Re: Wireless router?
On Monday 22 December 2008 14:48:52 Corey Chandler wrote: Failing that, the Linksys WRT54GL isn't a half bad unit. Yes it is a half bad unit. If you make changes to routing or firewall rules, you need to unplug everything, power cycle it, say a prayer and hope it works. I never got it working correctly at a previous location. Over here it works, but have no need for it anymore, since a FreeBSD wireless router is doing it's job. There are many advantages of using a full-blown computer for (wireless) routing/nat/firewall, most notably the diagnostics that are available. Our FreeBSD nat is using: PPP/ADSL to provider: f...@pci0:2:8:0:class=0x02 card=0x30138086 chip=0x24498086 rev=0x03 hdr=0x00 vendor = 'Intel Corporation' device = '82559ER 82559ER Integrated 10Base-T/100Base-TX Ethernet Controller' class = network subclass = ethernet Wireless: a...@pci0:2:10:0: class=0x02 card=0x7057144f chip=0x0013168c rev=0x01 hdr=0x00 vendor = 'Atheros Communications Inc.' device = 'AR5212, AR5213 802.11a/b/g Wireless Adapter' class = network subclass = ethernet Wire, soon to be upgraded to Gbit: x...@pci0:2:11:0:class=0x02 card=0x100010b7 chip=0x920010b7 rev=0x78 hdr=0x00 vendor = '3COM Corp, Networking Division' device = '3C905 CX-TX-M Fast EtherLink for PC Management NIC' class = network subclass = ethernet ISC dhcpd, pf including altq provide the services. Currently connected with an Intel wpi(4), mother in law a few houses down uses some linksys card on windows, daughter uses a D-Link wireless with atheros chip on Kubuntu. Currently using WEP, but that'll change when lagg(4) will support WPA on wireless interfaces or when I get tired of waiting and decide to netgraph it myself somehow. -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wireless router?
Roger Olofsson wrote: Corey Chandler skrev: Nerius Landys wrote: Thank you all for your suggestions. This will be a project for me over the holidays. I decided to go the standalone wireless router approach. Good man! I will need to figure out how to configure my standalone wireless router to pass everything through to the internal LAN that I already have. It's called Bridge mode on most APs-- it does exactly what you describe. Just make sure things like DHCP server are turned off or you'll see some... odd breakages. Also I don't know too much about security, like how to prevent eavesdroppers from connecting to my internal network. One of you mentioned access lists, and I assume that means I tell the wireless router which MAC addresses it accepts, and nothing else. Ugh. MAC addresses are trivial to spoof-- I usually don't bother with using them for security, although I do use 'em to ensure that particular machines always inherit particular addresses. Is there any other way to provide security? Like a password-protected network? What are the buzzwords for these security schemes? Which security scheme do you recommend for preventing random people within proximity from connecting to my internal netowrk? Absolutely. Google for WPA or WPA2; WEP has been broken and is trivial to bruteforce, so I'd not bother with that. Once you get the unit in, feel free to email me off list for configuration questions; it sounds like a fun project! -- CJC ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.176 / Virus Database: 270.10.0/1861 - Release Date: 2008-12-22 11:23 Hello Corey, I don't use 'bridge mode'. I set a normal LAN ip for the wifi router - as well as ips to the FreeBSD gateway and dns. This is for the LAN part of the router - then another internal LAN ip for the wifi part. To examplify. Wifi router LAN part - ip 192.168.0.20, gateway 192.168.0.1, dns 192.168.0.10 and 192.168.0.11. Wifi wifi part - network 10.0.0.1 - 10.0.0.10. The problem with doing that is a lot of systems start throwing weird errors in a double NAT environment. I'd probably avoid that step and restrict wireless to its own VLAN if I were to go that route... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wireless router?
Mel wrote: On Monday 22 December 2008 14:48:52 Corey Chandler wrote: Failing that, the Linksys WRT54GL isn't a half bad unit. Yes it is a half bad unit. Absolutely-- if you're running out of the box firmware. I use DD-WRT or Tomato specifically to get around the issues you describe. The reason I go for the GL is that it's a more robust platform than their standard wrt-54g, which for some ungodly reason they started stripping flash and processing power out of after their switch to VxWorks. --CJC ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wireless router?
