"; */ ?>
dd-wrt / hardware / howto / interesting / technology / tutorialsComments Off on Configure Multiple SSIDs with One Router
02
Oct 08

Configure Multiple SSIDs with One Router

One Router Multiple SSIDsA standard “home setup” for the wireless router now days consists of just hosting one Service Set IDentifier – or SSID. And if only a year ago that could seem as a router (firmware) limitation, right now using multiple SSIDs with a single wireless router is just a matter of re-configuration.

Below is a simple guide on how to configure a single affordable (from $25 and up) router, that is available to anybody, to host multiple (up to 16 – at the moment of writing) SSIDs using DD-WRT firmware. In order to install the firmware on the router, follow the official DD-WRT Installation Guide.

Below step-by-step howto is good for any routers that could be found on DD-WRT supported hardware list. Which includes pretty much any “home” router that is out there. Given that DD-WRT is installed, let’s move on to configuring it to host multiple SSIDs.

First let’s look at what we would like to archive as our “end goal”:

Multiple SSIDs by several wireless VLANs served by one router

So what we would like to have is:

  • One router with DD-WRT firmware installed, that hosts 2 (in this example) SSIDs: “Home” and “Guest”

  • Two VLANs where one network (VLAN1) can “see” another (VLAN2), but not other way around.
    What that means is that all “Home” clients (computers that are connected to “Home” SSID) can see (ping/connect to/etc.) “Guest” computers, however none of “Guest” clients can see “Home” computers. (this is a matter of configuration, and can be configured differently, depending on what you need)

Step 1. Setup DHCP server for the “Home” (main) network.

As you can see from the “end goal” diagram above, the “Home” SSID (or VLAN1) has a 10.2.1.0 subnet, and its DHCP client addresses start from 10.2.1.100. Hence that is what needs to be configured on DD-WRT’s “Setup -> Basic Setup” screen (the “Router Local IP” should be set to 10.2.1.1 which would dictate the subnet to be 10.2.1.0):

DD-WRT - DHCP settings

Note that “10.2.1.0” is just an example – you would want to use something that is appropriate for your network – e.g. “192.168.1.0”

Step 2. Setup wireless networks (SSIDs).

Now we need to create two wireless networks – one main network (e.g. “Home”), and one virtual network (e.g. “Guest”). For that go to DD-WRT “Wireless -> Basic Settings” screen:

configure wireless networks with dd-wrt

Enter a desired name for “Physical Interface’s -> Wireless Network Name(SSID)” (this is going to be the main network). You can also stick to the “end goal” diagram above, and enter “Home”.

After that is done, click “Add” to add a “Virtual Interface” and enter its SSID name as well (e.g. you can enter “Guest”). Make sure that the “Network Configuration” is set to “Bridged” as shown on the screen in this step.

Step 3. Configure wireless network security.

In the previous step we configured two wireless networks, now let’s secure them. We will use 128 bit WEP algorithm for both of them due to the reason described in “Step 5”. To accomplish this go to DD-WRT “Wireless -> Wireless Security” screen:

configure wireless security with dd-wrt

Choose “WEP” for “Security Mode”, 128 bits for “Encryption”, enter “Passphrase” and click “Generate” button.

Do it for both networks (Physical and Virtual Interfaces)

Step 4. Setup a virtual interface, and its DHCP settings.

Now we will set the bridge for the virtual network – “Guest” (or VLAN2) from the “end goal” diagram above. For that go to DD-WRT “Services -> Services” screen:

Configuring DNSMasq and DHCP for virtual network

Find “DNSMasq” section, enable “DNSMasq”, and in “Additional DNSMasq Options” enter:

interface=br1
dhcp-range=br1,192.168.2.100,192.168.2.149,255.255.255.0,1440m

This would create a DHCP server for the virtual (“Guest”, VLAN2) network.
“192.168.2.100” is again – just an example, you can use any subnet that suits your needs.

Step 5. Setup firewall rules and a startup script.

This is the most complex step, that makes many network administrators confused, and regular people to give up on DD-WRT multiple SSID configuration. But don’t worry :) – below is a “copy/paste”, working deal.

