Re: [Leaf-user] Dach Floppy
Sean E. Covel wrote: Thanks to all of you who offered info. I know just enough Unix (and that's useland not admin) to get myself into trouble. Sean The motto in my favorite unix newsgroup, is Learn by destruction. Best, Matthew ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Linux 2.4 based Firewalls made in Switzerland
Hi all This is has not directly to do with LEAF, but I think some of you will find these products interesting. One year ago, a swiss company called LIGHTNING announced their Linux based products at the Orbit in Basel, Switzerland. Their firewalls were the first Linux based products for home/small business users I knew of. (Noone else at the Orbit had similiar products). Our company ordered some because lots of our customers decided to replace their ISDN internet access with a cablemodem. After one year (10 Lightning routers/firewalls later), I must say that these products are very good. Stable and you won't miss a feature. They have the following features: -You can define as much ipfilter rules as you want. -graphical config interface (java based, runs on Win/Mac/Linux) -They don't hide features because they think you are stupid and won't be able to configure a firewall properly -You can configure all parameters which 2.4 kernels support (burst, state and so on) -DHCP, PPPoE, IPSec -Web based config/monitoring/firmware updates -RIP v1/v2, SNMP, Syslog There is one with a DMZ interface and one w/o. But their DMZ stuff is very new and not well documented. They also don't support ProxyARP DMZ or static NAT DMZ. Private DMZ is no problem and routed shouldn't be a problem. Unfortunately, they don't have a distributor in the US. Only Europe and India. The products are called Ethernet II and Ethernet III. Homepage: http://www.lightning.ch Prices: The company I work for is a reseller. We get the Ethernet II for about US$375 (CHF 600) and the Ethernet III for about US$940 (CHF 1500). --- Sandro Minola | LEAF Developer (http://leaf.sourceforge.net) mailto:[EMAIL PROTECTED] | mailto:[EMAIL PROTECTED] http://www.minola.ch| http://leaf.sourceforge.net/devel/sminola - worldcontrol:~ # rm -rf /bin/laden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Connecting to my company's Win2k server via VPN with L2TP/IPsec
Hi Eric, Here are two main points about IP/Sec, which is the problem you are having. * IP/Sec can be configured in two methods, Endpoint and Tunnel. * The IP address of the encrypting computer is used in the encryption algorithm. (So it cannot be modified). I believe that most people who are using ipsec.lrp are using it as a tunnel between two LRP boxes. This allows all traffic flowing between two segments, separated by the Internet to be encrypted. In this case, both computers have non-translated(non-masq'ed), public addresses, but the computers on the segment can have translated addresses, since they are doing the encryption. The other method of using IP/Sec is endpoints. If you Lan is not using a tunnel to create a secure connection, then an individual host can; but, that host must have a public, non-translated address as that would invalidate the encrpytion. In your case, that is why your system works when plugged directly into, but not when translated. Your department was correct about the ports, but that would only apply if you were using a non-translating firewall. Most home users are not using these, but some corporate LANs are. I hope that helps, and if anybody has *first hand* knowledge that disagrees with this, please let me know. I teach security courses, and this has been true to the extent of my testing, but I haven't tried this with LRP or DCD. Cheers edt - Original Message - From: Eric Friedman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 11, 2002 11:23 PM Subject: [Leaf-user] Connecting to my company's Win2k server via VPN with L2TP/IPsec First, let me apologize if I get any (or all!) of the technical jargon here confused, backwards, or just plain wrong. Second, let me describe my situation. I am using a Pentium 133mhz with 16MB RAM to run Dachstein 1.0.2 to share my internet connection among the numerous computers in my house. The router runs a DHCP server for the computers on my internal network and runs a DHCP client to connect with my ISP, but this is just for convienence as my ISP provides me with a static IP. The computers (Win98, Win2k, and WinXP) on my internal network all work flawlessly through the router for normal internet access. My company provides access to its network over the Internet in the form of a VPN (operated by a Windows 2000 Server, I believe). I connect to this VPN using Windows 2000 Professional. All worked fine connecting to the VPN through my home router until my company began using L2TP/IPsec for the VPN connections. Now, I get no response from the company VPN server when trying to connect. (Note, however, that I *can* connect just fine when my computer is connected