Forgot your password?
typodupeerror
Linux Software

Linux Firmware For Some 802.11b Access Points 145

Posted by timothy
from the now-that-is-a-busybox dept.
drwho writes "This just unveiled at the BAWUG meeting tonight: Linux firmware for Access Points. Check this URL for more info. I haven't tried it yet but it looks great!" The upshot is that certain Access Points can be flashed with a stripped-down Linux system, which makes them more flexible than they'd be under the included firmware. There are even some screenshots of a modded access point booting up.
This discussion has been archived. No new comments can be posted.

Linux Firmware For Some 802.11b Access Points

Comments Filter:
  • 2.4.x (Score:5, Interesting)

    by tulare (244053) on Friday January 18, 2002 @11:15AM (#2862134) Journal
    A quick thought - iptables on an access point? That I like. Think of all the possiblities...
    • Re:2.4.x (Score:3, Insightful)

      by autocracy (192714)
      Other quick thought - wouldn't that take up all the RAM while processing packets?
      • Re:2.4.x (Score:4, Interesting)

        by tulare (244053) on Friday January 18, 2002 @12:02PM (#2862483) Journal
        Not a bad point, actually. I don't imagine that you could run all the packets through some 500-line list of various netfilter errata. What I had in mind would be more like
        1. iptables -A INPUT -s --source-mac [mac address of my allowed devices] -j ACCEPT

        2. iptables -P INPUT DROP
          iptables -t nat -A POSTROUTING -o [er, whatever the interface is called] -j MASQUERADE
        Not neccessarily complete or accurate in terms of syntax, but you get the gist. Nothing requiring too much memory usage, but enough to ensure you can limit the use of the access point to trusted devices.
        • Re:2.4.x (Score:3, Funny)

          by medcalf (68293)
          Just get an airport base station as your 802.11 access point, and then configure it to only accept connections from MACs you trust, using the appropriate box in the GUI. Oh, wait, that wouldn't be as much fun. It's too easy.
          • It's not fun, it's flexibility (and I approve of the airport very much - that feature it quite nice). However, my interest is more along the lines of actual firewalling (and many things that often bleed into it) such as port restricions, QoS, and redirection. Sure, the smart thing to do is buy computer and underclock the proc while sticking a WLan card in it, but this would cost less...
        • You *do* realize that the MAC can be spoofed, right?
    • Re:2.4.x (Score:5, Insightful)

      by 1010011010 (53039) on Friday January 18, 2002 @11:55AM (#2862422) Homepage
      Another thought:

      IPSec on the access point. Screw WEP!
    • Re:2.4.x (Score:2, Informative)

      by sderle (122535)
      Yer damn right. Have you taken a look at NoCatAuth [nocat.net] yet? As it happens we're working on a C port that should run comfortably on one of these. Join the mailing list to find out more.
  • Sweet! (Score:3, Funny)

    by jiminim (104910) on Friday January 18, 2002 @11:16AM (#2862138) Homepage
    So now I can run Seti on my AP?

    • Re:Sweet! (Score:3, Funny)

      by mbyte (65875)
      > So now I can run Seti on my AP ?

      yes. with 16 bogomips (according to screenshot ;)
    • Re:Sweet! (Score:2, Informative)

      by linzeal (197905)
      Seti@home would have to port to the little amd proc in there as no source code is available for obvious reasons.
  • by 47PHA60 (444748) on Friday January 18, 2002 @11:21AM (#2862184) Journal
    One thing that irks me to no end is that my home firewall is a noisy old Pentium 200 with disks and fans. I've been looking into embedded systems to do this, and the current access points I've seen are not effective firewalls at all; no logging, and they don't _reall_ block everything, even though they say they do. A small Linux kernel which does not need to be built up with support for PCI, two ethernet cards, disks and multiple filesystems might just do the trick.
    • by linzeal (197905)
      Underclock the proc and run it without a fan but get a big cheap socket 7 heatsink and get an rpm adjustable fan [enermax.com.tw] that will rev up and down according to a temparture probe included. I have an amd 500mhz underclocked to 375mhz without a fan that runs my firewall [astaro.com].
    • by parc (25467)
      I'm using a diskless setup on FreeBSD with an Intel NIC. Boots in about 15 seconds, and the only noise is the power supply and CPU fan. I can probably get rid of the CPU fan. I might even try cutting the PS fan, since the load on the PS is next to nothing.
    • by Raptor CK (10482)
      How about this? [soekris.com]

