#!/bin/bash # # Original File # ------------- # http://www.Linux-Sec.net/Wireless/Install-HowTo/WL/Install.txt - help docs # http://www.Linux-Sec.net/Wireless/Install-HowTo/WL/wl.config - config file # http://www.Linux-Sec.net/Wireless/Install-HowTo/WL/wl.install.sh - install script # # # Drivers # ------- # NetGear WG311 # http://www.Linux-Sec.net/Wireless/Install-HowTo/Drivers/madwifi/madwifi.txt # # LinkSys WMP54G # http://www.Linux-Sec.net/Wireless/Install-HowTo/Drivers/BroadCom/bcom_linux_install1.txt # http://www.Linux-Sec.net/Wireless/Install-HowTo/Drivers/ndiswrapper # # # 10-Dec-03 amo Install Wireless PCI card ( Netgear WQG311 -- 802.11g ) # 19-Dec-03 amo Allow for 2.6.0 vs 2.4.23 kernels # 02-Jan-04 amo Added slackware/redhat switch # 04-Jan-04 amo Converted to stop|start format, iwconfig, iwpriv commands # 18-Apr-04 amo Renamed wl.install.sh to NetGear.WG311.Install.txt # 19-Apr-04 amo Install latest iwconfig ( beta27 ) # 20-Apr-04 amo Separate out the commands # 21-Apr-04 amo Separate out Wireless Config Variables # 26-Apr-04 amo Added "AP" w/ simple firewall ( masquerade ) # 05-May-04 amo Added Rate, Mode # 13-May-04 amo Renamed to wl.install.sh for NetGear WG311 and new support LinkSys WMP54G # 17-May-04 amo Sometimes iwconfig command options order makes a difference # 19-May-04 amo Cleanup for Netgear WG311 and LinkSys WMP54G w/ ndiswrapper-0.7 # 20-May-04 amo Added Belkin F5D7000 # 21-May-04 amo Added Mode comments # 23-May-04 amo Added Comments, Make it distro-nuetral, added -v # # # VERSION="20040523" # # # ================================ # Wireless Insstall Scripts for: # NetGear WG311 - uses madwifi drive # LinkSys WMP54G - uses broadcom chipset - use ndiswrapper # ================================ # - figure out if you're using linux-2.4 or linux-2.6 kernels # - figure out which linux distribution you're using # - Configure and Change your IP# ( wl.config ) for your wireless devices # # # # ----------------------------------------------- # Define the Wireless Network in the config file # ----------------------------------------------- # if [ -f wl.config ]; then echo "#" echo "# Reading config file= wl.config" # source ./wl.config # else echo "#" echo "# ERROR: Missing wl.config file " echo "# http://www.Linux-Sec.net/Wireless/Install-HowTo/" # exit 1 # fi # # # Sometimes loading and unloading modules might cause non-fatal errors, so keep going by EXITONERR=0 # EXITONERR=1 # # Lets see the iwconfig values as they are defined/changed DEBUG=1 # # # lspci # 00:08.0 Ethernet controller: Unknown device 168c:0013 (rev 01) - madwifi-2003xx # 00:08.0 Ethernet controller: Unknown device 168c:2013 (rev 01) - madwifi-2004xx # # lspci -n # 00:08.0 Class 0200: 168c:0013 (rev 01) # # # Check if NetGear WG311 # ======================= # WG311=` lspci -n | grep 'Class 0200:' | grep 168c | awk '{print $4}' ` # # echo "311=$WG311.." # if [ "$WG311" = "168c:0013" -o "$WG311" = "168c:2013" ]; then # echo "#" echo "# Found NetGear WG311 ( madwifi driver ) = $WG311" echo "#" echo "# Check that you are using the right `uname -r` kernel modules" echo "#" # # if [ `uname -r` = "2.6.6" ]; then WLAN="/lib/modules/`uname -r`/net/wlan.ko" HAL="/lib/modules/`uname -r`/net/ath_hal.ko" PCI="/lib/modules/`uname -r`/net/ath_pci.ko" else WLAN="/lib/modules/`uname -r`/net/wlan.o" HAL="/lib/modules/`uname -r`/net/ath_hal.o" PCI="/lib/modules/`uname -r`/net/ath_pci.o" fi # DRIVER="MadWifi" # fi # # # # Check if LinkSys WMP54G # ======================= # lspci=` lspci -n | grep 'Class 0280:' | awk '{print $4}' ` # # echo "54g=$WMP54G.." # # if [ "$lspci" = "14e4:4320" ]; then # echo "#" echo "# Found LinkSys WMP54G or Belkin F5D7000 with BroadCom chipset= $lspci" echo "#" # # For ndiswrapper-0.4 # ndiswrapper loadndisdriver 14e4 4320 /lib/windrivers/bcmwl5.sys /lib/windrivers/bcmwl5.inf # # # For nddiswrapper-0.7 # -------------------- NDIS="/usr/local/src/ndiswrapper-0.7/driver/ndiswrapper.o" # DRIVER=NDISWrapper # fi # # if [ -z $DRIVER ]; then echo "#" echo "# ERROR: Neither NetGear WG311 nor LinkSys WMP54G pci card was found" echo "# use lspci to debug the vendorID:DeviceID " echo "#" # exit 1 fi # # # =========================================================== # # You should NOT have to change anything below where # # =========================================================== # # # First stop the network # ----------------------- # stop () { # echo "" echo "Stopping Wireless: ${INTERFACE}:" # # # EXITONERR=0 # # # # Turn off the WiFi card # # # if [ -f /etc/redhat-release ]; # then # cmd="/etc/rc.d/init.d/network stop" # fi # # # # if [ -f /etc/slackware-version ]; # then # cmd="ifconfig $INTERFACE down" # wlan=`ifconfig -v | grep ^$INTERFACE` if [ -z "$wlan" ]; then echo " WARNING: $cmd : already down" else docmd "$cmd" fi # fi # # # Unloading these madwifi drivers seems to hang the system # ------------------------------------------------------- # if [ "$DRIVER" = "MadWifi" ]; then echo "#" echo "# Sometimes removing these modules seems to hang/lock the server" echo "#" # domod rmmod xath_pci domod rmmod xath_hal domod rmmod xwlan fi # # # Unloading the ndiswrapper drivers # ---------------------------------- # if [ "$DRIVER" = "NDISWrapper" ]; then cmd="ndiswrapper-0.7 -e bcmwl5" # ndis=`ndiswrapper-0.7 -l | grep bcmwl5` # if [ -z "$ndis" ]; then echo " WARNING: $cmd : was not previously installed" else docmd " $cmd" fi echo "" # domod rmmod ndiswrapper # echo "#" echo "# lsmod ; ndiswrapper-0.7 -l" echo "#" fi # # # Remove the IPTables Modules # --------------------------- # rmmod ipt_state # rmmod ipt_LOG # rmmod iptable_filter # rmmod iptable_nat # rmmod ip_conntrack # echo "" # # EXITONERR=1 # } # stop # # # # Load the wireless modules and add the wireless routes # ----------------------------------------------------- # start() { # # Turn on the WiFi card # echo "#" echo "# Start Wireless: ${INTERFACE}:" echo "#" # # # Add madwifi driver for NetGear WM311 # ------------------------------------ # # http://www.Linux-Sec.net/Wireless/Install-HOWTO/Drivers/madwifi/madwifi.txt # if [ $DRIVER = "MadWifi" ]; then echo "# Installing madwifi drivers" # EXITONERR=0 # domod insmod $WLAN domod insmod $HAL domod insmod $PCI # # dmesg # ------- # ath0: mac 5.6 phy 4.1 5ghz radio 1.7 2ghz radio 2.3 # ath0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps # ath0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps # ath0: 802.11 address: xx:xx:xx:xx:xx:xx # ath0: Atheros 5212: mem=0xee000000, irq=10 # EXITONERR=1 fi # # # Add ndiswrapper for LinkSys WMP54G # ---------------------------------- # # http://www.Linux-Sec.net/Wireless/Install-HOWTO/Drivers/NDISwrapper/ndiswrapper-0.7.txt # if [ $DRIVER = "NDISWrapper" ]; then echo "# Installing ndiswrapper-0.7 drivers" # # make sure its NOT yet loaded ... since ndiswapper will complain # ndis=`ndiswrapper-0.7 -l | grep bcmwl5 ` if [ ! -z "$ndis" ]; then echo "WARNING: 'ndiswrapper bcmwl5' was still loaded " docmd "ndiswrapper-0.7 -e bcmwl5" fi # # For Loading bcom_driver w/ ndiswrapper-0.4 # ------------------------------------------ # see modules.conf # # domod " modprobe ndiswrapper" # # # For Loading new ndiswrapper-0.7 # ------------------------------- # # docmd " ndiswrapper-0.7 -e bcmwl5" # docmd " ndiswrapper-0.7 -i /usr/local/src/LinkSys.WMP54G/bcmwl5.inf " sleep 1 # # docmd " ndiswrapper-0.7 -i /usr/local/src/Belkin.F5D7000/bcmwl5.inf " # sleep 1 # # # does NOT need anything defined in /etc/modules.conf for ndiswrapper-0.7 # # uses: /lib/modules/2.4.26-ow1/misc/ndiswrapper.o # # echo "" # docmd " modprobe ndiswrapper " # sleep 5 # # dmesg: # wlan0: ndiswrapper ethernet device xx:xx:xx:xx:xx:xx using driver bcmwl5.sys # # # Requires /sbin/loadndisdriver to do insmod # # NDIS="/usr/local/src/ndiswrapper-0.7/driver/ndiswrapper.o" domod insmod $NDIS sleep 1 # fi # # # For Redhat Machines # -------------------- # # if [ -f /etc/redhat-release ]; # then # # # /etc/rc.d/init.d/network start # # # route add -net $NETWORK gw $GATEWAY netmask $NETMASK $INTERFACE # # # fi # # # For Slackare machines - explicitly run the commands # # if [ -f /etc/slackware-version ]; # then # # Remove the previous interface first if any # PrevInt=`ifconfig -v | grep ^$INTERFACE ` # # echo "prev=$PrevInt" # if [ ! -z "$PrevInt" ]; then ifconfig $INTERFACE down fi # # # to Set the card to 54Mbps # ------------------------- # 3 = 802.11G # 2 = 802.11B # 1 = 802.11A # # echo "" #ocmd " ifconfig $INTERFACE up" docmd " ifconfig ${INTERFACE} ${IPADDR} broadcast ${BROADCAST} netmask ${NETMASK} up" docmd " sleep 1" # echo "" case $MODEGBA in 3 ) echo "# Configure $INTERFACE for 802.11G" ;; 2 ) echo "# Configure $INTERFACE for 802.11B" ;; 1 ) echo "# Configure $INTERFACE for 802.11A" ;; esac # if [ ! -z $MODEGBA ]; then docmd " iwpriv $INTERFACE mode $MODEGBA" ; echo "" ; fi # # # # Sometimes Order makes a difference # # ---------------------------------- # # iwconfig ath0 key XXXXXXXXXX # # iwconfig ath0 ap XX:XX:XX:XX:XX:XX # # iwconfig ath0 channel X # # iwconfig ath0 essid foo # # iwconfig ath0 rate XXMB # # # Missing essid seems to require "Mode Master" to be defined # if [ ! -z $DEBUG ]; then echo "#" echo "# Default State: ( after ifconfig $INTERFACE )" echo "#" echo " `iwconfig $INTERFACE` " echo "" fi # # docmd2 mode Managed -- for LinkSys WMP54G # #-- seems to clear ESSID="" # #-- seems to reset AP="ff:ff:ff:ff:ff:ff" # # # # take it OUT of managed mode if you want to define anything else # docmd2 mode auto -- for LinkSys WMP54G # # docmd2 mode ad-hoc # #-- seems to define aribitrary and unmodifiable AP values # #-- creates Cell instead of AP after essid is defined # # LinkSys WMP54G does NOT have Master mode # docmd2 mode Master # docmd2 mode "$MODE" docmd2 ap "$AP" docmd2 