directly to my ISP, i.e. without the interference of my LRP box. So my sense is that there are no configuration problems on the client computer, but rather something wrong with my LRP configuration.) Third, I know very little about Linux -- largely because I lack experience -- but I was wondering if someone might point me in the right direction on this problem. As an additional bit of information, a guy in the IS department informed me that UDP ports 500 and 1701 would be involved in the solution, but I am not certain how to act on this information in configuring my router. I have begun to look at the ipsec.lrp package available for Dachstein, but I have not been able to use it to solve my problems. I do not know, however, if this is a fault in my configuration of the package or if the package does not support Level 2 Tunneling (L2TP). If anyone has some experience in a similar situation or would be willing to help a poor old guy trying to get his LRP box to work again, I would much appreciate it. Thanks, Eric Friedman P.S. Please note as well that while I am currently running Dachstein off of a single floppy, I also have access to a CD or additional floppy drive that I could install in the router box. So do not worry about offering solutions that may require more space than is available on a single floppy: I just want something that will work. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Problems with socks5, OpenSSH and Dachstein CD 1.02 still
I'm still having problems with socks5. As a matter of fact, I just found out that it was never working. My ICQ keeps crashing this time it lasted a whole 2 days after my reboot and I'm back to using ICQ without the socks5 support. Even when I could connect via ICQ with socks5, I could never send files as it couldn't establish a direct connection. That sounds as if the firewall rules don't allow it. Seen any denied packages in /var/log/messages ? I haven't noticed any denied packages. Funny thing is after I received your e-mail, I looked at the logs and didn't see anything so I decided to do a full backup rather than partial for the socks5 package. Since then, 4 days of uptime later, I haven't had problems with ICQ crashing on me. I still haven't been able to test out the file transfer or chat with a person yet so I'll keep you posted on that. The OpenSSHD package on the Dachstein CD seems to bind to all interfaces by default, so you will be able to connect to it provided your firewall rules allow it.Look for a line that begins with #EXTERN_TCP_PORTS= and change it to something like EXTERN_TCP_PORTS=0.0.0.0/0_ssh But please be aware that this opens your sshd for everyone who feels like cracking it. This appears to have fixed it. I didn't recall having to do that with the old Eigerstein floppy. I don't see a problem here. How much space is left on the floppy disk? More than half the floppy is still empty since I've recently just saved root onto it. Hated having to reboot with my problems and manually change the password everytime. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Forwarding broadcast traffic?
You might want to check the dhcp server mailing list: http://www.isc.org/services/public/lists/dhcp-lists.html. Dhcpd 3 lets you define arbitrary options, but I don't know whether that will suffice. AFAIK dhcpd 3 has not been lrp'd; it is much bigger than dhcpd 2. -Richard Microsofts new dhcp server now supports setting internet explorers proxy address through dhcp, is there any linux dhcp server which already supports this? If thats a yes is there an lrp package for it. And yes I know they don't follow the official RFC by doing that but hey it would be practical in my environment and I am pretty much affraid that this will be the argument to go back to a windows based dhcp server otherwise. Kim ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Linux 2.4 based Firewalls made in Switzerland
Sandro Minola wrote: [snip] -graphical config interface (java based, runs on Win/Mac/Linux) Screenshot please. -They don't hide features because they think you are stupid and won't be able to configure a firewall properly Hiding stuff is bunk, but it's also nice when a router works out of the box, or with three pieces of info, like ipaddress, username, and password, the way theirs does. [snip] The products are called Ethernet II and Ethernet III. It looks like the Ethernet III comes with an integrated 4-port Ethernet switching hub 10/100 Mbits/s. That's neat, but I don't know of any micro sized 10/100 switches that people can put into a pc. Do you? Thanks for posting this. Matt ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] rtl8139
Am Donnerstag, 10. Januar 2002 03:36 schrieb [EMAIL PROTECTED]: I am trying to setup DachStein (floppy) using an P166 w/64 MB and 2 AOpen A0N-325's. From what I have seen they use either the rtl8139 or the 8139too module's. Can I get these cards to work with DachStein. I don't see those modules as options when I edit etc/modules. Choose the modules in /etc/modules.conf pci-scan 8390 ne2k-pci kp ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall)
