[lug] Re: Wi-Fi Firewall

Nate Duehr nate at natetech.com
Wed Oct 16 16:06:19 MDT 2002 

On Wed, 2002-10-16 at 12:50, jef vratny wrote:
> Thanks for all the input and advice folks. I ended up buying an old toshiba
> laptop for about the cost of a regular box and 2 PCI sleds to do the job
> last night. I know, just begging for more headaches ;o)

Look out world, here it comes!  (GRIN)

> I'll probably just set it up to run as a bridge/firewall/router/dhcp server
> and hang my linksys AP off a regular PCMCIA NIC card for starters.

Seems like a reasonable way to do the project in Phases.

> Once I get that setup running I'll go back in and try to get the AP
> infrastructure portion to work. The card bridging to the WISP is going to
> have to be an Orinoco, i don't think any of the other PCMCIA cards offer a
> way to connect an external antenna. BTW, I've never had a problem w/the
> pigtails on these, the one i'm using right now has been accidentally yanked
> out a few times and still works fine. The other card will have to be one of
> the other models that doesn't have the big honkin ledge on the end in order
> for it to fit in the slot. I'm wondering if that will cause even more
> issues, but you never know until you try ;o)

There are a few other cards with external connections, most of them go
in PCI slots though.  The Cisco AeroLAN cards come to mind.  They have a
linux driver (proprietary) and I've never fiddled with them outside of
one office I worked at, but I can say that their software leaves most of
the other manufacturers way behind in features, especially on Windows
boxes.  At least it does if you stick to their proprietary drivers and
their access points, which are not cheap.  

They have add-on VPN tunneling between the wireless units and the access
points, and of course all their stuff integrates nicely with their
security software built-in to their other networking devices.  Quite
slick, and makes the SoHo stuff look sad.  But like most things, the
SoHo stuff gets the job done here at the house just fine... and ooogles
cheaper.

Also, as another comment of stuff you may run into, the Orinoco's are
very limited in power output.  Most other manufacturers run about 100mW
output power.  The Orinoco is 15mW if I remember correctly.  So if
you're "going for distance" the Orinoco's typically aren't that great to
use.  But for around the house, they're fine.  I don't have the exact
dB/power numbers here in front of me at the moment.

> >The Prism based cards have a host-ap driver which can give you a great
> >deal of flexibility.  I don't know if the other chipsets have similar
> >drivers under linux.  As long as you pick channels far enough apart (in
> >frequency, 3 channels is the recommended spacing) you shouldn't have
> >too many problems with interference (provided you don't have other
> >devices around you, crowding your spectrum).
> 
> I think Jason's right about the channel separation being sufficient to avoid
> interference , I've got my Linksys AP sitting right next to the Orinoco card
> on my laptop on channels 4 and 6 respectively and haven't experienced any
> problems.

The direct sequence spread spectrum algorithm uses one "channel" worth
of spreading around the center channel (total 3) if I read the specs
correctly.  The comments about keeping them at least 3 channels apart is
correct.  

In theory, they'll work parked right on top of each other on the same
channel, but you'll have strange speed/performance issues, and as you
start to mix manufacturer's stuff you may find that some cards deal well
with crazy stuff like that, and others not so well.  If you can move
your home stuff a good number of "channels" away from the WISP channel,
you'll do great.  (And avoid buying a 2.4 GHz cordless phone... heh.  I
can watch my signal strengths and other stuff closely and tell when my
neighbors are using theirs.)

Let's see -- other comments... the dongles are great on the Orinoco's if
you keep them short.  If you need to go any distance, look carefully at
the type of coax you're using, perhaps even going to "hardline" type of
cables like "superflex" or better.  Line losses at 2.4 GHz are a
killer.  

At the low power output levels of most 802.11b stuff, keeping the
transmitter as close to the antenna as possible is usually easier and
cheaper (even if you have to have strange power setups like putting an
AP in your attic running Power-Over-Ethernet to get power to it) than
buying expensive hardline and connectors.  NEMA-4 weatherproof boxes to
put the AP in if it's outdoors is a good way to go, and if it's going on
a tower, running the data to the AP over fiber converters is a slick way
to handle the grounding problems/lightning protection... then all you
have to protect is the power line... you'll have X number of feet of
"optoisolator" for the data stuff using fiber.

> I'll let you all know how it works out.

Ahh, this stuff is such fun.  Definitely let us know how it's going.  

Have fun Jef!

Nate
(Who's back to looking for work again... the client of the client of the
contractor bailed out AFTER hiring me... how's that for a sucky way to
end the year?  Sure, there's contracts between me and the contractor
company, and between them and their client, and between that client and
the other client, but no one's willing to push on anyone to actually
follow-through on them in this market... lovely, eh?)

More information about the LUG mailing list