Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Jim Carter (jimcmath.ucla.edu)
Date: Wed Mar 27 2002 - 14:29:51 CST
On Tue, 26 Mar 2002, nirav wrote:
> I've setup a Point to Point setup using the default Cisco drivers and
> utility like 'acu'
> It works fine and I'm able to communicate.
> Now the Questions:-
> I want to setup a network of such wireless boxes .
> There would be a Central Box with a omni directional antenna and multiple
> boxes with directional antennas pointing towards the central box ....
> What kind of settings will be required on the central Box ?
Same as the setup with two machines. Each machine can talk to each other,
assuming enough signal strength, but the important route is to the central
machine and thence to the Internet. (Unless you're doing local IRC, in
which case the clients would expect to contact each other directly and
might not be able to.)
> What I need to setup such network?
> How to make a box 'access point' ?
I've heard that there is software to make the central machine act as a real
access point, but I'm not familiar with it.
> In which mode it will run now ... 'adhoc'/ 'infrastructure'/'accesspoint' ?
"Ad-Hoc" mode, unless you locate the access point software, in which case
iwconfig expects the keyword "Managed", on the client machines.
> How the routing will be done ...?
The easiest way is to put a DHCP server on the central machine, which in
addition to passing out IP addresses will tell the clients the default
route (through the central machine's wireless IP address) and the DNS
domain suffix. Alternatively, each client could have a static IP address,
and could install by itself a static route through the central machine,
whose IP address on the wireless side would have to be prearranged by the
You probably need to think about Network Address Translation between the
wireless net and the Internet, since I assume your ISP is giving you only
one dynamic address. This is done in your firewall; see the man page for
iptables. Works great!
> How would I authorize the remote box to get into my network and talk via my
> central box?
To keep random rabble off your net, WEP is effective, but any decent secret
agent should be able to break into a client's house and steal the WEP key.
There is also an over-the-air exploit to steal the key, though firmware
upgrades are hoped for to prevent it. If you expect a problem of users
"sharing" access, you could require the users to register their MAC
addresses, and the DHCP server would give an IP address only to clients you
configure into it, by MAC address. (Note that a wireless card can be forced
to use any MAC address you want, if you work on it.) To guard against
someone just giving himself a static IP, you can use firewall rules
(iptables command, on kernel 2.4.x) to toss packets not coming from the
expected IPs and MAC addresses.
More security means more work. If you just have a few friends making up
this net, WEP should be enough. But I know of someone in Albania who is
using 802.11 to make like an ISP, for profit. If that's the case, you
should check carefully with your government authorities to see if
for-profit use of the ISM band is legal there. Also check your contract
with your own ISP to see if friendly or for-profit sharing of the ISP's
service is OK.
James F. Carter Voice 310 825 2897 FAX 310 206 6673
UCLA-Mathnet; 6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555
Email: jimcmath.ucla.edu http://www.math.ucla.edu/~jimc (q.v. for PGP key)