On Sat, 27 Dec 2008 11:27:56 -0800 Corey Chandler li...@sequestered.net wrote: Mel wrote: On Monday 22 December 2008 14:48:52 Corey Chandler wrote: Failing that, the Linksys WRT54GL isn't a half bad unit. Yes it is a half bad unit. Absolutely-- if you're running out of the box firmware. I use DD-WRT or Tomato specifically to get around the issues you describe. The reason I go for the GL is that it's a more robust platform than their standard wrt-54g, which for some ungodly reason they started stripping flash and processing power out of after their switch to VxWorks. Probably because they realised they could get away with less memory and a slower CPU because code runs more efficiently on VxWorks vs. Linux on the same hardware. Of course it also provides fewer features than Linux, so I'd prefer a Linux-based router over VxWorks. -- Bruce Cran ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wireless router?
Corey Chandler skrev: Roger Olofsson wrote: Corey Chandler skrev: Nerius Landys wrote: Thank you all for your suggestions. This will be a project for me over the holidays. I decided to go the standalone wireless router approach. Good man! I will need to figure out how to configure my standalone wireless router to pass everything through to the internal LAN that I already have. It's called Bridge mode on most APs-- it does exactly what you describe. Just make sure things like DHCP server are turned off or you'll see some... odd breakages. Also I don't know too much about security, like how to prevent eavesdroppers from connecting to my internal network. One of you mentioned access lists, and I assume that means I tell the wireless router which MAC addresses it accepts, and nothing else. Ugh. MAC addresses are trivial to spoof-- I usually don't bother with using them for security, although I do use 'em to ensure that particular machines always inherit particular addresses. Is there any other way to provide security? Like a password-protected network? What are the buzzwords for these security schemes? Which security scheme do you recommend for preventing random people within proximity from connecting to my internal netowrk? Absolutely. Google for WPA or WPA2; WEP has been broken and is trivial to bruteforce, so I'd not bother with that. Once you get the unit in, feel free to email me off list for configuration questions; it sounds like a fun project! -- CJC ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.176 / Virus Database: 270.10.0/1861 - Release Date: 2008-12-22 11:23 Hello Corey, I don't use 'bridge mode'. I set a normal LAN ip for the wifi router - as well as ips to the FreeBSD gateway and dns. This is for the LAN part of the router - then another internal LAN ip for the wifi part. To examplify. Wifi router LAN part - ip 192.168.0.20, gateway 192.168.0.1, dns 192.168.0.10 and 192.168.0.11. Wifi wifi part - network 10.0.0.1 - 10.0.0.10. The problem with doing that is a lot of systems start throwing weird errors in a double NAT environment. I'd probably avoid that step and restrict wireless to its own VLAN if I were to go that route... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.176 / Virus Database: 270.10.0/1865 - Release Date: 2008-12-26 13:01 Hello Corey, There is no double NAT involved. /Roger ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wireless router?
On Saturday 27 December 2008 16:49:54 Roger Olofsson wrote: Corey Chandler skrev: Roger Olofsson wrote: Corey Chandler skrev: Nerius Landys wrote: Thank you all for your suggestions. This will be a project for me over the holidays. I decided to go the standalone wireless router approach. Good man! I will need to figure out how to configure my standalone wireless router to pass everything through to the internal LAN that I already have. It's called Bridge mode on most APs-- it does exactly what you describe. Just make sure things like DHCP server are turned off or you'll see some... odd breakages. Also I don't know too much about security, like how to prevent eavesdroppers from connecting to my internal network. One of you mentioned access lists, and I assume that means I tell the wireless router which MAC addresses it accepts, and nothing else. Ugh. MAC addresses are trivial to spoof-- I usually don't bother with using them for security, although I do use 'em to ensure that particular machines always inherit particular addresses. Is there any other way to provide security? Like a password-protected network? What are the buzzwords for these security schemes? Which security scheme do you recommend for preventing random people within proximity from connecting to my internal netowrk? Absolutely. Google for WPA or WPA2; WEP has been broken and is trivial to bruteforce, so I'd not bother with that. Once you get the unit in, feel free to email me off list for configuration questions; it sounds like a fun project! -- CJC ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org --- - No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.176 / Virus Database: 270.10.0/1861 - Release Date: 2008-12-22 11:23 Hello Corey, I don't use 'bridge mode'. I set a normal LAN ip for the wifi router - as well as ips to the FreeBSD gateway and dns. This is for the LAN part of the router - then another internal LAN ip for the wifi part. To examplify. Wifi router LAN part - ip 192.168.0.20, gateway 192.168.0.1, dns 192.168.0.10 and 192.168.0.11. Wifi wifi part - network 10.0.0.1 - 10.0.0.10. The problem with doing that is a lot of systems start throwing weird errors in a double NAT environment. I'd probably avoid that step and restrict wireless to its own VLAN if I were to go that route... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.176 / Virus Database: 270.10.0/1865 - Release Date: 2008-12-26 13:01 Hello Corey, There is no double NAT involved. /Roger ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org That's correct. I have a D-link WBR-1310 here at home. Don't know if it's a bad or hip piece. I only know it was inside my budget and it does its job perfectly. Like I said on my first post to this thread, The WAN port is not used, hence no NAT inside the unit. Configured its LAN port ip with one of my LAN, plugged it to the switch, enabled WAP2 and assign a free LAN ip to any wireless device I want to allow on our home (plus the WAP key, of course).Voila, access point. IF DHCP is wanted, I can use the unit's own but since its only one laptop I assigned a static IP to it. The only NAT happens on the freebsd machine. Don't know about the reputation of the Linksys WRT54GL. The only one I've tried I borrowed from a friend and worked very nicely also. -- Mario Lobo http://www.mallavoodoo.com.br FreeBSD since version 2.2.8 [not Pro-Audio YET!!] (99,7% winedows FREE) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wireless router?
On Mon, Dec 22, 2008 at 04:31:56PM -0800, Nerius Landys wrote: Thank you all for your suggestions. This will be a project for me over the holidays. I decided to go the standalone wireless router approach. That's probably the easiest way. I already have. Also I don't know too much about security, like how to prevent eavesdroppers from connecting to my internal network. There are some things you could do. - Use WPA2 if available or else at least WPA [http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access] - When using WPA with pre-shared keys, use long and random generated pre-shared keys. And change them often. - You can turn off the broadcasting of the SSID [http://en.wikipedia.org/wiki/SSID] to discourage casual snooping. This will not deter a determined attacker, however. - If you are using the pf(4) firewall you could use authpf(8) as an additional security measure. [http://www.openbsd.org/faq/pf/authpf.html] It requires users to log in via ssh(8) and alters the firewall rules as long as the ssh session exists. This requires that the user must have additional authentication in the form of passwords or ssh keys in order to use the network. It provides an additional layer of access control. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpN6XRlNFJcB.pgp Description: PGP signature
Re: Wireless router?
Nerius Landys skrev: Thank you all for your suggestions. This will be a project for me over the holidays. I decided to go the standalone wireless router approach. I will need to figure out how to configure my standalone wireless router to pass everything through to the internal LAN that I already have. Also I don't know too much about security, like how to prevent eavesdroppers from connecting to my internal network. One of you mentioned access lists, and I assume that means I tell the wireless router which MAC addresses it accepts, and nothing else. Is there any other way to provide security? Like a password-protected network? What are the buzzwords for these security schemes? Which security scheme do you recommend for preventing random people within proximity from connecting to my internal netowrk? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.176 / Virus Database: 270.10.0/1861 - Release Date: 2008-12-22 11:23 Hello again Nerius, You have understood the MAC filtering correctly. You should also encrypt the wifi traffic by using at least WPA encryption. For most wifi routers this is a checkbox and a key or a passphrase that you enter. All clients that wants access and have their MAC address in the access list will have to enter the passphrase/key on the first connect. This means that you control the MAC address list - all new wifi devices that wants to connect to your wifi LAN needs to get added to the MAC access list - manually by you. You also control the encryption passphrase - all wifi clients that wants to connect to your wifi LAN need to know the encryption passphrase. If you use WPA for encryption you will have a higher degree of security than using the old and hackable WEP. Of course both the MAC list and the encryption key/passphrase are stored in the wifi router - so if you don't set a proper password for admin access to this one - all is lost. You should disable wireless access for admin (remote management) to it - only allow cabled access and use a good strong password. Buzzwords? I dunno - I hope people on the mailing list help me out here... Is there a better/simpler way of doing this? Greetings /Roger For a good laugh ... Enjoy Jason Dixons presentations from the BSDcon on http://www.youtube.com/watch?v=g7tvI6JCXD0feature=channel_page or http://www.youtube.com/watch?v=mMmbjJI5su0feature=channel_page ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wireless router?