Go to the DD-WRT “Administration -> Commands” screen:

Setting up firewall rules and a startup script for multiple SSIDs - DD-WRT

Enter the following firewall rules to the “Firewall” section:

##BRI1
iptables -I INPUT -i br1 -m state --state NEW -j logaccept
iptables -I FORWARD -i br1 -o vlan1 -m state --state NEW -j ACCEPT
 
#below keeps the two networks from talking
iptables -I FORWARD -i br0 -o br1 -j logdrop

Enter the following commands to the “Startup” (it is a startup script that executes when the router starts up):

##MOVES VIRTUAL WIRELESS TO OWN BRIDGE
brctl addbr br1
brctl delif br0 wl0.1
brctl addif br1 wl0.1
ifconfig br1 192.168.2.1 netmask 255.255.255.0
ifconfig vlan2 up
brctl addif br1 vlan2
ifconfig br1 up
 
##FIX NAS. Here NAS is disabled, cause it is NOT used for WEP, and these wifi networks will use WEP (for now)
killall nas
nas -P /tmp/nas.wl0lan.pid -H 34954 -l br0 -i eth1
nas -P /tmp/nas.wl0.1lan.pid -H 34954 -l br1 -i wl0.1

Here is where it gets interesting… Remember in “Step 3”, when configuring wireless security, we chose WEP? That was done because the current DD-WRT firmware “v24-sp1 (07/27/08) micro”, that is used at the moment of writing, has a bug in starting NAS, which is a proprietary binary tool that sets up dynamic encryption (WEP/WPA) on wireless devices.

UPDATE (12/22/2008):
           Tried "v24-sp2" (09/26/08 std - build 10431M VINT Eko) for WRTG54GL v1.1 router -
           WPA worked with multiple (tried 2) SSIDs.

In a startup script above, we start NAS in “vanilla” mode for “eth1” (the main network) and for “wl0.1” (guest, virtual nework), and therefore we are using WEP for both networks.

The only line from above startup script that you might want to change is:

ifconfig br1 192.168.2.1 netmask 255.255.255.0

Here “192.168.2.1” is, again, an example, so if you chose a different subnet for the virtual network (br1), you should enter it instead.

DONE!
Now you can save all the changes and restart the router. You should be good to go!
If you have any questions or comments, you are welcome to address them below in the “comments” section.

finance / interesting / moneyComments Off on CNN: Bankruptcy, Not Bailout, is The Right Answer
30
Sep 08

CNN: Bankruptcy, Not Bailout, is The Right Answer

Bankruptcy, not bailout, is the right answerI usually keep my blog technical and life oriented, however today, after the “$700 billion bailout deal” did not pass, and White House is cooking up a new deal, I think it is ultra important to convey the message of top US Economists from many US Universities that “This bailout is NOT the answer to the crisis!”.

Here is the official letter that was sent to Congress on Wed Sept 24 2008 regarding the Treasury plan as outlined on that date:

To the Speaker of the House of Representatives and the President pro tempore of the Senate:

“As economists, we want to express to Congress our great concern for the plan proposed by Treasury Secretary Paulson to deal with the financial crisis. We are well aware of the difficulty of the current financial situation and we agree with the need for bold action to ensure that the financial system continues to function. We see three fatal pitfalls in the currently proposed plan:

1) Its fairness. The plan is a subsidy to investors at taxpayers’ expense. Investors who took risks to earn profits must also bear the losses. Not every business failure carries systemic risk. The government can ensure a well-functioning financial industry, able to make new loans to creditworthy borrowers, without bailing out particular investors and institutions whose choices proved unwise.

2) Its ambiguity. Neither the mission of the new agency nor its oversight are clear. If taxpayers are to buy illiquid and opaque assets from troubled sellers, the terms, occasions, and methods of such purchases must be crystal clear ahead of time and carefully monitored afterwards.

3) Its long-term effects. If the plan is enacted, its effects will be with us for a generation. For all their recent troubles, America’s dynamic and innovative private capital markets have brought the nation unparalleled prosperity. Fundamentally weakening those markets in order to calm short-run disruptions is desperately short-sighted.