If having some limited success in getting Dachstein 1.02 to run as just a router between to private networks, 192.168.1.0 and 192.168.2.0, with 192.168.2.0 being a expansion to the 192.168.1.0 network which is just about full. In terms of machines on either network being able to see the other (aka 192.168.1.195 being able to ping 192.168.2.195 and vice versa) I've had no problems, but some protocols are having problems (such as HP JetDirect) with a good example being a Network file server on 192.168.1.0 acting as a print queue server trying to send print jobs to a HP JetDirect printer on the 192.168.2.0 network and while basic information (such as a error) is able to be received back by the Network file server other information sent by JetDirect on ports 1782 and 161. Currently my guess is that the router is blocking such traffic when I saw this message in my logs on Dachstein machine: Packet log: input REJECT eth1 PROTO=17 192.168.1.138:1705 192.168.2.2:161 L=68 S=0x00 I=44714 F=0x T=128 (#3) Packet log: input REJECT eth1 PROTO=17 192.168.1.138:1705 192.168.2.2:161 L=68 S=0x00 I=45121 F=0x T=128 (#3) Packet log: input REJECT eth1 PROTO=17 192.168.1.138:1705 192.168.2.2:161 L=68 S=0x00 I=45643 F=0x T=128 (#3) Packet log: input REJECT eth1 PROTO=17 192.168.1.138:1705 192.168.2.2:161 L=68 S=0x00 I=46042 F=0x T=128 (#3) With 192.168.1.138 being my server and 192.168.2.2 being my printer Also, just as experiment to find out if I even have my network setup correctly I did a quick and dirty test using I think the same configuration with LRP 2.9.8 that I used with Dachstein (as best I could translate the various options) and had no problems access devices on 192.168.2.0 from 192.168.1.0 (which includes JetDirect, which worked fine), but I would much prefer to use Dachstein than a old version of LRP. Some of the options on my Dachstein box: IPFWDING_KERNEL=FILTER_ON IPALWAYSDEFRAG_KERNEL=NO IF_AUTO=eth0 eth1 IF_LIST=$IF_AUTO eth0_IPADDR=192.168.2.1 eth0_MASKLEN=24 eth0_BROADCAST=+ eth1_IPADDR=192.168.1.11 eth1_MASKLEN=24 eth1_BROADCAST=+ eth1_DEFAULT_GW=192.168.1.1 IPFILTER_SWITCH=router EXTERN_IF=eth0 EXTERN_DHCP=NO EXTERN_DYNADDR=NO INTERN_IF=eth1 INTERN_NET=192.168.1.0/24 INTERN_IP=192.168.1.11 MASQ_SWITCH=NO Does anyone have any thoughts on what I might have configured wrong? Thanks! -Kenneth Hadley ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall)
- Original Message - From: guitarlynn [EMAIL PROTECTED] To: Kenneth Hadley [EMAIL PROTECTED] Sent: Saturday, January 12, 2002 1:49 PM Subject: Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall) On Saturday 12 January 2002 14:52, Kenneth Hadley wrote: If having some limited success in getting Dachstein 1.02 to run as just a router between to private networks, 192.168.1.0 and 192.168.2.0, with 192.168.2.0 being a expansion to the 192.168.1.0 network which is just about full. Some of the options on my Dachstein box: IPFILTER_SWITCH=router Does anyone have any thoughts on what I might have configured wrong? Change IPFILTER_SWITCH=none The router option still has some ip spoofing and RFC blocking, but setting it to none leaves a straight-through router w/o any protection if I understand things right hopefully I do! -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! I'm guessing the my problems are related to some of the filter's too but unfortunately changing IPFILTER_SWITCH to none completely kills all traffic between 192.168.1.0 and 192.168.2.0 Worth a shot Thanks though! -Kenneth Hadley ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall)
eth0 on Dachstein will not route private IP addresses without the folloing change, quoted from a recent reply from Charles on a related question: [this behavior is controlled by]The stopMartians () procedure of /etc/ipfilter.conf. You can comment out the private IP blocks in this procedure if you want to send/recieve from reserved private IP addresses on your external interface. HTH, Dan Quoting Kenneth Hadley [EMAIL PROTECTED]: - Original Message - From: guitarlynn [EMAIL PROTECTED] To: Kenneth Hadley [EMAIL PROTECTED] Sent: Saturday, January 12, 2002 1:49 PM Subject: Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall) On Saturday 12 January 2002 14:52, Kenneth Hadley wrote: If having some limited success in getting Dachstein 1.02 to run as just a router between to private networks, 192.168.1.0 and 192.168.2.0, with 192.168.2.0 being a expansion to the 192.168.1.0 network which is just about full. Some of the options on my Dachstein box: IPFILTER_SWITCH=router Does anyone have any thoughts on what I might have configured wrong? Change IPFILTER_SWITCH=none The router option still has some ip spoofing and RFC blocking, but setting it to none leaves a straight-through router w/o any protection if I understand things right hopefully I do! -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! I'm guessing the my problems are related to some of the filter's too but unfortunately changing IPFILTER_SWITCH to none completely kills all traffic between 192.168.1.0 and 192.168.2.0 Worth a shot Thanks though! -Kenneth Hadley ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Linux 2.4 based Firewalls made in Switzerland