channel "$CHANNEL" docmd2 essid "$ESSID" # you should Wait 1-3 seconds after setting essid ( done in docmd2() ) # docmd2 rate "$RATE" docmd2 nick "$NICK" docmd2 key "$KEY" echo "" # # For Example key configurations # ------------------------------ # Commands.iwconfig.key.txt # #ocmd2 key open #ocmd2 key "$KEY1" #ocmd2 key "$KEY2" #ocmd2 key "$KEY3" #ocmd2 key "$KEY4" # echo "" # # # docmd "route add -net $NETWORK netmask $NETMASK gw $GATEWAY " # echo "# Allow only these particular IP# into the wireless network" # # # Remove the Wireless Default network 192.168.1.0 # ------------------------------------------------- docmd " route del -net 192.168.1.0 gw 0.0.0.0 netmask 255.255.255.0" # # docmd " route add -host 192.168.1.11 netmask 0.0.0.0 gw $GATEWAY " docmd " route add -host 192.168.1.12 netmask 0.0.0.0 gw $GATEWAY " #ocmd " route add -host 192.168.1.13 netmask 0.0.0.0 gw $GATEWAY " #ocmd " route add -host 192.168.1.14 netmask 0.0.0.0 gw $GATEWAY " # echo "" # echo "ifconfig -v ; route -nv ; iwconfig $INTERFACE ; iwlist scan " echo "" # # # Check if we are a Gateway for the Wireless subnet # if [ "$MODE" = "Master" ]; then echo "#" echo "# ===================================================================" echo "# Now Configure the AccessPoint for the Wireless network ( $INTERFACE )" echo "# $0 ap " echo "# ===================================================================" echo "#" else # # for wireless clients # if [ ` ifconfig -v | grep ^eth0 | wc -l ` = 0 ]; then echo "#" echo "# Making your Wireless Gateway ( $GATEWAY ) the default route " docmd " route add default gw $GATEWAY" echo "#" else echo "#" echo "# you have one or more routes, i don't know which is your gateway out" echo "#" fi fi echo "" # # # slackware # fi # } # start # # # Load the wireless modules and add the wireless routes # ----------------------------------------------------- # # http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO.html # ap() { # HOST=`hostname -s` # echo "" echo "# Make this host ( $HOST ) the AccessPoint for ${INTERFACE}:" # # if [ $MODE = "Master" ]; then docmd2 mode Master fi echo "" # # echo "# Turn on packet forwarding" # echo " echo 1 > /proc/sys/net/ipv4/ip_forward" echo 1 > /proc/sys/net/ipv4/ip_forward echo "" # # # http://www.e-infomax.com/ipmasq/ # echo "# Install a minimal firewall/gateway" #cho " # rc.firewall-2.2 ( ipchains ) " echo " # rc.firewall-2.4 ( iptables ) " echo "" # # # --------------------------------------------------- # # IPCHAINS="ipchains" # # docmd " $IPCHAINS -A forward -s 192.168.1.0/24 -d 0.0.0.0/0 -j MASK" # docmd " $IPCHAINS -P forward DENY" # # --------------------------------------------------- # IPTABLES="iptables" EXTIF="eth0" INTIF="ath0" # echo "# 7-commands to Clear the IPTables first" # iptables -F $IPTABLES -P INPUT ACCEPT $IPTABLES -F INPUT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -F OUTPUT $IPTABLES -P FORWARD DROP $IPTABLES -F FORWARD $IPTABLES -t nat -F echo "" # # # # ToDo: # Change to allow only specific 192.168.x.y ip# only # echo "# FWD: Allow all connections OUT and only existing and related ones IN" docmd " $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT" docmd " $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT" docmd " $IPTABLES -A FORWARD -j LOG" echo "" # echo "# Enabling SNAT (MASQUERADE) functionality on $EXTIF" #ocmd " $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE" # iptables: No chain/target/match by that name # # this works for the wireless box to get outside docmd " $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j SNAT --to $OUTSIDE" # # # try to allow only 192.168.1.12 connectivity in or out # ------------------------------------------------------- #ocmd " $IPTABLES -t nat -A POSTROUTING -s 192.168.1.12 -o $EXTIF -j SNAT --to $OUTSIDE" echo "" # echo "# Check the rules:" docmd " $IPTABLES -L" echo "" # # } # ap # # # Load the Modules # ---------------- # domod () { ins=$1 mod=$2 # cmd="$ins $mod" # # doit="" # # # if the module is loaded, remove it .. # - show warning if it was previously installed # if [ $ins = "rmmod" ]; then # # cat /proc/modules | grep -q ath_pci # if [ $? -eq 0 ]; then # remove # fi # # m=`lsmod | grep $mod ` if [ -z "$m" ]; then echo " WARNING: $cmd : module not installed " else doit=1 fi fi # # # If the module is NOT loaded, doit # if the module is loaded, just echo and continue # # insmod /lib/modules/`uname -r`/net/wlan.o # if [ $ins = "insmod" ]; then # base=`basename $mod .o` m=`lsmod | grep $base ` # if [ ! -z "$m" ]; then echo " WARNING: $cmd : module already installed " else doit="1" fi fi # # # Install the Modules or Remove it if it was previously installed # if [ ! -z "$doit" ]; then # echo " $cmd" $cmd # # 1 == already installed # # # if [ $? != 0 -o $? != 1 ]; then if [ $? != 0 ]; then echo "# " echo "# ERROR: Module Failed: $ins $mod " echo "# " # if [ $EXITONERR = 1 ]; then exit 1 else echo "# ..keep going anyway" fi fi fi # } # domod # # # # Show the Command and Execute it # ------------------------------- docmd() { cmd=$1 # echo "$cmd" $cmd # if [ $? != 0 ]; then echo "# " echo "# ERROR: Command Failed: $cmd " echo "# " # if [ $EXITONERR = 1 ]; then exit 1 else echo "# ..keep going anyway" fi fi # } # docmd # # # Do the Command if defined # ------------------------- # docmd2() { opt=$1 var=$2 # if [ -z "$var" ]; then # no options defined echo " # iwconfig $INTERFACE $opt xxxx" echo "" # else docmd " iwconfig $INTERFACE $opt $var" sleep 2 # # see that the value was defined as set # if [ ! -z $DEBUG ]; then echo " `iwconfig $INTERFACE | egrep -i 'ESSID|Access|Cell|Rate|key'` " echo "" fi fi # } # docmd2 # # # What Operation to Perform # ------------------------- # case "$1" in # "ap") ap # ;; "start") start # # $0 status ;; # "stop") stop ;; # "status") # echo "" echo " lsmod ; ndiswrapper-0.7 -l" lsmod ; ndiswrapper-0.7 -l # ifconfig -v ; route -nv ; iwconfig $INTERFACE ;; # "-v") # # Which Versions are we using # iwver=` iwconfig -v | grep iwconfig ` iwver27=` iwconfig -v | grep iwconfig | cut -d " " -f 5` # New=27 # echo "" echo "$0 $VERSION" echo " http://www.Linux-Sec.net/Wireless/Install-HOWTO/wl" echo "" echo " $iwver " if [ $iwver27 -lt $New ]; then echo " # you should be using the new wireless_tools.27.pre22.tar.gz or later " echo " # http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Tools.html" fi echo "" exit 1 ;; # "ping") ping -c 3 $IPADDR # ;; *) echo "" echo "Usage: $0 < stop|start|status|AP|-v >" echo "" exit 1 esac # # # End