Setup Pioneer Freedombox as WLAN Access Point

Hi
First I want to thank all of you, who are making it possible, to have such an incredible piece of technique (both, hard- and software)! Very cool project!

I am new to Linux and Freedombox and did try to setup WLAN on my Freedombox with the latest hard- and software. I bought the MOD-WIFI-AR9271 USB WiFi adapter together with the Pioneer FreedomBox. My understanding of the terminal and its commands are not enough to set it up. Can anybody give detailed instruction, how to install the WIFI adapter and configure the software? All the posts I did read didn’t help so far.

Thank you!

David

Hi @David

Is the issue in getting the network card operational or getting FreedomBox doing what you need with the network card?

Maybe start here if you are getting the network card set up: 8.2. Configuring the Network and look at 8.2.2. Wireless Interface.

I believe what you’re asking for is well supported in the FreedomBox GUI. Look in System and then Networks. First answer the questions about internet connectivity and internet connection type. Then, what you describe sounds like this to me:

  • Pioneer wired ethernet is your primary network interface connected to the ISP with firewall zone “external”
  • WLAN interface is your secondary network interface in “shared connection” mode with firewall zone internal

In this configuration your FreedomBox will be the DHCP server, will forward DNS requests, and be the router for your network. This is the way I’m using FreedomBox and it works very well for this.

Here’s the Networks documentation from the online FreedomBox manual.

1 Like

Hi @Joseph
Thank you for your kind an professional answer! The issue was to get the network card operational. My misconception was, that I thought I had to install and configure the software in the terminal. The documentation says:
22.1. Firmware Installation
The free firmware for these devices is not packaged in Debian yet. You can manually download and install the firmware as follows:
…

So I did try to install the software and got stuck. That was the point I did come to the forum, where you have answered me. Since then I did read and try a lot. Since the firmware for the Qualcomm Atheros AR9271 is preinstalled, the configuration was easy and I was able to log in the WiFi an reach my Freedombox with the configuration the system and you suggested:

• Pioneer wired ethernet is your primary network interface connected to the ISP with firewall zone “external” 
• WLAN interface is your secondary network interface in “shared connection” mode with firewall zone internal

Now I’m stuck at the second question you’ve asked: getting FreedomBox doing what you need with the network card.
I am not able to reach the internet. I can reach my Freedombox wit the above mentioned config, but not the internet. I seems, that the firewall does not let me from the internal to the external zone. I configured all kinds of ways (Gateways, IP configurations, manual, shared, internal, external etc), but none worked.
What I want is to simply use my Freedombox with the WiFi Stick as Access Point.
My setup ist a netgate hardware firewall follwed by a switch and I have a static IP adress.

Maybe the easier way is to just buy an Acces Point an plug it into my switch? Or what do you suggest?

David

I think you are getting close.

I’m not familiar with the pre-built Pioneer image, and I want to be sure you’re set up so that the FreedomBox configuration page is able to make changes to your network. Can you confirm that NetworkManager is truly running your WLAN and ethernet card? You could do this command to check and share the result if you’re not sure:

ls /etc/NetworkManager/system-connections

Mine looks like this:
ls /etc/NetworkManager/system-connections/
eno1.nmconnection eno2.nmconnection WireGuard-Server-wg0.nmconnection

eno1 and eno2 are my two network connections and WireGuard is the VPN. Seeing this I know that the FreedomBox configuration page is able to change these devices (because FreedomBox uses NetworkManager to do this).

If these were not in the /etc/NetworkManager/system-connections folder you’ll need to modify your /etc/network/interfaces file as described in the Debian installation part of the FreedomBox manual - Tips and Troubleshooting.

Here is the output of ls /etc/NetworkManager/system-connections:
‘FreedomBox WLAN.nmconnection’ ‘FreedomBox WAN.nmconnection’

Would be very cool to get closer…

That’s what I was hoping for.

I think you are ready to choose network configuration options.

FreedomBox Network Connectivity: Answer this to tell FreedomBox to be the router, or to use a router.
You have ethernet as primary interface.
You have WLAN as secondary interface in shared mode.

I think when you get these options right for your situation you’ll see it work.

The one thing I would be thinking about is whether the subnets on the primary and secondary network interfaces can be the same or are required to be different. Depending on your situation I could see where you may need to set this.

