Turn your Graphite AirPort (or other KarlNet based AP) into a full-fledged Linux router.
Lurking underneath the shiny “War of the Worlds” clam shell of the Graphite Apple AirPort (http://www.apple.com/airport/) is a complete computer. Originally designed by KarlNet (http://karlnet.com/), the guts of the Apple AirPort essentially are the same as the Proxim RG1000, RG1100, and a few other access points. To network hackers, this presents an enormous opportunity and challenge: if a more capable OS (such as Linux) can be made to run on AirPort hardware, then it should be possible to build a “Super AP” that can perform much more complicated tasks than a standard AP. For example, a Linux AirPort could handle dynamic routing, firewalling, and even manage Internet tunnels, such as IPIP [Hack #54] or GRE [Hack #55].
A number of people have made quite a bit of headway on this project. The single greatest obstacle has been trying to shoehorn a usable system onto the system itself. The AirPort is a very tiny computer with meager hardware resources. It is essentially a 486 CPU (without floating point) with only 4 MB of RAM and 512 KB of flash storage. By today’s PC standards, it isn’t much more than a pocket calculator.
These severe physical restrictions have led to a number of trade-offs:
The system needs a lightweight kernel. The kernel of choice at the moment is from the Linux 2.2 series to save on RAM.
There isn’t nearly enough room to store a usable Linux system on the flash, so the root filesystem is kept on an NFS share. This share is mountable over the Ethernet or over wireless.
With only 4 MB of RAM, application space is very limited. Lightweight applications like telnetd are still usable, but running sshd is virtually impossible.
Since the card inside the AirPort is a Hermes-based radio, Host AP [Hack #57] won’t work with it. To date, no one (to my knowledge) has gotten Hermes AP [Hack #61] working with AirPort Linux, although it can be done. This means that the wireless must be used in Ad-Hoc mode, and Ethernet bridging isn’t possible.
AirPort Linux works by uploading a custom firmware to the AirPort that instructs it to boot from the network. If you decide later that you would like to turn your AirPort back into a traditional AP, you can simply flash the firmware with Apple’s original version. To get AirPort Linux running, you need a server capable of providing DHCP, TFTP, and NFS services. Any old Linux or BSD server will do.
AirPort Linux was pioneered by
Till
Straumann. His original project is well documented online
at http://www-hft.ee.tu-berlin.de/~strauman/airport/airport.html;
however, the quickest way to get started is to go to http://www.seattlewireless.net/index.cgi/AirportLinux
and download the
AirportLinux-0.01.tar.gz package. This is just a
collection of all of the software you need to get things going with a
bit of documentation.
First, set up the necessary services on your Linux or BSD server.
Extract the AirPortLinux-0.01.tar.gz archive,
and cd into it. For simplicity, I will install
the software in directories under /remote/, but
you can put them wherever you like:
~/AirportLinux-0.01#mvserver/tftpboot /~/AirportLinux-0.01#mkdir /remote; mvairport /remote
The /tftpboot/ directory contains the tiny
kernel that the AirPort will boot, and
/remote/airport/ contains the root filesystem.
Now that the data is in place, configure tftpd
and NFS. Put a line like this in your
/etc/inetd.conf
, and restart inetd:
tftp dgram udp wait root in.tftpd
Add the following to /etc/exports and restart
rpc.nfsd. Make sure that
portmap is also running.
/remote/airport airport(ro)
We now need to configure dhcpd to serve a static IP to the AirPort, and to give it additional boot parameters. To do this, you need the hardware MAC address of your AirPort. The MAC addresses of the Ethernet and wireless cards are listed on the bottom of the unit. If you are booting from the Ethernet (most likely), use the Ethernet ID. If you plan on booting from the AirPort card, use the AirPort ID. Note that wireless booting can be tricky to configure, and is definitely slower than booting from the wire. I recommend using the Ethernet for booting whenever possible.
Now that you have the proper MAC address, create a stanza like the
following in /etc/dhcpd.conf, and restart
dhcpd:
host airport {
hardware ethernet 00:30:65:FF:AA:BB;
filename "/tftpboot/vmlinubz.nbi";
option host-name "airport";
option option-130 "eth0";
option root-path "/remote/airport";
}Naturally, substitute the real MAC address for 00:30:65:FF:AA:BB.
Finally, pick an unused IP address on your local network and add an
appropriate entry to your
/etc/hosts
file:
10.15.6.20 airport
Now that your server is ready to serve AirPort Linux, you are ready to flash your AirPort hardware.
The simplest way to
flash the AirPort is to use the Java
Configurator
[Hack #47]. A copy is included in
the AirportLinux-0.01.tar.gz archive for
convenience, in the etherboot/ directory. Boot
the AirPort as you normally would, and make a note of the IP address
it is using. Fire up the Configurator, enter the IP address and
password for your AirPort, and select File
→
Upload new base station
firmware.... When prompted for a file, select the
etherboot/etherboot-airport.bin file from the
archive. Wait a few moments, and your AirPort will reboot. After it
resets, it is very important to hard boot the
AirPort by removing and reapplying the power. It’s a
good idea to do this any time you flash the firmware on a device,
just to be sure you are starting with a fresh boot.
In a few moments, you should be able to ping the AirPort at the IP address you specified; and when it has finished booting, you can telnet to it. Log in as root with no password, and you should have a shell on your very own AirPort:
$telnet 10.15.6.20Trying 10.15.6.20... Connected to 10.15.6.20. Escape character is '^]'. airport login:rootBusyBox v0.60.2 (2002.08.30-19:59+0000) Built-in shell (msh) Enter 'help' for a list of built-in commands. #
Change the root password with the usual passwd
command, and your system is ready to use. Configure the interfaces
with ifconfig and iwconfig
as you normally would. If you are unable to get to the AirPort after
it has rebooted, look closely at the DHCP, TFTP, and NFS logs on your
server (many times, they all end up in
/var/log/messages). You should see the AirPort
request a DHCP lease, request vmlinubz.nbi from
in.tftpd, and eventually mount
/remote/airport once the kernel has booted.
If you ever need to turn your AirPort back into a plain vanilla AP, it is as simple as flashing the firmware again. Reboot the AirPort without the Ethernet cable connected. It will create a network called “AirPort xxxxxxxx.” Associate your Mac with this network, and run Apple’s AirPort configuration utility. It will automatically find the AirPort. Double-click on the AirPort, and enter the AirPort’s hardware password. The AirPort Configuration utility will tell you that there is updated firmware available. Click “Yes” to update the firmware, and when the AirPort reboots, it will be back to its old self.
AirPort Linux isn’t for everybody, but it can allow some very tricky things to happen with the AirPort hardware. If this still doesn’t provide enough flexibility for your wireless project, you might try building your own AP from scratch [Hack #51].
Get Wireless Hacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
