[Reference] Debian Wireless Router Configuration

By Squirrelington
in Linux

 Share

Recommended Posts

Experienced

Squirrelington

Posted
Posted (edited)

This is just a reference for anyone trying to setup a wired/wireless liux router to help smooth the transition. I'll try and be descriptive as possible.

This configuration uses WPA-PSK (AES) key encryption.

Debian 'Lenny' 2.6.24-1-686

Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ as eth0

Accton Technology Corporation SMC2-1211TX as eth1

3com 3CRDAG675B/Atheros Communications Inc. AR5413 802.11abg NIC as wifi0/wlan0

eth0: Wired WAN Interface

eth1: Wired LAN Interface

wlan0: Wireless LAN Interface

wifi0: Wireless LAN Interface (Actual physical interface, wlan0 is a virtual interface on top of wifi0. Use wlan0!)

br0: Wired/Wireless LAN Bridge

/etc/init.d/router:


### Enables IP Forwarding
echo 1 >/proc/sys/net/ipv4/ip_forward

### Configure the Wireless AP and Integrate the Wireless NIC with the LAN
# Delete the wireless vlan interface and remake as a Master (HostAP mode)
wlanconfig wlan0 destroy
wlanconfig wlan0 create wlandev wifi0 wlanmode master
# Configure the wireless interface
iwconfig wlan0 essid "NTech Router 1" channel 6 mode Master rate 11M auto txpower auto
ifconfig eth1 0.0.0.0 up
ifconfig wlan0 0.0.0.0 up
# Configure the bridge for joining the Wired and Wireless interfaces into a LAN
brctl addbr br0
brctl addif br0 eth1
brctl addif br0 wlan0
# Sets the bridges LAN settings like Netmask and IP
ifconfig br0 192.168.6.1 netmask 255.255.255.0 up
# Run the wireless encryption daemon for WPA-PSK
hostapd -Bdd /etc/hostapd/hostapd.conf

### Load the firewall settings
/etc/fw-core.cfg

echo "NTech Router Config executed..."



/etc/fw-core.cfg:


### Clean IPTABLES
/sbin/iptables -F

### Allows us to Masquerade the data coming from the External NIC
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

### Allow routines for Firewall
/sbin/iptables -A INPUT -i eth0 -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT

### Custom Rules
/etc/fw-cust.cfg

### Reject these AFTER allow routines
/sbin/iptables -A INPUT -i eth0 -p tcp -j REJECT --reject-with tcp-reset
/sbin/iptables -A INPUT -i eth0 -p udp -j REJECT



/etc/fw-cust.cfg:

### NOTES:
###  eth0 WAN; eth1 Wired LAN; wlan0 Wireless LAN; br0 Wired/Wireless Bridge
###  Use eth0 for External and br0 for Internal firewalling unless you mean to restrict something based on where its coming from in the LAN
###  i.e.: Wireless clients cannot access x.x.x.x:xx while Wired can.

### Allow FTP 21 on External NIC (eth0)
iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT

### Allow SSH 22 on External NIC (eth0)
iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT

### Allow DNS 53 on External NIC (eth0)
iptables -A INPUT -p tcp -i eth0 --dport 53 -j ACCEPT

### Allow HTTP 80 on External NIC (eth0)
iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT

### Allow HTTP (SSL) 443 on External NIC (eth0)
iptables -A INPUT -p tcp -i eth0 --dport 443 -j ACCEPT

### Allow SquidGuard Proxy 3128 on External NIC (eth0)
iptables -A INPUT -p tcp -i eth0 --dport 3128 -j ACCEPT

### Allow MySQL Server 3306 on External NIC (eth0)
iptables -A INPUT -p tcp -i eth0 --dport 3306 -j ACCEPT

### Forward IDENTd 113 to 192.168.6.90 (TCP)
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 113 -j DNAT --to 192.168.6.90:113
iptables -A FORWARD -p tcp -i eth0 -d 192.168.6.90 --dport 113 -j ACCEPT

### Forward Remote Desktop (RDP) 3389 to 192.168.6.90 (TCP)
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 3389 -j DNAT --to 192.168.6.90:3389
iptables -A FORWARD -p tcp -i eth0 -d 192.168.6.90 --dport 3389 -j ACCEPT

### Forward BitTorrent 6920 to 192.168.6.90 (TCP)
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 6920 -j DNAT --to 192.168.6.90:6920
iptables -A FORWARD -p tcp -i eth0 -d 192.168.6.90 --dport 6920 -j ACCEPT



/etc/hostapd/hostapd.conf:


interface=wlan0
bridge=br0
driver=madwifi
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
debug=0
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=NTech Router 1
#macaddr_acl=1
#accept_mac_file=/etc/hostapd/accept
auth_algs=3
eapol_key_index_workaround=0
eap_server=0
wpa=3
wpa_psk_file=/etc/hostapd/wpa_psk
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP



/etc/hostapd/wpa_psk:

00:00:00:00:00:00 Neowin

# 00:00:00:00:00:00 tells it to allow all mac addresses to use the passkey "Neowin"

Edited by FuhrerDarqueSyde
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Camtasia 2026.1.3