For these reasons we ask Congress not to rush, to hold appropriate hearings, and to carefully consider the right course of action, and to wisely determine the future of the financial industry and the U.S. economy for years to come. ”

Signed (updated at 9/27/2008 6:00PM CT) by 231(!) Top US Economists – go here to see all the signatures.

Although my personal opinion is that US Government instead of just give could possibly lend money to “unfortunate” corporation with a very high interest rate, CNN published a great article by Jeffrey A. Miron, a senior lecturer in economics at Harvard University, that suggests that US should not use US taxpayers money to bailout these “unfortunate” corporations at all.

some of the quotes from the article:

“Bankruptcy does not mean the company disappears; it is just owned by someone new (as has occurred with several airlines). Bankruptcy punishes those who took excessive risks while preserving those aspects of a businesses that remain profitable.

In contrast, a bailout transfers enormous wealth from taxpayers to those who knowingly engaged in risky subprime lending. Thus, the bailout encourages companies to take large, imprudent risks and count on getting bailed out by government. This “moral hazard” generates enormous distortions in an economy’s allocation of its financial resources.”

“Further, the current credit freeze is likely due to Wall Street’s hope of a bailout; bankers will not sell their lousy assets for 20 cents on the dollar if the government might pay 30, 50, or 80 cents.”

“The costs of the bailout, moreover, are almost certainly being understated. The administration’s claim is that many mortgage assets are merely illiquid, not truly worthless, implying taxpayers will recoup much of their $700 billion.”

“The right view of the financial mess is that an enormous fraction of subprime lending should never have occurred in the first place. Someone has to pay for that. That someone should not be, and does not need to be, the U.S. taxpayer.”

hardware / howto / linux / network / tutorials / ubuntuComments Off on Sure Way to Restart a Wireless Network
29
Sep 08

Sure Way to Restart a Wireless Network

linux penguin is watching windows fly

While wireless signal is good, the network is dead – why is that? Many reasons, of course. You can spend time to figure out the reason and then try to fix, which is a good approach, but requires some time. Or you can restart the network to see if it resolves the issue, and if it does – forget that the problem ever existed.

However the way to restart a wireless network is not always “black and white”. Sometimes it is possible using GUI, and sometimes by typing something that means “network service restart”. And yes these ways are “clean”, but have a drawback – they rely on operating system to do what it suppose to do and restart the network.

However, OS does not always behave (yes, Linux does not always behave, along with Mac, and Windows, and “any” OS.. ). But here is a sure way to restart it – you would need to get down to the driver level though – to be less OS (or distribution) specific. But I’ll guide you through, don’t worry..

So, the signal is full/good/strong:

wireless signal is good
but there is no network:

$ ping -c 4 google.com
ping: unknown host google.com

First thing to do is to see what wireless card you are using:

$ lspci | grep -i network
08:00.0 Network controller: Intel Corporation PRO/Wireless 3945ABG Network Connection (rev 02)

In my case it is Intel 3945ABG. Next, check what driver is used for this card. I did a simple google search, and saw that the driver is “ipw”something.

Let’s see what ipw-like modules/drivers are currently running/loaded:

$ modprobe -l | grep ipw
/lib/modules/2.6.20-17-generic/kernel/ubuntu/wireless/ipw3945/ipw3945.ko
/lib/modules/2.6.20-17-generic/kernel/drivers/usb/serial/ipw.ko
/lib/modules/2.6.20-17-generic/kernel/drivers/net/wireless/ipw2200.ko
/lib/modules/2.6.20-17-generic/kernel/drivers/net/wireless/ipw2100.ko

Here it is “ipw3945”. Let’s kill it (-r stands for “remove”):

$ sudo modprobe -r ipw3945

Let’s start it back up:

$ sudo modprobe ipw3945

Checking connectivity:

$ ping -c 4 google.com
 
PING google.com (64.233.187.99) 56(84) bytes of data.
64 bytes from jc-in-f99.google.com (64.233.187.99): icmp_seq=1 ttl=238 time=43.3 ms
64 bytes from jc-in-f99.google.com (64.233.187.99): icmp_seq=2 ttl=238 time=28.9 ms
64 bytes from jc-in-f99.google.com (64.233.187.99): icmp_seq=3 ttl=238 time=27.7 ms
64 bytes from jc-in-f99.google.com (64.233.187.99): icmp_seq=4 ttl=238 time=34.7 ms
 
--- google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 27.742/33.685/43.323/6.165 ms

Perfect!

digg / interesting / web 2.0Comments Off on How to Digg at Work
24
Sep 08

How to Digg at Work

work, digg, life...