      Two 10/100 ports, 1 serial port, one Mini-PCI slot, two PCMCIA/CardBus slots.
      Granted, it's not out just yet, but you could make it handle wireless, inbound traffic, and two internal segments fairly easily.

      The only problem is the dependence on CF. Logging isn't generally a good idea to media that can't handle excessive writes. While a Microdrive would fare better, it would also cost much more.
    • My Pentium 200 didn't come with a fan, and I ripped out the power supply fan without any ensuing problems. It boots over the network and as such needs no disks, so it's completely quiet. I use it as my MP3 server.
      • I use it as my MP3 server.

        Without any disks?
        • Of course. The noisy server with the disks is in the closet in another room. The MP3 server gets its files over NFS. It also runs esd, so any compatible client can stream .wavs to it directly. I do this with xmms from my laptop sometimes.
          • *blink* OK... I don't see quite why the clients can't just stream from the fileserver and save your network, but hey, that's me told. I'm sure there's a good reason.
            • I think what the meant was mp3 player, hook up speaker to the puppy, and it can play without making any extra noise.
              • Right, it's essentially an audio server, hooked up to my stereo and the network. As discussed on /., some companies make similar units that get MP3's off a server via for example Samba, so you don't need a loud computer in your living room. Mine does this, and you can also stream audio [not just mp3s] -to- it (laptop doesn't need big speakers then). Disadvantage: it's not in a neat little package.
    • Try an old Laptop (Score:3, Insightful)

      by luiss (217284)
      Try getting hold of an old laptop. I got a 486 toshiba satelite for about $20, added two cheap PCMCIA ethernet cards, and loaded linux on it.

      No fans (I think), battery backup, and LCD screen, nice...

      There is a Linux on Laptops FAQ somewhere out there where you can check for compatability. Ebay is a good place to check for cheapo laptops. Just whatch out the the amount of RAM available. With no CD-ROM most of the old cheapo laptops can be a pain to get linux loaded, if your working from a distro whose imstall img can be over 8MB in size.
  • This is really cool, but I think I'll stick with Apple's Airport. Don't need to configure that much, plus I like the design. :-)

    Ciryon
    • Re:AirPort (Score:2, Informative)

      by Strog (129969)
      Don't need to configure that much


      You mean can't configure much. The original airports are the same as the Orinoco RG-1000 and each one is its own wireless network. The Orinoco has a better range for some reason. Better antenna? They released an updated firmware on the RG-1000 that would allow you to change the network name. I used it to change the network name of my boss's home one to the same network name as the AP at work. This makes the RG-1000 a lot more versatile. Is there an update for the airports that anyone is aware of? Anyone daring enough to try the Orinoco update on the airport?

      • Re:AirPort (Score:2, Informative)

        by voltaire (1198)
        Actually, the Airport and the Rg-1000 are all the same hardware, infact the Ap-500 and Ap1000 are also compatible hardware. The Comunity Wireless groups have already experimented with swaping the firmware on these devices. All the devices use a Lucent/Orinoco wavelan card internally (Rg100 and Airport use silvers) Checkout PersonalTelco's FirmwareSwapping [personaltelco.net] page for details. The reason you see better range in the Rg1000 is probably the orientation, the radiation patern of the integrated antennas are better suited for verticial operation. I can't quote the source but I had read a site on 802.11 antenna design and what a sorry design the client adapters used.
      • Re:AirPort (Score:2, Informative)

        by kwj8fty1 (225360)
        There are a number of firmwares that work on both the airports and the RG1000s.