If ethernet was 192.168.1.1/24 and you needed to put the WLAN on a different subnet all you need to do is change the address in the configuration page. Setting WLAN to 192.168.2.1/24 would change the subnet from 192.168.1.0 to 192.168.2.0 and there is a different network on each side of your FreedomBox (whereupon FreedomBox should be a router).

Sorry, it’s me again. Yesterday i did switch off the firewall in the cockpit and then I was able to reach the internet for a short time and then failed to keep the connection. Now I did try it again and as for now I have stable internet connection. Therefore it is a freedombox internal firewall problem. somehow the internal zone gets blocked to go outside… Well, I can live with this. Still, it would be nice, to find the spot, where the problem lies in the firewall.

This reminds me that there is an issue with the Firewall related to having 2 network connections. You can try running the commands here to create a policy and enable forwarding:
https://bugzilla.redhat.com/show_bug.cgi?id=2016864#c8

(Originally reported at Debian 12 (Bookworm) release and upgrading - #5 by cas).

1 Like

Thank you @jvalleroy! It looks like this would help. But I do not have enough knowledge to do this. I am a beginner and need to advance or learn more to apply these configurations.

@David You would need to run the commands listed below on your FreedomBox, as the root user.

To become root user, you can first run the command sudo -s.

firewall-cmd --permanent --new-policy int_to_ext_fwd
firewall-cmd --permanent --policy int_to_ext_fwd --add-ingress-zone internal
firewall-cmd --permanent --policy int_to_ext_fwd --add-egress-zone external
firewall-cmd --permanent --policy int_to_ext_fwd --set-priority 100
firewall-cmd --permanent --policy int_to_ext_fwd --set-target ACCEPT
firewall-cmd --permanent --zone=external --add-masquerade
firewall-cmd --permanent --zone=internal --add-forward
systemctl restart firewalld.service

Let me know if that helps.

1 Like

@jvalleroy Thank you for your help! I did run the command as follows and received after success that the Autorization failed (in red letters):

FBHS2@freedombox2:~$ sudo firewall-cmd --permanent --new-policy int_to_ext_fwd
firewall-cmd --permanent --policy int_to_ext_fwd --add-ingress-zone internal
firewall-cmd --permanent --policy int_to_ext_fwd --add-egress-zone external
firewall-cmd --permanent --policy int_to_ext_fwd --set-priority 100
firewall-cmd --permanent --policy int_to_ext_fwd --set-target ACCEPT
firewall-cmd --permanent --zone=external --add-masquerade
firewall-cmd --permanent --zone=internal --add-forward
systemctl restart firewalld.service
[sudo] password for FBHS2:
success
Authorization failed.
Make sure polkit agent is running or run the application as superuser.
Authorization failed.
Make sure polkit agent is running or run the application as superuser.
Authorization failed.
Make sure polkit agent is running or run the application as superuser.
Authorization failed.
Make sure polkit agent is running or run the application as superuser.
Authorization failed.
Make sure polkit agent is running or run the application as superuser.
Authorization failed.
Make sure polkit agent is running or run the application as superuser.
Failed to restart firewalld.service: Access denied
See system logs and ‘systemctl status firewalld.service’ for details.

I don’t know, if we should move on and if it is worth the (your) time. I bought an access point and connected him with my switch. So there is no more need to get my usb wifi card running.

No problem. Just FYI, the command you used is almost correct though. If you are using “sudo” this way, then you need to put it before every line:

sudo firewall-cmd --permanent --new-policy int_to_ext_fwd
sudo firewall-cmd --permanent --policy int_to_ext_fwd --add-ingress-zone internal
sudo firewall-cmd --permanent --policy int_to_ext_fwd --add-egress-zone external
sudo firewall-cmd --permanent --policy int_to_ext_fwd --set-priority 100
sudo firewall-cmd --permanent --policy int_to_ext_fwd --set-target ACCEPT
sudo firewall-cmd --permanent --zone=external --add-masquerade
sudo firewall-cmd --permanent --zone=internal --add-forward
sudo systemctl restart firewalld.service

Cool! It worked and I have internet from the internal to the external zone or with other words: I can reach the internet from my access point (AR9271 USB WiFi adapter) with the firewall enabled. It’s good to have the ability to switch in what case ever. Thank you! FreedomBox is a joy with such help as yours and from others!

2 Likes