************************** # # NO SPACE BETWEEN = AND VALUE # parameter = value <---- WRONG # parameter=value <---- RIGHT # # #------------------- # only-Acceess-Point #------------------- # set only_AP=1 if you plan to use Fonera only as Access Point (bridging its eth0) # The only-Access-Point mode NEEDS bridge_mode=1 in bridge configuration. # It's also recomended to set kdhcp=1 in order to start DHCP service listening on br0 only_AP=0 # # SSID auto detect kssid=1 # SSID is manual #kssid=0 #SSID_ath0=Fonera_AP # #-------------------------------- # configuring Access Point (ath0) #-------------------------------- # wireless mode #0 Auto select operating mode #1 802.11a (5GHz) mode (54Mbps) #2 802.11b (2.4GHz) mode (11Mbps) #3 802.11g (2.4GHz) mode with 802.11b compatibility (54Mbps) #4 802.11 frequency hopping mode #5 802.11a (5GHz) dynamic turbo mode #6 802.11g (2GHz) dynamic turbo mode (108Mbps) #7 802.11a (5GHz) static turbo mode wMode=0 # # access control list based on MAC # you must create the file /etc/acl_list.conf with # ONLY one mac address per line # 0 no ACL checking is performed # 1 Only allow ACLs in the ACL list # 2 Only deny ACLs in the ACL list aclMode=0 # # Authentication mode # 1 Open auth (This does not set anything as this is the default # 2 Shared auth ath0_authmode=1 # # if you want WEP auth on ath0 # 0 Do not use wep # 1 wep with Ascii key (wep128 => 13chars) # 2 wep with hexadecimal key (26 hex chars) kwep=0 WepKeyAscii_ath0=adminadminadm WepKeyHex_ath0=61646D696E61646D696E61646D # # if you want WPA/WPA2 on ath0 put kwpa=1 kwpa=0 wpapassphrase=adminadminadmin #wpamode could be 1=wpa1, 2=wpa2, 3= both wpa/wpa2 wpamode=3 wpapairwise="TKIP CCMP" # # # 802.11 SSID broadcasting/cloaking on ath0 hideSSID=0 # # !! if you plan to use a bridge you can skip the IP configuration !! # IP configuration for ath0 # wifi iface of your pc must be in this subnet IP_ath0=172.16.110.1 MASK_ath0=255.255.255.0 # #--------------------------------------- # configuring eth0 interface (wired lan) #--------------------------------------- # !! if you plan to use bridge you can skip !! IP_eth0=172.16.120.1 MASK_eth0=255.255.255.0 # #---------------------------------------- # configuring bridge br0 (ath0 - eth0) #---------------------------------------- bridge_mode=0 IP_br0=172.16.130.1 MASK_br0=255.255.255.0 # # ------------ # DHCP service # ------------ # Remember: you must edit /etc/dnsmasq_repeater-.conf, where xxx can be br0 or eth0 & ath0 # depending on your configuration. kdhcp=1 # #------------------------------------- # configuring Station (ath1) #------------------------------------- # Authentication mode # 1 Open auth (this is the default) # 2 Shared auth # 3 802.x auth ath1_authmode=1 # # discovering stronger external AP (ath1_mode=1 automatically sets dhcp, see ath1_dhcp below) ath1_mode=1 # # targeted external AP by SSID #ath1_mode=2 #TargetSsid=outdoor-net # # targeted external AP by MAC #ath1_mode=3 #TargetMac=aa:bb:cc:dd:ee:ff # # targeted external AP via WPA-PSK (WPA personal) # need /etc/wpa_supplicant.conf ! #ath1_mode=4 #TargetWpa=MyPlace # # targeted external AP via WEP (ASCII key) #ath1_mode=5 # key in ASCII #WepKeyAscii_ath1=adminadminadm #TargetWepSsid=signaltoconnectto #TargetWepMac= # # targeted external AP via WEP (hex key) #ath1_mode=6 # key in hex #WepKeyHex_ath1=DB4AD3464898F5AC3E971BFFDF # target SSID or MAC #TargetWepSsid=adsl8398 #TargetWepMac= # # Static Vs dynamic configuration gathered from the external AP ath1_dhcp=1 # # # If you plan to use static IP configuration, choose ath1_dhcp=0 above and select # proper values to these IPs. #IP_ath1=192.168.0.99 #MASK_ath1=255.255.255.0 # default gateway #DFGW=192.168.0.1 # name servers #NAMESERVER1=208.67.222.222 #NAMESERVER2=208.67.220.220 #NAMESERVER3=213.134.45.129 # #-------------------- # p2p port forwarding #-------------------- #xmule=1 #IP_client_xmule=172.16.110.20 # wireless connected client xmule=0 # #btorrent=1 #IP_client_btorrent=172.16.120.20 # cable connected client btorrent=0 # #---------------------------------- # use of a monitor interface #---------------------------------- # You might want to sniff some incoming/outgoing traffic on your Fonera modeMonitor=0 # By default, monitor mode receives packets with prism2 headers prepended on them. # To change this, you must set the appropriate value for kheaders (default=2) # 11 Only 802.11 headers # 2 Prism2 headers # 3 Radiotap headers # 4 Atheros Descriptors kheaders=2 # #--------------------------------- # hardening some TCP/IP parameters #--------------------------------- khard=0 # #---------------------------------- # logging malicious TCP/IP packests #---------------------------------- klog=1 # # End of /etc/config/bridge.conf