- Original Message - From: Matt Schalit [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, January 12, 2002 8:35 PM Subject: Re: [Leaf-user] Linux 2.4 based Firewalls made in Switzerland Sandro Minola wrote: [snip] -graphical config interface (java based, runs on Win/Mac/Linux) Screenshot please. -They don't hide features because they think you are stupid and won't be able to configure a firewall properly Hiding stuff is bunk, but it's also nice when a router works out of the box, or with three pieces of info, like ipaddress, username, and password, the way theirs does. [snip] The products are called Ethernet II and Ethernet III. It looks like the Ethernet III comes with an integrated 4-port Ethernet switching hub 10/100 Mbits/s. That's neat, but I don't know of any micro sized 10/100 switches that people can put into a pc. Do you? http://www.trust.com/products/frame-product.htm?artnr=12034 unfortunatly, only 10MBits... Regards, Etienne Thanks for posting this. Matt ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Forwarding broadcast traffic?
As taken from the man page of dhcp-options, DHCP2 supports: 'option www-server [address-list]' As I understand it, this lists the Web servers available to the client, and is primarily useful for defining proxy Web servers that a client must use. ...and: 'option smtp-server [address-list]' Which from my reading are said to be useful to Windows clients --- but I have yet to test this. Also important to determine: does the dhcpd, as packaged in LRP support the full command set? I'll take a look at this, and report back what I find. Dan Quoting Richard Doyle [EMAIL PROTECTED]: You might want to check the dhcp server mailing list: http://www.isc.org/services/public/lists/dhcp-lists.html. Dhcpd 3 lets you define arbitrary options, but I don't know whether that will suffice. AFAIK dhcpd 3 has not been lrp'd; it is much bigger than dhcpd 2. -Richard Microsofts new dhcp server now supports setting internet explorers proxy address through dhcp, is there any linux dhcp server which already supports this? If thats a yes is there an lrp package for it. And yes I know they don't follow the official RFC by doing that but hey it would be practical in my environment and I am pretty much affraid that this will be the argument to go back to a windows based dhcp server otherwise. Kim ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall)
hrmmmI see what you refering to...and it makes sense... I will give it a shot monday since ive no intention going to work anymore this weekend ;-) Thanks for the tipand I will bounce a message to this list if it works for me -Kenneth Hadley - Original Message - From: [EMAIL PROTECTED] To: Kenneth Hadley [EMAIL PROTECTED] Cc: guitarlynn [EMAIL PROTECTED]; LEAF-user [EMAIL PROTECTED] Sent: Saturday, January 12, 2002 2:57 PM Subject: Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall) eth0 on Dachstein will not route private IP addresses without the folloing change, quoted from a recent reply from Charles on a related question: [this behavior is controlled by]The stopMartians () procedure of /etc/ipfilter.conf. You can comment out the private IP blocks in this procedure if you want to send/recieve from reserved private IP addresses on your external interface. HTH, Dan Quoting Kenneth Hadley [EMAIL PROTECTED]: - Original Message - From: guitarlynn [EMAIL PROTECTED] To: Kenneth Hadley [EMAIL PROTECTED] Sent: Saturday, January 12, 2002 1:49 PM Subject: Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall) On Saturday 12 January 2002 14:52, Kenneth Hadley wrote: If having some limited success in getting Dachstein 1.02 to run as just a router between to private networks, 192.168.1.0 and 192.168.2.0, with 192.168.2.0 being a expansion to the 192.168.1.0 network which is just about full. Some of the options on my Dachstein box: IPFILTER_SWITCH=router Does anyone have any thoughts on what I might have configured wrong? Change IPFILTER_SWITCH=none The router option still has some ip spoofing and RFC blocking, but setting it to none leaves a straight-through router w/o any protection if I understand things right hopefully I do! -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! I'm guessing the my problems are related to some of the filter's too but unfortunately changing IPFILTER_SWITCH to none completely kills all traffic between 192.168.1.0 and 192.168.2.0 Worth a shot Thanks though! -Kenneth Hadley ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Forwarding broadcast traffic?
