Configuring a FreeBSD Access Point for your Wireless Network

Michael S. DeGraw-Bertsch

An access point is akin to a cell phone tower — it’s a link from the wireless LAN to the wired network and the Internet beyond. Many commercial access points are available, even integrated with a cable modem or DSL router and firewall. These special-purpose devices are convenient, but they tend to be inflexible and sometimes insecure. Most commercial access points are subject to the limitations of the WEP protocol. (For more information, see “Wireless (In)Security,” by Ido Dubrawsky, in this issue of Sys Admin.) Few, if any, support IPsec or IPv6, and the firewall rules, while adequate, are not nearly as powerful as the firewall or IP filters of a real UNIX system.

This article describes how to configure a PC running FreeBSD to serve as an access point (AP) for your wireless network. This FreeBSD access point does not need to be a server or desktop machine. Indeed, many people recommend using an old laptop. You don’t need much processing power either; a 386 or 486 will do. Thanks to FreeBSD’s excellent installation program, you don’t even need a working monitor — just use the serial port instead. A laptop doesn’t require a PCI- or ISA-to-PCMCIA adapter, and already has a built-in backup power supply. Also, long cable runs to an external antenna drop the signal output power significantly, and laptops can often be put closer to the antenna, in places a desktop would be hard pressed to fit.

Finding the Hardware

Once you have your access point machine selected, you’ll need wireless cards. Many companies make these cards now, including Orinoco (a.k.a., WaveLAN, Lucent, or Agere), Cisco, and LinkSys. The Orinoco cards are widely available, inexpensive, reliable, and have a built-in external antenna connector.