Corey Chandler skrev: Nerius Landys wrote: Thank you all for your suggestions. This will be a project for me over the holidays. I decided to go the standalone wireless router approach. Good man! I will need to figure out how to configure my standalone wireless router to pass everything through to the internal LAN that I already have. It's called Bridge mode on most APs-- it does exactly what you describe. Just make sure things like DHCP server are turned off or you'll see some... odd breakages. Also I don't know too much about security, like how to prevent eavesdroppers from connecting to my internal network. One of you mentioned access lists, and I assume that means I tell the wireless router which MAC addresses it accepts, and nothing else. Ugh. MAC addresses are trivial to spoof-- I usually don't bother with using them for security, although I do use 'em to ensure that particular machines always inherit particular addresses. Is there any other way to provide security? Like a password-protected network? What are the buzzwords for these security schemes? Which security scheme do you recommend for preventing random people within proximity from connecting to my internal netowrk? Absolutely. Google for WPA or WPA2; WEP has been broken and is trivial to bruteforce, so I'd not bother with that. Once you get the unit in, feel free to email me off list for configuration questions; it sounds like a fun project! -- CJC ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.176 / Virus Database: 270.10.0/1861 - Release Date: 2008-12-22 11:23 Hello Corey, I don't use 'bridge mode'. I set a normal LAN ip for the wifi router - as well as ips to the FreeBSD gateway and dns. This is for the LAN part of the router - then another internal LAN ip for the wifi part. To examplify. Wifi router LAN part - ip 192.168.0.20, gateway 192.168.0.1, dns 192.168.0.10 and 192.168.0.11. Wifi wifi part - network 10.0.0.1 - 10.0.0.10. MAC addresses are indeed trivial to spoof - but if combined with a wifi encryption key/passphrase it adds to security. Greetings /Roger ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wireless router?
On Monday 22 December 2008 18:49:44 Nerius Landys wrote: I have a PC with FreeBSD set up as a router (NAT). The PC has several network cards and I'm grouping the internal-facing network cards as a bridge (promiscuous mode for the interfaces). Everything works well. Now I'd like to extend my wired network to include wireless. I really have no experience with wireless networks. I have a couple of computers that are wireless-ready (a laptop and a Playstation 3 that I won in a raffle). Is it possible to somehow add some hardware to my FreeBSD router PC to make it into a wireless router? What kind of hardware would I install? What is it called? The PC only has PCI slots, can you recommend a brand and model of wireless server equiptment if such a thing exists? Would a normal wireless card suffice? What model should I get? I would prefer to set up static internal IPs for my wireless network at home, would this be possible? Or is DHCP the way to go (I hesitate at the thought of configuring a DHCP server). Another way to go is to hook up a standalone wireless router appliance to my FreeBSD machine's network interface (one of the interfaces). I already have such a device, I think it's made by Linksys. But then, I would be NAT'ing both through the FreeBSD machine and through the wireless router. So it would be a double-NAT so to speak. Is there anything wrong with that approach? So in a nutshell, I have a wired FreeBSD router with multiple ethernet jacks at home, and I want to extend it to include wireless network. Any suggestions would be appreciated. Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org If you already have a wireless router, all you have to do is to turn it into an access point to your internal lan. Disable its DHCP server, assign a free LAN IP to the router LAN ethernet,plug one of its LAN ports into your switch and assign free LAN IPs to the wireless cards of your LAN machines. That's what I did here at home and works like a charm. If you need a DHCP server you have to set it up on the FreeBSD router. -- Mario Lobo http://www.mallavoodoo.com.br FreeBSD since version 2.2.8 [not Pro-Audio YET!!] (99,7% winedows FREE) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wireless router?
