For the next meeting of the hcc pc!gg netwerkgroep I wanted wired Internet access. But the location where it will be is so advanced it only has wireless Internet access. Time for a fix.First option was a Linksys WAP54G (borrowed from work). The page in the setup where it can be configured as a wireless client already mentioned that it doesn't want to connect to other brands of networks. Too big a risk that this will not work on location.
Second option was getting a wireless - wired bridge running in Linux. The server I use for experiments with the netwerkgroep has a pci to pcmcia interface and a prism2 based pcmcia wireless card. After a bit of finding sources and getting the hostap drivers working again I set up the bridge and built a test network. First the normal iwconfig commands failed to produce results until I found that the right order is to first ifconfig wlan0 up and then iwconfig wlan0 essid 2marken.
ifconfig wlan0 up iwconfig wlan0 essid 2markenAs a simple wireless client it works. Now to make it a bridge:ifconfig wlan0 0 up ifconfig eth1 0 up brctl addbr br0 brctl addif br0 eth1 brctl addif br0 wlan0Disabling ip on wlan0 and eth1 to take them out of normal ip routing and traffic. The bridge was working, the bridging machine was able to see the wireless network and get an IP via DHCP on the bridge interface using dhclient br0. A client machine connected to the wired connection of the bridge did not get an IP. With lots of tcpdumps running it showed that the bridge did forward the DHCP request out of the wireless interface but it never showed up on the server. Later running of another tcpdump on the same wireless network also showed no packets passing.The one reason I can think of this happening is spanning tree doing something weird. The main ethernet switch in our house does spanning tree. Configuring that switch to force itself to be the spanning tree root also did not fix things. Or maybe the prism card does not like transmitting ethernet frames with a different source address. The Linux bridging documentation suggests this can be a problem.
Eventually I gave up and just went the standard way of masquerading from eth1 to wlan0 and setting up the standard stuff (dhcp server, nameserver). That does mean double NAT (yuck) but at least it gives connectivity.
2008-06-05 (#)
I can't get enough of IPv6. First, geekandpoke comes with a cartoon about the whole IP address shortage problem. And, in searching for information I found a blog Living with IPv6 about the real world of implementing IPv6 in a university network.
2008-05-26 (#)
I get mail from logcheck daily and the last week or so on one nameserver I keep seeing variations ofMay 26 09:37:15 gosper named[895]: denied query from [66.238.93.161].26906 for "." NS/IN May 26 09:56:16 gosper named[895]: denied query from [211.72.249.201].13819 for "." NS/INAll the time those 2 IPv4 addresses. With one or two tries it might be a simple attempt to fingerprint my nameservers but at this rate it seems like an attempt at a denial of service attack. Interesting is that the amount of requests is exactly the same for both IPs. 66.238.93.161 and 211.72.249.201 are registered to parts of Asus computers.. where I recently downloaded a bios update in order to fix some acpi problems. Related?
2008-05-24 (#)
I had a look at the Hurricane electric ipv6 tunnel broker. Quite easy to set up and use .. for an experienced ipv6 tunnel user that is. In literally minutes I had an IPv6 tunnel with a routed /64 up and running. I use that one for a server at work. Now pictures.idefix.net can also be reached via IP version 6. They also offer /48s for people who want to use more than one /64.
2008-05-24 (#)
Bij het praatje vandaag van Henk van de Kamer over IPv6 en hoe een speedtouch adsl modem daar bij in de weg kan zitten vroeg ik me ineens af of de speedtouch zelf misschien iets met IPv6 zou kunnen. Het protocol (6TO4 oftewel ipv4 protocol 41) staat wel in de default nat regels:=>:nat bindlist Application Proto Port ESP esp 1 FTP tcp 21 [..] IP6TO4 6to4 1Maar vervolgens doet de Speedtouch er niks mee behalve het onmogelijk maken voor de aangesloten systemen. In de CLI is niets terug te vinden over een eigen IPv6 implementatie. De suggestie was even gewekt maar het viel tegen in de praktijk. Dus het commando om achter een speedtouch een werkende ipv6 tunnel te krijgen blijft=>:nat unbind application =IP6TO4 port=1 =>:config saveEn de hcc! PCgg netwerkgroep site laat nu zien of een bezoeker van een IPv4 of IPv6 adres komt. En IPv6 is natuurlijk Cool.
2008-05-15 (#)
Zo, weer betrouwbaar Internet toegang. XS4ALL heeft het over de grootste storing in haar bestaan. Tussen dinsdag 2 uur ('s nachts) en donderdag 10 uur in totaal ongeveer 3 uur werkend ADSL gehad. Het lijkt nu allemaal weer stabiel.
2006-02-25 (#)
Ik heb eens met een set homeplug netwerk adapters gewerkt en de ervaringen ingetikt. Het werkt. En geeft vast veel storing.
2006-01-19 (#)
From Wired news a remarkable article: The Backhoe: A Real Cyberthreat.
2005-09-16 (#)
Finally got the Netgear FSM726s working better with multiple vlans when the firmware upgrade succeeded (now running 2.6.2). The (windows based) tftpd they suggest works better with the switch (guess the tftp client in there is not too brilliant). Now our vlans work without packets ending up on the wrong vlan interface of our router. And I can select a management vlan, and not have the default selection of 'all' (brrrr). It's still not perfect, an interface to a linux box in dot1q mode isn't functioning yet for all vlans (but it does work with one vlan native and one 'tagged'.. which isn't too great a setup).
2005-09-13 (#)
The continuing story of the Netgear switch... No luck on updating the firmware on the Netgear FSM726s. Boot from tftp hangs. Aaargh. Logged a support call with Netgear.
2005-09-12 (#)
First day back at work. Some stuff broke in my absence, so I started submitting Sun service requests. After that I started debugging a weird problem with a Netgear FSM726S managed switch. Some packets seem to end up on the wrong vlan (probably due to the router having the same ethernet address on all vlans). Newer firmware should fix this (why they deliver them with ancient firmware is another question), but the only way to upload firmware is via tftp, via the network, at boot-time, which clashed with the current config (since we do use vlans a lot). Lots of short network outages, and a real broadcast storm, but no success upgrading the firmware.
2005-07-05 (#)
My ADSL modem started to show very regular connection drops after what seemed to be an upgrade on the KPN side last Thursday morning. Calling the helpdesk of KPN made me wait more than ten minutes for a live person who got me through a number of standard questions and told me the script was at the point check the splitter (at least he was honest enough to tell me about the script). Without the splitter the problem remained. I also mailed the xs4all helpdesk about it who gave about the same set of suggestions including trying to upgrade the modem firmware. I noted later today that the drops were related to my speedtouchgraph script. So this evening I upgraded the firmware, changed the script to the new commands and disabled the bit where it asks the dslam for its statistics (it wasn't willing to give them anyway), now it's waiting to see if the adsl modem is more stable.
2005-07-01 (#)
I rewrote the Using Dynamic DNS for your dynamic IP micro-howto using docbook (the previous version was in linuxdoc format). Things look better and I get more flexibility. I had a good look at Making your DocBook/XML HTML output not suck to see how to incorporate a stylesheet and custom stuff.