Linux Firmware For Some 802.11b Access Points

drwho writes "This just unveiled at the BAWUG meeting tonight: Linux firmware for Access Points. Check this URL for more info. I haven't tried it yet but it looks great!" The upshot is that certain Access Points can be flashed with a stripped-down Linux system, which makes them more flexible than they'd be under the included firmware. There are even some screenshots of a modded access point booting up.

2.4.x

A quick thought - iptables on an access point? That I like. Think of all the possiblities...

Re:2.4.x

Not a bad point, actually. I don't imagine that you could run all the packets through some 500-line list of various netfilter errata. What I had in mind would be more like

1. iptables -A INPUT -s --source-mac [mac address of my allowed devices] -j ACCEPT
2. 
   iptables -P INPUT DROP
   iptables -t nat -A POSTROUTING -o [er, whatever the interface is called] -j MASQUERADE

Not neccessarily complete or accurate in terms of syntax, but you get the gist. Nothing requiring too much memory usage, but enough to ensure you can limit the use of the access point to trusted devices.

Re:2.4.x

Another thought:

IPSec on the access point. Screw WEP!

Re:2.4.x

With the embedded processor that those access points have (16.4 BogoMips), forget IPSEC.

Sweet!

So now I can run Seti on my AP?

firewall replacement

One thing that irks me to no end is that my home firewall is a noisy old Pentium 200 with disks and fans. I've been looking into embedded systems to do this, and the current access points I've seen are not effective firewalls at all; no logging, and they don't _reall_ block everything, even though they say they do. A small Linux kernel which does not need to be built up with support for PCI, two ethernet cards, disks and multiple filesystems might just do the trick.

AirPort

This is really cool, but I think I'll stick with Apple's Airport. Don't need to configure that much, plus I like the design. :-)

Ciryon

Slogan

I Like their slogan:

"All your base stations are belong to us"

.. Sense of humor :)

Mirror of Screenshots

Here: http://kevindustries.com/screens.html [kevindustries.com]

Finally

Multi-point to Multi-point works with this solution... its funny how going to linux solves my problems

Same Some Bucks?

I think that this is a cool idea. You can now upgrade and fix bugs, security holes etc.. yourself instead of having to wait for the vendor to do it (if they do it). Not to mention if you have a really old AP, maybe you can get it out and play around with Linux on it. This could allow you to take old AP's that people are pretty much throwing out, and recycle them. Might save you a few bucks. That'd be cool.

Great

I may try this, as long as I can rollback to the original firmware ;)

(I have the SMC ezconnect 2652 AP)

The site is getting slower and slower so I may have to wait until next week before I find out :/

I also wonder how much WEP it supports

Woohoo!

Now my access point can get 0wn3d too! What'll they think of next?

FAQ and SS mirror

FAQ: http://draco.meatbarn.com/OpenAP/faq.html [meatbarn.com]

SS1: http://draco.meatbarn.com/OpenAP/screenshot_boot_1 .jpg [meatbarn.com]
SS2: http://draco.meatbarn.com/OpenAP/screenshot_boot_1 .jpg [meatbarn.com]
SS3: http://draco.meatbarn.com/OpenAP/screenshot_boot_1 .jpg [meatbarn.com]

Slasdotted

I put up a mirror of the screens available here [peernation.org]

Hmm, security?

After the initial install with the SRAM card the access point can be upgraded over the network.

Does that mean the vendors of access points do not write protect the operating system on the hardware level? Or are future modifications only possible when the jumper remains in the upgrade position? If the jumper becomes meaningless after the upgrade, its implementation is a serious design flaw and an undetected rooting waiting to happen.

NoCatAuth

I've always thought that an access point that had NoCatAuth built in would be a great product. Now, until the AP vendors come up with something like this, at least we can roll our own.

-Aaron

Hardware

in case your curious, this works on access points using the Eumitcom WL11000SA-N boards...
( ref: http://opensource.instant802.com/hardware.php )
Tested: US Robotics 2450, SMC EZconnect 2652W

Time to buy an SMC for me :)

How are they doing bridging?

AFAIK, the bridging code is loaded to the PCMCIA card each boot. Did they manage to keep the file and just replay it or did they reverse-engineer the bridging code?

Not that I am really concerned, bridging a wireless LAN to your wired LAN is bad news unless there is zero need for security (aka my home).

Re:How are they doing bridging?

The "bridging code" is standard Linux bridging. I think what you're referring to is the "Host AP" or "Infrastructure" mode of the wireless card inside the AP.

If the card is based on the Prism chipset, there's already a Linux driver that will operate the card in Host AP mode by implementing some of the functions normally present in the access point's Infrastructure mode in user space. Other things are handled by the card.