On Monday 22 December 2008 19:05:32 Mario Lobo wrote: On Monday 22 December 2008 18:49:44 Nerius Landys wrote: I have a PC with FreeBSD set up as a router (NAT). The PC has several network cards and I'm grouping the internal-facing network cards as a bridge (promiscuous mode for the interfaces). Everything works well. Now I'd like to extend my wired network to include wireless. I really have no experience with wireless networks. I have a couple of computers that are wireless-ready (a laptop and a Playstation 3 that I won in a raffle). Is it possible to somehow add some hardware to my FreeBSD router PC to make it into a wireless router? What kind of hardware would I install? What is it called? The PC only has PCI slots, can you recommend a brand and model of wireless server equiptment if such a thing exists? Would a normal wireless card suffice? What model should I get? I would prefer to set up static internal IPs for my wireless network at home, would this be possible? Or is DHCP the way to go (I hesitate at the thought of configuring a DHCP server). Another way to go is to hook up a standalone wireless router appliance to my FreeBSD machine's network interface (one of the interfaces). I already have such a device, I think it's made by Linksys. But then, I would be NAT'ing both through the FreeBSD machine and through the wireless router. So it would be a double-NAT so to speak. Is there anything wrong with that approach? So in a nutshell, I have a wired FreeBSD router with multiple ethernet jacks at home, and I want to extend it to include wireless network. Any suggestions would be appreciated. Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org If you already have a wireless router, all you have to do is to turn it into an access point to your internal lan. Disable its DHCP server, assign a free LAN IP to the router LAN ethernet,plug one of its LAN ports into your switch and assign free LAN IPs to the wireless cards of your LAN machines. That's what I did here at home and works like a charm. If you need a DHCP server you have to set it up on the FreeBSD router. Sorry for replying to myself but it needed a correction. You CAN use the wireless router as your DHCP server!. Just assign a range from your LAN's IPs. The WAN port won't matter. It won't be used. -- Mario Lobo http://www.mallavoodoo.com.br FreeBSD since version 2.2.8 [not Pro-Audio YET!!] (99,7% winedows FREE) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wireless router?
Nerius Landys wrote: I have a PC with FreeBSD set up as a router (NAT). The PC has several network cards and I'm grouping the internal-facing network cards as a bridge (promiscuous mode for the interfaces). Everything works well. Now I'd like to extend my wired network to include wireless. I really have no experience with wireless networks. I have a couple of computers that are wireless-ready (a laptop and a Playstation 3 that I won in a raffle). Is it possible to somehow add some hardware to my FreeBSD router PC to make it into a wireless router? What kind of hardware would I install? What is it called? The PC only has PCI slots, can you recommend a brand and model of wireless server equiptment if such a thing exists? Would a normal wireless card suffice? What model should I get? Yes, a supported Wireless net card would suffice. It can be configured to work in Access Point mode, essentially what a cheap wireless router would. Instructions in section 32.3.5 here: http://www.freebsd.org/doc/en/books/handbook/network-wireless.html While I haven't used FreeBSD in this mode, from my experience atheros-based (ath(4)) cards work well. I have no less than three Dlink DWL-G520 cards and never had any problems. This is a rather older model now, newer atheros cards may need a newer HAL than the one currently in the source tree (e.g. the Aspire One uses a newer atheros, and needs a custom kernel with some of the original files replaced. I believe -CURRENT has the newer HAL though). I recently also got a Linksys WMP 54G that is based on a Ralink chipset (ral(4)). This also works nicely. I would prefer to set up static internal IPs for my wireless network at home, would this be possible? Sure. I am using static IPs in all my wireless clients. Or is DHCP the way to go (I hesitate at the thought of configuring a DHCP server). Configuring a DHCP server is very easy. I've only used it with wired ethernet though. Have a read at this: http://www.freebsd.org/doc/en/books/handbook/network-dhcp.html Another way to go is to hook up a standalone wireless router appliance to my FreeBSD machine's network interface (one of the interfaces). I already have such a device, I think it's made by Linksys. But then, I would be NAT'ing both through the FreeBSD machine and through the wireless router. So it would be a double-NAT so to speak. Is there anything wrong with that approach? I've used something similar and it worked. Don't know about possible drawbacks, cause it was only a toy for me. My setup was something like this: Wireless standalone router (built in NAT) -- FreeBSD system as wireless client of the router + wired ethernet card -- FreeBSD NAT using pf / ipfw -- Wired internal ethernet (with DHCP server) -- Wired client(s) So I guess your approach is also possible. So in a nutshell, I have a wired FreeBSD router with multiple ethernet jacks at home, and I want to extend it to include wireless network. Any suggestions would be appreciated. Thanks. Probably multiple solutions exist, start up by buying a cheap but supported wireless card. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wireless router?