How many people do digg at work? Do you do it? The answer to this is mostly “YES”; sometimes, the answer is “NOT OFTEN”, in order to avoid “YES”; and the most rare answer is “NO”. And only sometimes, now days in 21st century, the answer could be “WHAT THE HECK IS DIGG!?”

However 99% of people will have no difficulties with answering the question “Do you work?”. That is due to the fact that “WORK” has been defined for a way longer period of time than “DIGG”. And most of the time, unless employed by Digg, its competitors, or “ Times Magazine”, DIGG and WORK do not go together. Therefore employees do not like to be caught by their managers and supervisors while reading fresh news from the Digg’s first page.

But there is nothing wrong with spending some time reading DIGG at work. In fact it can, and most of the time will boost the productivity, if not abused, and done right – really! According to our friend Albert Einstein, there is nothing as innovative and productive as taking 10-15 minutes breaks. And Albert generally knew what he was talking about. :)

A wise man once told me: “The secret to creativity is knowing how to hide your sources” (I believe it was also Einstein) – so here is a simple way of using Digg at work without causing any suspicion.

Lynx – is the answer to creating “work and digg” balance, and can be used to read pretty much any website, not only Digg. It is available on windows, Mac, comes pre-installed with most distributions of Linux, and according to its documentation is available for other platforms as well.

Here is what reading Digg at work using Lynx web browser would look like:

Reading Digg.com with Lynx Web Browser

Colors of the terminal could be changed to blend in better with the Desktop, and applications mostly used, which will depend on the nature of the job. Lynx is very easy to navigate – mostly just by using “up down left right” arrows, and is considered “work safe” – it is a simple text after all.

Boost your work productivity, and… happy Digging!

what else is interesting about digg: How does Digg Make Money?

eclipse / howto / java / linux / software / sun / technologyComments Off on Reset Lost Password in Sun Application Server
15
Sep 08

Reset Lost Password in Sun Application Server

Sun Application Server Password ResetHappens to the best of us, less with system admins more with developers. But we are all human, and believe it or not we DO forget and loose passwords at least once every so often. Some time ago I wrote a tutorial on how to reset lost root password in mysql, and here is another similar tutorial on how to reset the lost domain password but this time for Sun Application Server.

Before going any further with this article, please first check “.asadminprefs” file:

cat /home/toly/.asadminprefs
 
AS_ADMIN_USER=admin
AS_ADMIN_PASSWORD=YourSecretPasswordInTextHere!

the admin password could be there

If it is not there, there are two ways to reset it:

  • Reinstall or recreate the affected domain.
  • Create a new dummy domain and copy its security key file over to the real domain to substitute the password.

Below is an explanation for the second approach (in case when “reinstall or recreate affected domain” is not an option):

Given:

 >   Sun App server is installed in                 "/opt/SUNWappserver"
 >   Domain to which the password is lost:   "domain1"

Step 1. Creating a new dummy domain

/opt/SUNWappserver/bin/asadmin create-domain --adminport 7070 --adminuser admin --instanceport 7071 dummy-domain
 
Please enter the admin password>password
Please enter the admin password again>password
Please enter the master password>password
Please enter the master password again>password
 
Domain dummy-domain created.

Step 2. Copy dummy-domain’s “admin-keyfile” to domain1’s “admin-keyfile”

cp /opt/SUNWappserver/domains/dummy-domain/config/admin-keyfile  /opt/SUNWappserver/domains/domain1/config/admin-keyfile

now the password for domain1 is “password” – DONE :)

Step 3. Deleting the dummy domain

/opt/SUNWappserver/bin/asadmin delete-domain dummy-domain
Domain dummy-domain deleted.

NOTES:

The above is true for Sun’s Application Server 8.x and later.

For Sun’s Application Server 9.x check out “change-admin-password

← Older Entries
Newer Entries →