      By Copernic · Posted

      Camtasia 2026.1.3 by Razvan Serea TechSmith Camtasia is the complete professional solution for high-quality screen recording, video editing and sharing. Camtasia 2026 makes editing your videos easier, and faster than ever. The new editor is packed with enhanced video processing, all-new production technology, an innovative library, and stock videos and other creative assets to help you create more polished, professional videos. No video experience needed. Anyone can create informative, engaging videos. Create professional, eye-catching videos: Add special video effects - Apply Behaviors that are perfectly designed to animate your text, images, or icons. Get a crisp, polished look without being a professional video editor. Drag-and-drop your edits - What you see is what you get. Every effect and element in your video can be dropped and edited directly in the preview window. And you can edit at resolutions up to beautiful 4K, for clear video at any size. Get exceptional performance - Camtasia takes full advantage of your computer’s processor with 64-bit performance. You’ll get fast rendering times and enhanced stability—even on your most complex projects. Camtasia 2026.1.3 changelog: Feature Updates Improved keyboard navigability in tool panels. Improved screen reader accessibility of headings in Preferences. Tool panels can now be resized using a keyboard-navigable control. Updated color of folder icon in User Library tab for better visibility. Grouped media now render a composite waveform considering all audio media within that group. Added Long Path Aware to the manifest of Editor and Recorder. Performance Improvements Improved performance for editing groups on the timeline. Improved the project loading performance when timeline has lots of trec media with cursor data. Updates for IT Administrators Updated cpp-httplib from 0.38.0 to 0.43.3. Updated expat from 2.7.4 to 2.8.0. Updated freetype from 2.13.3 to 2.14.3. Updated harfbuzz from 13.0.1 to 14.2.0. Updated libpng16 from 1.6.55 to 1.6.58. Updated pango from 1.57.0 to 1.57.1. Updated girepository from 2.86.3 to 2.88.0. Updated pcre2-posix from 10.47.0 to 12.0.2. Added new harfbuzz-gpu.dll. Updated FFmpeg from 7.1.1 to 7.1.2. Updated aom from 3.11.0 to 3.13.1. Updated dav1d from 1.5.0 to 1.5.1. Updated ogg from 1.3.5 to 1.3.6. Updated SDL2 from 2.32.4 to 2.32.10. Updated zlib from 1.3.1 to 1.3.2. Updated Nalpeiron binaries to version 4.4.69.3. Bug Fixes Fixed an issue which prevented some user submitted crash reports from being sent. Fixed a potential memory leak when decoding HEVC or VP9 video. Fixed a potential crash when trying to delete a range selection on a magnetic track. Fixed a bug with the Properties Panel showing stale properties when only a caption is selected on the timeline. Fixed an issue that could prevent the Opacity and Blur properties from being changed in the Background Removal effect. Fixed an issue where larger Camtasia online projects may fail to open in Camtasia Editor. Table of contents thumbnails are no longer created for Smart Player exports with no table of contents. Fix resetting skew revert to revert just skew and not scale as well. Fixed editing in Snagit with snagX file with Unicode characters. Fixed a bug where grouped visual media could be cropped in some cases. Fixed importing SnagX files with Unicode characters. Localization fixes. Download: Camtasia 2026.1.3 | 309.0 MB (Shareware) View: Camtasia Homepage | Tutorials | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Spotify finally removes the disco ball app icon in the latest update

      By AsherGZ · Posted

      Huh never had this icon on Android
    • Can't access the forum on mobile

      By RaidenX · Posted

      yeah it seems to be Edge only. The dialog buttons work as expected in Chrome and Firefox. The phone is using Android 16 (OneUI 8.5) and Edge version  149.0.4022.53
    • Can't access the forum on mobile

      By Mindovermaster · Posted

      I'm not aware of this issue, but to help the other guys.  What version of Android are you using? Did you try a different browser? To see if Edge is the issue here.
    • Windows 11's big performance boost is finally available for all

      By +Good Bot, Bad Bot · Posted

      I agree when are you going to read this (really poor BTW) article? Here is a better article so you actually know what is going on and answers questions you had in other comments --> https://arstechnica.com/gadgets/2026/05/speed-boosting-low-latency-profile-is-one-of-the-improvements-coming-to-windows-11/ It is unclear if one will be able to disable the new profile at this point but I am not seeing any reason why one would.

  • Recent Achievements

    • One Month Later
      Jamswaz earned a badge
      One Month Later
    • Week One Done
      Jamswaz earned a badge
      Week One Done
    • Rookie
      Marzoid went up a rank
      Rookie
    • Community Regular
      coch went up a rank
      Community Regular
    • One Year In
      slackerzz earned a badge
      One Year In

  • Popular Contributors

    1. 1
      +primortal
      510
    2. 2
      PsYcHoKiLLa
      188
    3. 3
      +Edouard
      156
    4. 4
      Steven P.
      83
    5. 5
      ATLien_0
      75
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!