On Mon, Dec 22, 2008 at 01:49:44PM -0800, Nerius Landys wrote: I have a PC with FreeBSD set up as a router (NAT). The PC has several network cards and I'm grouping the internal-facing network cards as a bridge (promiscuous mode for the interfaces). Everything works well. Now I'd like to extend my wired network to include wireless. I really have no experience with wireless networks. I have a couple of computers that are wireless-ready (a laptop and a Playstation 3 that I won in a raffle). Is it possible to somehow add some hardware to my FreeBSD router PC to make it into a wireless router? Yes. What kind of hardware would I install? What is it called? Wireless card. The PC only has PCI slots, can you recommend a brand and model of wireless server equiptment if such a thing exists? Would a normal wireless card suffice? Yes What model should I get? Now that's the tricky bit. If you look at the wlan(4) manual page, you will see the supported wireless chipset in the SEE ALSO section. The trick is knowing which chipset a certain card has. It is usually _not_ listed on the box or on the manufacturer's website, because it comes with windoze drivers so most of the users don't give a damn about the chipset. And some manufacturers put different chipsets in different batches of the same card depending on what they can get their hands on. If you see a card that you like and you cannot get the name and type of chipset used, download the windows driver. It will come with an in information file (.inf) that usually contains the name and type of the chipset. I would prefer to set up static internal IPs for my wireless network at home, would this be possible? Or is DHCP the way to go (I hesitate at the thought of configuring a DHCP server). You could use the wlan_acl module to grant access based on the MAC address. But it might be better to do it somewhat more sophisticated and run hostapd(8). Another way to go is to hook up a standalone wireless router appliance to my FreeBSD machine's network interface (one of the interfaces). I already have such a device, I think it's made by Linksys. But then, I would be NAT'ing both through the FreeBSD machine and through the wireless router. So it would be a double-NAT so to speak. Is there anything wrong with that approach? It's probably easier. But you'll have to be on the lookout for vulnerabilities in the router software. When I got a wireless card for my desktop, the idea was to make a wireless conncetion to my laptop. But you have to set up hostapd on the access point, and wpa_supplicant on the laptop. And the manual pages in question don't give an overview of the process, and neither does the handbook. The section of the handbook dealing with wireless networks is outdated and in need of expert attention. Unfortunately I didn't get far enough to be that expert. In the end it was much easier and faster for me to just plug a cross-cable into the laptop from the desktop. (fast=nice when you're running rsync(1) or if you're transferring dumps via nc(1)) Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpr6YmGn2WIN.pgp Description: PGP signature
Re: Wireless router?
Nerius Landys skrev: I have a PC with FreeBSD set up as a router (NAT). The PC has several network cards and I'm grouping the internal-facing network cards as a bridge (promiscuous mode for the interfaces). Everything works well. Now I'd like to extend my wired network to include wireless. I really have no experience with wireless networks. I have a couple of computers that are wireless-ready (a laptop and a Playstation 3 that I won in a raffle). Is it possible to somehow add some hardware to my FreeBSD router PC to make it into a wireless router? What kind of hardware would I install? What is it called? The PC only has PCI slots, can you recommend a brand and model of wireless server equiptment if such a thing exists? Would a normal wireless card suffice? What model should I get? I would prefer to set up static internal IPs for my wireless network at home, would this be possible? Or is DHCP the way to go (I hesitate at the thought of configuring a DHCP server). Another way to go is to hook up a standalone wireless router appliance to my FreeBSD machine's network interface (one of the interfaces). I already have such a device, I think it's made by Linksys. But then, I would be NAT'ing both through the FreeBSD machine and through the wireless router. So it would be a double-NAT so to speak. Is there anything wrong with that approach? So in a nutshell, I have a wired FreeBSD router with multiple ethernet jacks at home, and I want to extend it to include wireless network. Any suggestions would be appreciated. Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.176 / Virus Database: 270.10.0/1861 - Release Date: 2008-12-22 11:23 Hello Nerius, I simply bought a standard wireless router, turned off all services in it except the access list and plugged it in the LAN. The access list filters on mac addresses and that level of security is fine where I live. The wireless router does have firewall, dhcp, port triggering and such but I disabled all of those since my FreeBSDs do all of that already. The wireless router has one port for internet and four ports as a normal switch, I don't use the internet port. I just plug in the ethernet cable in the switch part as uplink. I considered having a wifi nic as accesspoint in the FreeBSD main router, however, it was better for me to be able to place the wifi router for optimal range of the wifi. Turned out that the centre point for wifi is not the same as where the main router is Greetings /Roger ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wireless router?
On Mon, Dec 22, 2008 at 1:49 PM, Nerius Landys nlan...@gmail.com wrote: snip So in a nutshell, I have a wired FreeBSD router with multiple ethernet jacks at home, and I want to extend it to include wireless network. Any suggestions would be appreciated. Thanks. If you have another PCI slot available in your router, one of these should work: http://www.provantage.com/scripts/search.dll?QUERY=pci+802.11gSubmit.x=0Submit.y=0 HTH, Kurt ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wireless router?