        There is an update to the airports... but I'm not sure what it fixes.

        You can also flash a AP500 firmware onto either of them, and it works great. You lose DHCP, but you gain radius auth, and syslog. Good stuff.

        You can download any of those firmwares from here:

        http://www.vilos.com/rg1000 [vilos.com]
    • yes, the airport is still the nicest cheap 802.11b access point. it uses real 802.11b cards with the Lucent chipset (orinoco/wavelan) rather than the cheapo "Prism" chipset. That way you can use WEP encryption without any performance hit. [yes, wep is useful; it keeps the 95% of people who don't know how to run airsnort off of your network]

      airports are also some sort of amd 486 cpu with 8 or 16 megs of ram i believe. porting bsd or linux to them would be great.
  • Slogan (Score:5, Funny)

    by Hougaard (163563) on Friday January 18, 2002 @11:24AM (#2862203) Homepage Journal
    I Like their slogan:

    "All your base stations are belong to us"

    .. Sense of humor :)
    • That's a +5? Needs a moderation overhaul NOW. (IMHO, of course) Moderation in Moderation, if you will.

      And whats with /. advertising everything that runs Linux embedded? When they fit WinXP in there, *that* will be news! :P

      Moderation whingeing, M$ bashing, /. "Story" slagging; I'm on a roll...

      Yeah I'm in a bad mood, but that dosnt make this a troll. You would be peeved too, living under President Blair.

      "Working in Westminster [Parliament] is like having the nutter on the bus sit beside you all day." Amanda Platel
    • Moderation Totals: Redundant=1, Informative=1, Total=2.

      When I first saw this post, I thought - what a jackass moderator, marking this post as redundant. I mean, he's just trying to help. Then I realized that that's exactly what posting a mirror is: redundant and informative.

    • Hmmm... Seems to be holding it's own against the /. effect fairly well...
  • Finally (Score:3, Informative)

    by mattyohe (517995) <matt.yohe@gm[ ].com ['ail' in gap]> on Friday January 18, 2002 @11:28AM (#2862238)
    Multi-point to Multi-point works with this solution... its funny how going to linux solves my problems
  • Same Some Bucks? (Score:3, Insightful)

    by blitzrage (185758) on Friday January 18, 2002 @11:30AM (#2862249) Homepage
    I think that this is a cool idea. You can now upgrade and fix bugs, security holes etc.. yourself instead of having to wait for the vendor to do it (if they do it). Not to mention if you have a really old AP, maybe you can get it out and play around with Linux on it. This could allow you to take old AP's that people are pretty much throwing out, and recycle them. Might save you a few bucks. That'd be cool.
  • by Yarn (75)
    I may try this, as long as I can rollback to the original firmware ;)

    (I have the SMC ezconnect 2652 AP)

    The site is getting slower and slower so I may have to wait until next week before I find out :/

    I also wonder how much WEP it supports
    • by Yarn (75)
      After thinking about it on my walk home I've decided against it. With only ~16bogomips I doubt I could do anything particularly interesting with it. The IPSEC idea someone posted would probably take far too long to even exchange keys for any other device to happy talk to it.

      I saw someone intending to limit access to it by MAC. I hope they realise that faking a MAC address is extremely trivial.
  • Woohoo! (Score:1, Flamebait)

    by ALecs (118703)
    Now my access point can get 0wn3d too! What'll they think of next?
  • Slasdotted (Score:1, Redundant)

    by asv108 (141455)
    I put up a mirror of the screens available here [peernation.org]
  • Hmm, security? (Score:5, Interesting)

    by RC514 (546181) on Friday January 18, 2002 @11:40AM (#2862326) Homepage

    After the initial install with the SRAM card the access point can be upgraded over the network.

    Does that mean the vendors of access points do not write protect the operating system on the hardware level? Or are future modifications only possible when the jumper remains in the upgrade position? If the jumper becomes meaningless after the upgrade, its implementation is a serious design flaw and an undetected rooting waiting to happen.

