Erich, > On Sat, 2011-07-09 at 15:00 +0200, Erich Titl wrote: > Fine, would you mind to share your settings?
The Bering LEAF site and its mailing list has been an invaluable resource for me over the years so I will gladly share my wireless client config. To configure a Bering-uClibc 4.0-beta1 (should be the same on 4.0.1) box as a wireless client follow the steps below. Caveats: -------- 1. I have a static IP address, so you will have to experiment with DHCP and access point scan updates. 2. I have an Atheros mini-PCI wireless card so some of the drivers and interface names mentioned below might be different if you have a Prism or any other card. 3. Initially, I followed the documentation at http://leaf.sourceforge.net/doc/bucu-ap.html to make the LEAF box an access point however, a few months later, I no longer required the AP but wanted the box to be a client instead. That involved a scaling down of the AP configuration which actually results in a much simpler configuration. 4. I am not outlining Shorewall configuration here because of the great variance of setups, but once you reach the end of the setup procedure outlined below you could then begin with at least the 3 basic Shorewall config steps for any network interface: a) declare the wifi interface in /etc/shorewall/interfaces b) include the wifi interface in an existing (or new) zone c) update /etc/shorewall/policy, /etc/shorewall/masq, /etc/shorewall/nat or whatever other files your Shorewall setup requires. Wireless client configuration: ------------------------------ 1. Install the wireless.lrp and libm.lrp packages on your LEAF box. 2. Copy the following kernel modules to /lib/modules/ and declare them in /etc/modules: ath_hal wlan wlan_scan_ap wlan_scan_sta ath_rate_sample ath_pci wlan_acl wlan_ccmp wlan_tkip wlan_xauth 3. Save config & modules. Reboot. 4. Check dmesg for errors, lsmod to check all modules are loaded, ensure wireless.lrp loaded successfully ('apkg -l'). Post errors to leaf-user list. 5. execute 'iwconfig' and you should see your wifi interface (the example below shows a configured wifi interface with an IP address, but we will get to IP address assignment a bit later): ---- firewall# iwconfig lo no wireless extensions. dummy0 no wireless extensions. eth0 no wireless extensions. eth1 no wireless extensions. eth2 no wireless extensions. wifi0 no wireless extensions. ath0 IEEE 802.11g ESSID:"www.tradepage.net" Mode:Managed Frequency:2.447 GHz Access Point: 00:02:6F:49:A9:3F Bit Rate:1 Mb/s Tx-Power:17 dBm Sensitivity=0/3 Retry:off RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=43/94 Signal level=-53 dBm Noise level=-96 dBm Rx invalid nwid:32 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 ---- **NOTE: two interfaces are created: 'wifi0' and 'ath0'. These both refer to the same physical device but we use the latter (may also be 'wlan0' or another name depending on your wifi card). 6. execute 'iwlist <wifi_interface_name> scan' to see a list of "visible" access points: firewall# iwlist ath0 scan ath0 Scan completed : Cell 01 - Address: 00:02:6F:49:A9:3F ESSID:"www.tradepage.net" Mode:Master Frequency:2.447 GHz (Channel 8) Quality=44/94 Signal level=-51 dBm Noise level=-95 dBm Encryption key:off Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s Extra:bcn_int=100 Cell 02 ... etc... 7. Configure the wifi interface IP address by putting the following stanza in /etc/network/interfaces: (Static IP addr) ---- # Loopback interface. auto lo iface lo inet loopback # Atheros wifi card auto ath0 iface ath0 inet static address 192.168.2.111 netmask 255.255.255.0 broadcast 192.168.2.255 gateway 192.168.2.1 wireless-channel 8 wireless-essid www.tradepage.net ---- (Dynamic IP addr) (will require dnsmasq.lrp or similar) ---- # Loopback interface. auto lo iface lo inet loopback # Atheros wifi card auto ath0 iface ath0 inet dhcp ---- Restart networking: $ firewall$ /etc/init.d/networking restart 8. Create suitable nameserver entries in /etc/resolv.conf if you have assigned a static IP address. If you get your IP address via DHCP then you may need to configure your DHCP client to write DNS server entries (pushed from the DHCP server) in /etc/resolv.conf 9. Configure Shorewall for the new network interface. ---DONE--- That seems very straight forward and I hope you get it working without too much effort. Of course the major challenge is to get the wifi hardware to work. I have found that Atheros and Prism cards work well with kernel 2.6.16 and later. These cards are easily available via eBay but are mostly sold as mini-PCI card which will require you to also purchase a mini-PCI-to-PCI adapter card if your motherboard does not have a mini-PCI slot. As for your specific requirement of getting this setup for use on your boat, I think a Bering LEAF box configured as a wireless client (and whatever other packages you choose to install) will provide the same (and additional) features to the Buffalo DD-WRT box. As you say: same but more flexible. Great. Other than getting your wifi card to work, the main challenge I anticipate is the fact that you will constantly be changing location and therefore might want an automated process for connecting to open wifi networks in marinas and harbours as you sail. 'iwlist' (as per example above) will show you any and all available APs, but it should be possible to write a simple shell script to periodically scan for APs and then sequentially try to connect to those APs with the strongest signals. Good Luck and Enjoy! regards, Werner van Staden On Sat, 2011-07-09 at 15:00 +0200, Erich Titl wrote: > Werner, > > on 09.07.2011 10:10, Werner van Staden wrote: > > Erich, > > > > Not sure this is the scenario you are talking about: > > > > I set up my LEAF firewall as a client in a wireless network which > > extends across my neighbourhood. Installed wireless.lrp and loaded the > > following modules for the Atheros radio & client state: > > Sounds like the thing I have in mind > > > > > ath_hal > > wlan > > wlan_scan_ap > > wlan_scan_sta > > ath_rate_sample > > ath_pci > > wlan_acl > > wlan_ccmp > > wlan_tkip > > wlan_xauth > > What packages did you install? > > > > > The LEAF box is therefore both a wifi client and a firewall to my > > private LAN. However, because the community wireless network has a Class > > C address space (192.168.2.0/24) there are issues when my private > > network hosts (192.168.0.0/24) try to make encrypted connections to > > remote hosts. This is no-doubt a private address routing issue... > > If you are talking IPSEC it is a nat traversal issue > > > > > Overall, internet browsing, mail and day-to-day connectivity is stable > > and perfectly usable. > > Fine, would you mind to share your settings? How about usability? I am > looking to use this as a gateway which changes uplink WLAN providers > often (on my boat :-) > > I have been able to look at the Buffalo product, it has quite a nice > user interface with a few things lacking. As it is built on top of > DD-WRT we should be able to provide something similar but more flexible. > > Thanks > > Erich > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2d-c2 > ------------------------------------------------------------------------ > leaf-user mailing list: leaf-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- > http://leaf-project.org/ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