For example, the card itself will handle time-dependent functions like beacon-sending. And it will handle hardware-dependent functions like WEP encrypt-decrypt (optionally). But the association table and all the rest of the functions are part of user space.

Incidentally, you don't need the Host AP driver for your Wireless card to operate a bridged network. Oddly enough, the bridge code in the Linux kernel functions just fine with a wireless card in Peer-to-Peer mode -- it is, after all, just another interface to the kernel itself. What you won't get in peer to peer is sophisticated association handling -- that means that the signal strength meter in your wireless tools won't work exactly right in most commercial packages.

Can I use this to turn my old notebook into an AP?

I have been looking for a reliable software that can be used to turn a notebook into an AP. There is
a driver for prism2 cards which works well enough, but lacks roaming support and in the latest version
WEP doesn't seem to work.
I had been looking for AP software under Linux, but the prism2 card combined with bridging in the kernel
was all I could find. It works, but could be better.
So, the question is, if I could use this to turn an old notebook into something more usefull. And,
if so, why has it only been announced as Linux for certain AP hardware.

Security

Interesting features. However, looks it needs to add some security features, such as 64-bit or 128-bit WEP, MAC access control etc.

PC104 Bus on there? Think of the potential.

Anyone else notice that board had what looked to be a PC/104 bus? That just adds even more to the potential. Put it in a new case, add a PC/104 board with another PCMCIA controller, and you've got 3x ethernet + 802.11b . Hells yah. Firewall potential gets nice. External, Internal, DMZ, and 802.11b DMZ.

Repeater?

Could someone elaborate on the repeater functionality? Could I place unwired access points at regular distances, with only the one at the end wired to the regular network, and roam all down the chain with an 802.11b device (PDA for instance)?

You can build an AP on a PC:

You can build a Linux Access point on a PC or laptop, pehaps even a PDA:

http://people.ssh.com/jkm/Prism2/

Bridging software: http://bridge.sourceforge.net

Use serial port for modem backup?

One of the features that I like about the MultiTech router/switch I have is that a modem can be hung off the serial port and used as a backup connection. What would it take to do the same with this, and is there a getty out there that would support operating both ways (i.e. use a modem for dialout, but if a terminal was connected instead then allow login).

Why wireless?

The PCMCIA port could be used for anything, just ip-tables and a rudimentary web-server would be great on an embedded system.

I turn off my linux firewall every night, but
a small device checking it's heartbeat [slashdot.org] on the serial console could make it look like a 99.9999 system...

base station / stereo component question

I want a cheap low power 80211.b / USB device with no fan noise to which I can hook up an external drive and the soundblaster extigy and run an mp3 player off it. Can I have that? Does this get me closer?

Spare me.

The "All your base" crap as the slogan is enough to make me never look at this software.

Linux on apple airports

This guy got linux on his airport, only 2.2, but i'm sure it'd be no problem to upgrade to 2.4ness.

http://www-hft.ee.tu-berlin.de/~strauman/airport /a irport.html

pretty cool

nocat

So... we could load up nocat, config it for our users, then resale them to the community to build our community net.... how cool
http://nocat.net/

Linux for the Airport

There is a port [tu-berlin.de] of linux to the Apple Airport Base Station as well. However, it requires the use of a dhcp & tftp server, as well as the Java-based Airport admin tools [drexel.edu].

Re:802.11b ?

Wireless.. sorry I dont have any rfcs on me... use google....

Re:802.11b ?

802.11b is wireless LAN. 11Mbit (With fallback to 5 and 2). A good reference is Nokia since they produce a complete setup.

Nokia Wireless LAN [nokia.com]

I'm using (Nokia) 802.11b for all my home stuff now. No more cables running across the floor (This is really a wife pleaser :). Even my printers are connected on a miniport (To a jet direct box) and mounted on a little mobile table.

Re:Airport Killer!!

Why is this an airport killer? The airport base station is easy to configure, easy to use, and the new one even has a trusted lan connection that you can set other permissions to. There's windows/linux software to configure it.

Why would I run this linux thing over the OS that's already on the Airport, an OS that's specifically designed for this operation.

Re:So?

> I've got a pacemaker that runs Linux. Beat that.

You know, that could really put the "panic" back in "kernel panic".

/August.

Re:802.11b ?

http://www.netstumbler.com
http://pasadena.net/vacation/

Re:802.11b ?

IEEE 802.11b is an international standard for local area wireless networking, analogous to 802.3 for wired Ethernet. The folks at IEEE have been nice enough to make the standard document available for free, at the following page:

http://standards.ieee.org/getieee802/802.11.html [ieee.org]

Most of the rest of the information around the 'net just paraphrases or simplifies the content from this document. Check this out for the real meat.