    • One would think that you could allow/disallow tftp access from any given host.

      However, an access point makes a lousy firewall... Which interface is the protected interface anyway? The one that you can access from the internet, or the one that you can access as you drive by?
    • Before the upgrade to Linux, you have to open the box. After the upgrade, Linux and your own software are what protects whether or not a network upgrade is allowed. You have to become root on the box to do it.

      Bruce

  • I've always thought that an access point that had NoCatAuth built in would be a great product. Now, until the AP vendors come up with something like this, at least we can roll our own.

    -Aaron
  • Hardware (Score:4, Informative)

    by Cybersonic (7113) <ralph@ralph.cx> on Friday January 18, 2002 @11:47AM (#2862370) Homepage
    in case your curious, this works on access points using the Eumitcom WL11000SA-N boards...
    ( ref: http://opensource.instant802.com/hardware.php )
    Tested: US Robotics 2450, SMC EZconnect 2652W

    Time to buy an SMC for me :)
    • Good luck finding one. I just hit pricewatch.com and eBay with no luck. It appears that both the USR and the SMC products are already out of production.

      Maybe the people who developed this cornered the market on these WAPs first, then released their software knowing every Linux geek would want one. And they say you can't make money off of open source. :)

      • A quick check on CompUSA shows the USR model is available, and In Stock at my local store for $249.99.
  • AFAIK, the bridging code is loaded to the PCMCIA card each boot. Did they manage to keep the file and just replay it or did they reverse-engineer the bridging code?

    Not that I am really concerned, bridging a wireless LAN to your wired LAN is bad news unless there is zero need for security (aka my home).

    • by irregular_hero (444800) on Friday January 18, 2002 @12:08PM (#2862535)
      The "bridging code" is standard Linux bridging. I think what you're referring to is the "Host AP" or "Infrastructure" mode of the wireless card inside the AP.

      If the card is based on the Prism chipset, there's already a Linux driver that will operate the card in Host AP mode by implementing some of the functions normally present in the access point's Infrastructure mode in user space. Other things are handled by the card.

      For example, the card itself will handle time-dependent functions like beacon-sending. And it will handle hardware-dependent functions like WEP encrypt-decrypt (optionally). But the association table and all the rest of the functions are part of user space.

      Incidentally, you don't need the Host AP driver for your Wireless card to operate a bridged network. Oddly enough, the bridge code in the Linux kernel functions just fine with a wireless card in Peer-to-Peer mode -- it is, after all, just another interface to the kernel itself. What you won't get in peer to peer is sophisticated association handling -- that means that the signal strength meter in your wireless tools won't work exactly right in most commercial packages.
      • The Linux bridge code doesn't work with many wireless cards (Orinoco and cisco) because the cards themselves didn't allow transmission with an arbitrary MAC address. I think bridge mode is possible with the PrismII cards.
    • No, the APs in question appear to be based on the Intersil Prism-II chipset. This supports a "host-AP" mode, which allows it to work as an access point without requiring special firmware. At that point you can just use the standard Linux kernel bridging code.
      • The APs already include the required 'tertiary' (host-ap) firmware on the PC cards.

        However this is not the firmware on 'normal' PC cards that would be used as wireless clients and might be used with homebrew hardware.

        Normal cards have 'primary' (ap-client) firmware not host-AP firmware (which is owned by Intersil and subject to NDA). Some code is floating around on the net but of dubious heritage and probably best avoided for any commercial projects :)

