Shaun’s Notes

A wireless repeater can extend the range of a wireless network by ‘repeating’ the signal.
A wireless bridge allows all computer physically connected to the bridge device to receive messages from the wireless network.

Goal of this article
I will show how to extend the range of your wireless network without the need of expensive wireless repeater devices.

What is needed?
1. A wireless router: this router will be the primary router acting as the DHCP server (assigning IPs to computers)
2. Linksys WRT54G/S : this router will be the repeater and bridge used to extend your network
3. dd-wrt firmware for the Linksys router: please download the appropriate version for your router version.

Steps

1. Physically connect a computer to the Linksys WRT54G router.
2. Update the firmware of the WRT54G with the version of dd-wrt you downloaded.
3. Once the dd-wrt firmware has been installed your username should be ‘root’ and password ‘admin’.
4. I recommend changing the password before performing any other steps.
5. Go to the ‘Wireless’ tab and change the following:
Wireless Mode : “Repeater Bridge”
[this will allow all devices wirelessly and physically connected to this device to access the primary network]
Wireless Network Mode: Whatever mode your primary router is running. In the case of Wireless-N I recommend using a mixed mode of N & G then you can set this mode as G-Only.
Wireless Network Name : The SSID of the primary router
Wireless Channel: Auto
Network Configuration: Bridged

Under Virtual Interfaces : Click Add
Wireless Network Name : Create a SSID that you want for this wireless device (must differ from primary router’s)
AP Isolation: Disabled
Network Configuration: Bridged
Save and Apply Settings

6. Go to the “Wireless Security” tab
Under “Physcial Interface” enter all the corresponding security information for the primary router
Under “Virtual Interfaces” enter the security you would like for the repeater.
Save and Apply Settings

Remember that all devices that access the repeater can access your main network. Therefore, make the repeater as secure as possible.

In my situation my primary router is set to WPA, however I have a Linksys Wireless Game Adapter, WGA54G, hooked up to a XBOX that can only use WEP. Therefore, I set the dd-wrt router to WEP, which the WGA54G will connect to.

7. Click on the “Security” tab and “Disable” SPI Firewall: This will allow connectivity between the two wireless network devices. Save and Apply Settings.

8. Click on “Setup” -> “Basic Setup”
Under “Router IP”
Local IP Address: Enter the IP you would like for this router (it must be a in the range of accepted IPs from your primary router. If you primary router is 192.168.1.1 then the repeater must be 192.168.1.xxx
Subnet Mask: 255.255.255.0
Gatway and Local DNS: you can leave 0.0.0.0
Save and Apply Settings.

9. Log into the primary router via a computer physically connected to it.
10.Verify that the assigned IP to the repeater is in the range of the DHCP server.
11. Reboot the primary router.

Everything is now set up and to connect to the repeater wirelessly you must connect to its SSID and provide its security key.

Now all devices physically/wirelessly connected to the repeater will be assigned an IP by the primary router and will be able to access the entire network as though they were directly connected to the primary router.

NOTE: For additional security measures I would recommend you read my note on MAC Filtering to ensure only valid systems are granted access to your network.

This article is intended for anyone that surfs the internet wirelessly. For example, University/College students, home users connected to a wireless network and even users of local hotspots.

The main thing to keep in mind whenever you access a wireless network is that your information is broadcasted to everyone. There are loads of applications, widely and freely available, that can translate any broadcasted message. This means MSN messages and even usernames and passwords can be intercepted by a malicious individual. Often hotspots provide some sort of encryption, often WEP or WPA. However, again there are tons of applications and tutorials online that can break these encryptions. In the case of most universities/colleges they often make their encryption key available to the public. Therefore, even with encryption the messages you send through a wireless network are NOT SAFE.

Enter the SSH Tunnel.
A SSH Tunnel is an encrypted network tunnel through what is called a Secure Shell.
Think of it as an unbreakable tunnel that all your wireless messages travel through. Where to they end up? They travel to a network that you know is secure, most cases a home computer that is physically connected to a modem or router.

Here is an example of what a SSH tunnel does.
Assume you are on your laptop connected to a wireless hotspot at school and attempt to visit
www.google.com
1. your browser’s request for google.com travels the internet, via the tunnel, to your home computer.
2. your home computer receives your request for google.com and then requests google.com from the internet.
3. your home computer then passes the information received from google.com back to your laptop via the tunnel.
4. you receive google.com’s information

You will notice that the home computer acts as the middle-man between you and the internet. Any information you request from the laptop is requested and received by the home computer. More importantly, all your internet surfing data is protected by the SSH tunnel.

How to setup an SSH tunnel.
Here is list of things needed in order to set up a SSH Tunnel.
1. A home computer that is physically connected, by either USB or Ethernet cable, to the modem or router.
2. Create a hostname that points to your IP address provided by your home ISP. Read my notes on how this can be done.
3. Set up a SSH server on the home computer: Read my notes on that as well.
4. Install a SSH client on your laptop or any other machine using a wireless connection: My notes.
5. (If ssh server on a windows box) Configure Windows Firewall -> allow port 22.
6. (If ssh server is behind a NAT router) You will need to log into the router then usually under ‘Advanced Settings’ you should see ‘Virtual Server’, or even ‘Port Forwarding’. I would recommend configuring the ‘Virtual Server’ settings if available. Forward port 22 to the ssh server and save the settings.

7. Use the ssh client to connect to the ssh server, make sure to designate a local port whose data will be tunneled.

After completing steps 1-7 all data going in and out of the designated port will be ssh tunneled.

Now time to configure your internet browser to pass all it data through the tunnel.
Firefox: open Preferences->Advanced->”Network” tab->”Settings” button
Select “Manual proxy configuration”
Edit only “SOCKS Host”: type ‘localhost’ and for Port: the port you designated for tunneling
Click OK

Internet Explorer: open Internet Options->”Connection” tab-> “LAN settings” button
Select “Use a proxy server for your LAN”
Edit only “Socks” : address = ‘localhost’ and Port: = designated port
Cick OK

Now all data sent and received by your browser will be securely tunneled.

Linux and Mac boxes can use the ’ssh’ command via the terminal to connect to a ssh server.
i.e. ssh username@sshserver.com
or ssh -D port# username@sshserver.com [tunnel all activity on port 'port#']

NOTE: the use of -C flag should only be used on a slow link or else compression is counterproductive.

For Windows boxes I recommend the use of PuTTY.
To connect simply enter the hostname and the port of the SSH server.