The following is from the dhcp server archive at http://www.isc.org/ml-archives/dhcp-server/2000/04/msg00183.html From: Sami YOUSIF [EMAIL PROTECTED] Date: Wed, 19 Apr 2000 13:54:59 -0500 Subject: Re: Proxy Setting *** From dhcp-server -- To unsubscribe, see the end of this message. *** Mark Borghardt wrote: *** From dhcp-server -- To unsubscribe, see the end of this message. *** I would like to set the Web Proxy in my NT clients. I noted a WWW Server option (#72) - what does this option do? Mark Borghardt 360 Networks That option usually sets the home page and not the proxy server. For the browsers that support it (as of now, the only one that I know that uses it is IE5 {actually first appered in one of 4.0 versions; not sure which;) there is the WPAD method. Using dhcpd 3.0+, it is possible to use the dhcp method... [thats why when IE5 is set to autodetect all proxy settings it sends a DHCPINFORM packet to the dhcp server asking for more info] the old draft is archived at http://www.wrec.org/Drafts/draft-ietf-wrec-wpad-01.txt (unfortunately it has expired in Dec 99; but the info in there still works; I cant seem to find the final or updated version) in short its something like... (still... read the draft) :-) option option-252 http://yourwebserver.yourdomain.com/proxy.pac;; As taken from the man page of dhcp-options, DHCP2 supports: 'option www-server [address-list]' As I understand it, this lists the Web servers available to the client, and is primarily useful for defining proxy Web servers that a client must use. ...and: 'option smtp-server [address-list]' Which from my reading are said to be useful to Windows clients --- but I have yet to test this. Also important to determine: does the dhcpd, as packaged in LRP support the full command set? I'll take a look at this, and report back what I find. Dan Quoting Richard Doyle [EMAIL PROTECTED]: You might want to check the dhcp server mailing list: http://www.isc.org/services/public/lists/dhcp-lists.html. Dhcpd 3 lets you define arbitrary options, but I don't know whether that will suffice. AFAIK dhcpd 3 has not been lrp'd; it is much bigger than dhcpd 2. -Richard Microsofts new dhcp server now supports setting internet explorers proxy address through dhcp, is there any linux dhcp server which already supports this? If thats a yes is there an lrp package for it. And yes I know they don't follow the official RFC by doing that but hey it would be practical in my environment and I am pretty much affraid that this will be the argument to go back to a windows based dhcp server otherwise. Kim ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Dachstein LRP and a serial port modem
Greetings all! I'm trying to set up LRP using the dachstein image on a 486 with a serial port modem and diald. I have almost everything configured and apparently working except the modem. I try to communicate with it through /dev/ttyS0 (it is COM1), but all that I get is the following error: cannot create /dev/ttyS0: error 19 This would indicate to me that the proper module isn't in the kernel. I have added serial, slhc, slip, ppp and ppp_deflate. Is there another module I need to load?? Any pointers in the proper direction would be appreciated! TIA! Mark ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Fw: Bridging with Aironet
- Original Message - From: Arben Abdullahu To: [EMAIL PROTECTED] Sent: Saturday, January 12, 2002 10:38 PM Subject: Bridging with Aironet Hi, I have been working on very similar project for about 5 months now and I have a lot of experience using the Cisco 352 cards. All you want to do is fine and works perfectly but only on short distances. What I mean by short is about 1 to 2 miles. As soon as you go over that distance, a world of problems open which are caused by some timing issues between the cards. I found recently that the PCI cards are not designed to work on longer distances and if you go over the given limit, you can expect effective bandwidth of only 60 to 70Kbps. I tried to connect to points which were about 20Km away and the packet loss on the application went to about 80% thereby leaving only very little of usable bandwidth. I have heard that some people have alleviated this problem of distance by using a bridge (BRI 342) as an access point and it is supposed to work but then you have to use infrastructure mode. P.S. I could not post this message on the thread. Can you do it for me so other people can get the info? Arben Abdullahu Chief Regional Officer Advanced Data Services Advanced Data Services Phone: +377 44 153 912, + 389 70 221 842, Fax: +381 38 548 921