  • I have been looking for a reliable software that can be used to turn a notebook into an AP. There is
    a driver for prism2 cards which works well enough, but lacks roaming support and in the latest version
    WEP doesn't seem to work.
    I had been looking for AP software under Linux, but the prism2 card combined with bridging in the kernel
    was all I could find. It works, but could be better.
    So, the question is, if I could use this to turn an old notebook into something more usefull. And,
    if so, why has it only been announced as Linux for certain AP hardware.
  • by dwen (468069)
    Interesting features. However, looks it needs to add some security features, such as 64-bit or 128-bit WEP, MAC access control etc.
  • Anyone else notice that board had what looked to be a PC/104 bus? That just adds even more to the potential. Put it in a new case, add a PC/104 board with another PCMCIA controller, and you've got 3x ethernet + 802.11b . Hells yah. Firewall potential gets nice. External, Internal, DMZ, and 802.11b DMZ.
  • Repeater? (Score:3, Insightful)

    by 1010011010 (53039) on Friday January 18, 2002 @12:10PM (#2862545) Homepage
    Could someone elaborate on the repeater functionality? Could I place unwired access points at regular distances, with only the one at the end wired to the regular network, and roam all down the chain with an 802.11b device (PDA for instance)?
    • I know the RG-1000 latest firmware doesn't let you do this (reference: BAWUG mailing list archives), and I assume the airport doesn't either. At least I can't get it to work, even making network name the same. I have no clue about this linux distribution can, but if it does, I'd flash it in a minute!!!
      • That sort of functionality seems to be reserved for the higher end access points, such as the Ap-1000.
        • What about a simple PC using WRP? Could a PC running wireless linux router act as a repeater?


          I am considering building a pentium/celeron diskless/headless PC exclusively for the purpose of acting as an access point. It would be VERY helpful if I could, instead, make it a simple repeater.

    • Re:Repeater? (Score:3, Informative)

      by dwhedon (15491)
      Exactly correct. The mesh formed between APs is an ethernet bridge. Stations associated with completely wireless APs (that is, no direct ethernet connection) will have their packets forwarded to the destination which may involve multiple wireless-wireless AP hops. The mesh is dynamic, APs can appear and disappear and stations can move between APs without loss of service.

      David Kimdon
      Instant802 Networks Inc.
  • by burntfungus (541760) on Friday January 18, 2002 @12:28PM (#2862677) Homepage
    You can build a Linux Access point on a PC or laptop, pehaps even a PDA:

    http://people.ssh.com/jkm/Prism2/

    Bridging software: http://bridge.sourceforge.net
  • by Fencepost (107992) on Friday January 18, 2002 @12:35PM (#2862725) Journal
    One of the features that I like about the MultiTech router/switch I have is that a modem can be hung off the serial port and used as a backup connection. What would it take to do the same with this, and is there a getty out there that would support operating both ways (i.e. use a modem for dialout, but if a terminal was connected instead then allow login).
  • The PCMCIA port could be used for anything, just ip-tables and a rudimentary web-server would be great on an embedded system.

    I turn off my linux firewall every night, but
    a small device checking it's heartbeat [slashdot.org] on the serial console could make it look like a 99.9999 system...
    • Doh,

      High Availability Linux [linux-ha.org] is the project that really could use a small device with dual NIC's and a serial console that forwards traffic to one of several servers (knowing which are alive and free).

      Changing the Wireless card to something else would make it useful for someone else, solid state web-server, bluetooth connecting point, digital camera printer server...
  • I want a cheap low power 80211.b / USB device with no fan noise to which I can hook up an external drive and the soundblaster extigy and run an mp3 player off it. Can I have that? Does this get me closer?
  • The "All your base" crap as the slogan is enough to make me never look at this software.
  • This guy got linux on his airport, only 2.2, but i'm sure it'd be no problem to upgrade to 2.4ness.

    http://www-hft.ee.tu-berlin.de/~strauman/airport /a irport.html

    pretty cool
  • by bshuler (208655)
    So... we could load up nocat, config it for our users, then resale them to the community to build our community net.... how cool
    http://nocat.net/
  • by ekalb (537624) on Friday January 18, 2002 @05:46PM (#2864809)
    There is a port [tu-berlin.de] of linux to the Apple Airport Base Station as well. However, it requires the use of a dhcp & tftp server, as well as the Java-based Airport admin tools [drexel.edu].

Man is the best computer we can put aboard a spacecraft ... and the only one that can be mass produced with unskilled labor. -- Wernher von Braun

Working...