Sat, 09 Apr 2005

And more new IP addresses

As this has become a standard feature around here, I should mention that we did of course get two new IP addresses in the aforementioned switchover to the new gateway. As this required an interim solution with the older 802.11b gateway, I presume that two new MAC addresses at the receiving end leads to two new IP addresses.

Only that we ended up getting three in 24 hours. I still suspect that Comcast may not keep these around for seven to eight months as they used to. Time to host my few pages (principally Quantian) elsewhere? Suggestions welcome.

/computers/broadband | permanent link

Some notes on wrt54g configuration

If I post'em here, I may end up not losing them in case I need to revisit this one.

OpenWRT Configuration

1. Initial flashing worked much better with the automated loop from the GettingStartedTips

     
           while true; do
              cat <<END | atftp --tftp-timeout 1;
           verbose
           trace
           connect 192.168.1.1
           put openwrt-g-code.bin
           END
              sleep 1;
           done
   

   This assumes that you have a Linux box plugged into the box with a tftp client pushing the binary image to the wrt54g which will read it thanks to the ping trick described User Guide
2. If something goes wrong see Troubleshooting: power cycle, and hit reset for 2 seconds just after the DMZ light goes on. This sets the box back to defaults with address 192.168.1.1.
   Telnet in, and run mtd erase nvram; reboot
3. For first use, edit dnsmasq.conf as per Using and here.
   Set the gateway and router (options '3' and '6' at end) to address of the lan interface the wrt54g clients should see.
4. For testing off the princinpal 192.168.1. network, set the ip addressit to 192.168.2.1 per nvram set lan_ipaddr=192.168.2.1; nvram committ' and editing of /etc/dnsmasq.conf followed by reboot
   That worked -- laptop now gets 192.168.2.179, and pings outside sites like Google just fine.
5. ipkg update works as well, ipkg install dropbear gets ssh so that telnet can be disabled.
6. . Configure firewall to allow ssh from outside / forward ssh from outside a la Section 6 and 7 of GettingStartedTips. Same for http.
   Add additioanal -s a.b.c.d option to allow ssh only from given address a.b.c.d
7. Configure wireless per Q24 in the OpenWrtFAQ

   	nvram set wl0_wep=on
   	nvram set wl0_wep_bit=128
   	nvram set wl0_key1=DEADBEEF12345DEADBEEF12345
   

   Also set the wl0_ssid, and define a specific list of MAC addresses we talk too:

   	nvram set wl0_maclist='XX:XX:XX:XX:XX YY:YY:YY:YY:YY:YY'
   	nvram set wl0_macmode=allow 
   

8. Put it all together for the drop-in replacement on 192.168.1.:
   • nvram set lan_ipaddr=192.168.1.x
   • switch /etc/dnsmasq.conf accordingly
   • adjust firewall /etc/init.d/S45firewall
That's it.

/computers/hardware | permanent link

New gateway

Returning from work yesterday, I found that the hard disk of the old, old gateway box was giving in. The computer is old, really old -- purchased in 1998 on College Street in Toronto -- and it had acted admirably as my gateway / firewall / nat box for all that time. First as the principal workstation, as well as webserver, name server etc pp and later with fewer and fewer services. But I kept a large /home on it for too long, and turned a backup / partition into additional swap space when more virtual memory was called for. For this lack of a backup partition I was now paying as the fsck could not repair /dev/hda1 and I never rebooted the box for lack of a second / partition.

But then it didn't matter. In December, I had finally bought what Cringely so aptly called a disruptive technology: one of those inexpensive Linksys WRT54G. Somewhat procrastingly, I had started to both configure the box using the admirable OpenWRT Linux operation system one can load onto it, and migrate essentially all services of the old gateway. So today and yesterday I finished the setup, which worked well enough. Now it is the new gateway, redirecting http to the bigger server in the basement, same for ssh from less than a handful addresses, rejecting the rest and is otherwise NATing away. Luckily, in the interim I had the older Speedstream 801.11b gateway I had once bough along with a Speedstream 801.11b card that turned out to be a piece of crap. Still, it was easy to cover the basics with it for a day to not be off the net, but it doesn't of course offer the magic of iptables needed for the finer-grained firewalling and access control, which I intend to add soon and the host of other Linux goodies that are available for OpenWRT thanks to Linux networking.

/computers/hardware | permanent link