Roger Olofsson wrote: Nerius Landys skrev: I have a PC with FreeBSD set up as a router (NAT). The PC has several network cards and I'm grouping the internal-facing network cards as a bridge (promiscuous mode for the interfaces). Everything works well. Now I'd like to extend my wired network to include wireless. I really have no experience with wireless networks. I have a couple of computers that are wireless-ready (a laptop and a Playstation 3 that I won in a raffle). Is it possible to somehow add some hardware to my FreeBSD router PC to make it into a wireless router? What kind of hardware would I install? What is it called? The PC only has PCI slots, can you recommend a brand and model of wireless server equiptment if such a thing exists? Would a normal wireless card suffice? What model should I get? I would prefer to set up static internal IPs for my wireless network at home, would this be possible? Or is DHCP the way to go (I hesitate at the thought of configuring a DHCP server). Another way to go is to hook up a standalone wireless router appliance to my FreeBSD machine's network interface (one of the interfaces). I already have such a device, I think it's made by Linksys. But then, I would be NAT'ing both through the FreeBSD machine and through the wireless router. So it would be a double-NAT so to speak. Is there anything wrong with that approach? So in a nutshell, I have a wired FreeBSD router with multiple ethernet jacks at home, and I want to extend it to include wireless network. Any suggestions would be appreciated. Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.176 / Virus Database: 270.10.0/1861 - Release Date: 2008-12-22 11:23 Hello Nerius, I simply bought a standard wireless router, turned off all services in it except the access list and plugged it in the LAN. The access list filters on mac addresses and that level of security is fine where I live. The wireless router does have firewall, dhcp, port triggering and such but I disabled all of those since my FreeBSDs do all of that already. The wireless router has one port for internet and four ports as a normal switch, I don't use the internet port. I just plug in the ethernet cable in the switch part as uplink. I considered having a wifi nic as accesspoint in the FreeBSD main router, however, it was better for me to be able to place the wifi router for optimal range of the wifi. Turned out that the centre point for wifi is not the same as where the main router is Greetings /Roger This is definitely the route I'd go. I'm a BIG fan of the Buffalo wireless access points if they've re-entered the channel near you (a patent troll prevented their sale for the last 18 months, but that court case was just overturned), as they support DD-WRT. Failing that, the Linksys WRT54GL isn't a half bad unit. Custom firmware (dd-wrt, OpenWRT, Tomato) also give you a lot finer grained control over what happens on the AP. -- CJC ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wireless router?
Thank you all for your suggestions. This will be a project for me over the holidays. I decided to go the standalone wireless router approach. I will need to figure out how to configure my standalone wireless router to pass everything through to the internal LAN that I already have. Also I don't know too much about security, like how to prevent eavesdroppers from connecting to my internal network. One of you mentioned access lists, and I assume that means I tell the wireless router which MAC addresses it accepts, and nothing else. Is there any other way to provide security? Like a password-protected network? What are the buzzwords for these security schemes? Which security scheme do you recommend for preventing random people within proximity from connecting to my internal netowrk? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wireless router?
Nerius Landys wrote: Thank you all for your suggestions. This will be a project for me over the holidays. I decided to go the standalone wireless router approach. Good man! I will need to figure out how to configure my standalone wireless router to pass everything through to the internal LAN that I already have. It's called Bridge mode on most APs-- it does exactly what you describe. Just make sure things like DHCP server are turned off or you'll see some... odd breakages. Also I don't know too much about security, like how to prevent eavesdroppers from connecting to my internal network. One of you mentioned access lists, and I assume that means I tell the wireless router which MAC addresses it accepts, and nothing else. Ugh. MAC addresses are trivial to spoof-- I usually don't bother with using them for security, although I do use 'em to ensure that particular machines always inherit particular addresses. Is there any other way to provide security? Like a password-protected network? What are the buzzwords for these security schemes? Which security scheme do you recommend for preventing random people within proximity from connecting to my internal netowrk? Absolutely. Google for WPA or WPA2; WEP has been broken and is trivial to bruteforce, so I'd not bother with that. Once you get the unit in, feel free to email me off list for configuration questions; it sounds like a fun project! -- CJC ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org