Linux orinoco, wireless, dhcpd setup "gotchas"

Sat Jul 27 03:55:48 EST 2002

On Fri, 26 Jul 2002, Duncan Thomson wrote:
> First, Orinoco card firmware 8.10 didn't seem to work in ad-hoc mode with kernel
> drivers included in Linux 2.4.7-10.  Nor did it work with drivers included in
> pcmcia-cs-3.2.0.  However, it does seem work with drivers included in kernel
> 2.4.18.  Moral of the story - if you're having problems with Orinoco cards,
> upgrade to newer kernel if possible.

It's probably easier to just upgrade the module
(http://ozlabs.org/people/dgibson/dldwd/orinoco-0.11b.tar.gz)
than to upgrade the whole kernel.  But the jump from 2.4.7 to 2.4.18 was
worth it.

> Second, there appears to be a timing problem with dhcpd and pcmcia.

It does seem to take a bit of background processing, from the time PCMCIA
is started until the card is identified, modules loaded, power on, and
firmware ready to roll.  There's also the issue that you might turn
on the machine with the card physically removed, and booting can't
be delayed too long in that case.  Perhaps the "right" way to deal with
that is to put the 4-second sleep in the pcmcia startup script, so other
network-critical processes will also have their best shot at a live
network.

> I can now get my windows laptop to come up and talk to my linux box over
> wireless as well as over wired ethernet.  The linux box serves as a dhcp server,
> firewall, and NAT box for my cable modem connection to the internet.

Good news!  I have a similar setup (but the Linux gateway is a desktop
machine) serving a laptop running Linux and a Windows desktop machine.
It's very convenient.  I call it the "CouchNet" because I can work from my
couch, not being tied down to one spot.

> Next step: Get IPSEC working to protect the communications between my laptop
> (windows and linux) over the wireless LAN to my linux firewall, since I think
> there's good reason not to trust WEP.

My feeling on that is, WEP keeps wardrivers and local teenagers from
stealing your internet connection, but if someone really wants to steal
your information, they'll take the time to run AirSnort and crack your WEP.
So I use SSH for all logins including within the home net. For POP or IMAP
mail downloads, the right way is the secure protocol, assuming :-) that
your ISP offers it. But my guess is that the bigger threat is someone
hacking into your ISP and snatching your POP password off the wire. And of
course if you have a cable modem connection, that's a feature of the
service :-)

But if you have unsecureable protocols on wireless, like SMB mounts to/from
the Windows machine, IPSec can save your butt.

The firewall rules on my gateway are very restrictive; I let through port
22 (SSH), 80 (HTTP), 443 (HTTPS) and just about nothing else.  I see a hack
packet coming in about once every four minutes on average.

James F. Carter          Voice 310 825 2897    FAX 310 206 6673
UCLA-Mathnet;  6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA  90095-1555
Email: jimc at math.ucla.edu    http://www.math.ucla.edu/~jimc (q.v. for PGP key)