So Cal Free Net.org

We decided to use Pebble for the client end of the relay - in part because it was the only distro we tried that would recognise the Atheros-based radio card.

First you'll need a compact flash with pebble. For this you'll need a Linux system and a CF adapter that works with it (we used the 'test' release of Debian's Sarge version). Then follow the instructions in the pebble readme. If you follow the directions it works great. This is not trivial for a Linux newcomer, so get help if need be.

Now plug your Soekris into a serial port, run a suitable terminal program (like Tera Term) set it to 19200 baud and fire it up. Iinterrupt the boot sequence within 5 secs with Ctrl-P and then enter the following commands:

set conspeed 9600
set pxeboot disabled
set bootdelay 2

The console speed is set to match the default pebble console speed. Disabling PXE boot seems like a good idea. And the minimum 2 seconds boot delay shaves 3 seconds off the boot time.

Now power off the Soekris, plug the flash card into it and power up again, or type 'reboot' if you already have the card installed. Change your terminal program speed to 9600 and (hopefully) watch the pebble boot sequence unfold. Now we're ready to configure Pebble.

What we're trying to achieve is:

• 802.11a radio is a client to the remote AP. Thus it will need an address on the 10.0.0.x subnet. We chose arbitrarily chose 10.0.0.129. The AP at the other end of the link is at 10.0.0.128/24 with MAC address of 00:20:a6:47:f9:77.
• We will specify the MAC address of our AP to the client rather than just the SSID for no particular reason other than slight paranoi and to avoid future confusion if we have more APs with the same SSID that it might erroneously connect with.
• On the eth0 interface we want to provide dhcp services at 10.0.3.x and this will be the gateway port at 10.0.3.1.
• We wanted DNS caching/forwarding both to simplify config (it makes the gateway and DNS servers the same which is easier to tell people over the phone if need be) and reduce traffic and load on the central DNS forwarder.
• We do not need nocat for this scenario (we have a captive portal already)

With the above in mind, let's get things set up! Log in to pebble via the serial port (using 'root' and the password you specified when building pebble). Then issue the command:

/usr/local/sbin/remountrw

so that your changes can be saved. Now edit the /etc/network/interfaces file. (I used 'vi /etc/network/interfaces'). Comment out or remove what's there and add the following:

auto lo
iface lo inet loopback

iface ath0 inet static
        address 10.0.0.129
        netmask 255.255.255.0
        broadcast 10.0.0.255
        gateway 10.0.0.1
        up iwconfig ath0 ap 00:20:A6:47:F9:77
# alternatively use
#       up iwconfig ath0 mode managed essid socalfreenet.org 

auto eth0
iface eth0 inet static
        address 10.0.3.1
        netmask 255.255.255.0
        broadcast 10.0.3.255

This tells it that 'ath0', the radio card, will be at 10.0.0.129 on the 10.0.0.x (/24) subnet and its gateway is 10.0.0.1. The iwconfig line tells it to register with the AP specified by the mac address that follows. It then configures the eth0 port for a static IP of 10.0.3.1/24. Save the changes and exit the editor (Shift ZZ in vi).

Now the IPs are specific, but the atheros radio isn't started yet (type ifconfig at the prompt to confirm). Some magic is needed to get it going. At least it seemed like magic to me. I'm sure there's a simpler, more elegant and more correct way to do this, but this is what worked for me. We need to create a new file /etc/rcS.d/S99local and place in it:

#!/bin/sh
modprobe ath_pci
ifup --force -v ath0

Then issue the command:

chmod 777 /etc/rcS.d/S99local

This file will be executed at the appropriate place in the startup sequence and will start the radio card.

April 6 update: Another configuration we've started using is a Soekris 4511 with an 802.11a and 802.11b card. This becomes a combination AP and relay radio in one box. If you're using the miniPCI card, you need to add the following commands to the S99local file:

modprobe hostap_pci
ifup --force -v wlan0

Alternatively, if you use a Soekris 4521 and a PCMCIA 802.11b card as the 2nd card, then you can omit the modprobe hostap_pci line.

For our scenario we wanted to disable nocat. To do this, mount the CF read-write and edit /etc/inittab to comment out the last line where it is started. After editing it should read:

#NC:23:respawn:start-stop-daemon -S -c nocat --exec /usr/local/nocat/bin/gateway -- -F

We're not done yet, but this is a good point to restart and check your work so far. Type:

/usr/local/sbin/fastreboot

to save all the changes made so far to the compact flash and then reboot the Soekris. After logging in, the (trimmed) ifconfig command output will look something like this:

pebble:~# ifconfig
ath0      Link encap:Ethernet  HWaddr 00:20:A6:47:86:7A
          inet addr:10.0.0.129  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:633 errors:0 dropped:0 overruns:0 frame:0
          TX packets:30 errors:7 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:199
          RX bytes:46932 (45.8 KiB)  TX bytes:2062 (2.0 KiB)
          Interrupt:10 Memory:c4895000-c48a5000

eth0      Link encap:Ethernet  HWaddr 00:00:24:C1:8C:34
          inet addr:10.0.3.1  Bcast:10.0.3.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:120 (120.0 b)  TX bytes:0 (0.0 b)
          Interrupt:11 Base address:0x7000

and you should be able to ping the access point:

PING 10.0.0.128 (10.0.0.128): 56 data bytes
64 bytes from 10.0.0.128: icmp_seq=0 ttl=15 time=59.2 ms
64 bytes from 10.0.0.128: icmp_seq=1 ttl=15 time=1.7 ms

--- 10.0.0.128 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 1.7/30.4/59.2 ms

You may see some console output as the atheros card adjusts its rate due to errors:
ath_rate_ctl: 36M -> 24M (0 ok, 2 err, 2 retr). You can avoid this link retraining by specifying a link speed in the /etc/network/interfaces file.
So far, so good. You should now be able to log in using an ssh client on your network. This will be faster than using console, but either works.

Now we can get the machine running correct as a gateway on eth0. Again mount the CF read/write with:

/usr/local/sbin/remountrw

Now add the DNS servers by editing /etc/resolv.conf and replacing the servers listed with your own, e.g.:

nameserver 10.0.0.1
nameserver 64.81.45.2

Now we configure the DNS cache / forwarder. Enter the following commands:

echo 10.0.3.1 >/ro/var/dnscache/env/IP
touch /ro/var/dnscache/root/ip/10.0.3
ln -s /rw/var/dnscache/root/ip/10.0.3 /var/dnscache/root/ip/10.0.3
rm /ro/var/dnscache/root/ip/192.168.*

(Answer 'y' when prompted by rm.). These commands tell the DNS caching program, djbdns which interface to listen on (10.0.3.1) and to provide DNS service for the 10.0.3 subnet.

With the DNS servers configured, we can now setup the DHCP server to hand out DNS server addresses along with local IPs. Edit the file /etc/default/dhcp so it contains the single (non-commented) line:

INTERFACES="eth0"

which tells the DHCP server which interface to operate on. Next, edit the file /etc/dhcpd.conf so it has the ilnes:

option subnet-mask 255.255.255.0;
default-lease-time 600;
max-lease-time 7200;

subnet 10.0.3.0 netmask 255.255.255.0 {
  range 10.0.3.10 10.0.3.99;
  option routers 10.0.3.1;
  option broadcast-address 10.0.3.255;
  option domain-name-servers 10.0.3.1,10.0.0.1;
}

Here we've specified both 10.0.3.1 and the main DNS forwarder 10.0.0.1 both as possible DNS servers. Now save your changes and reboot again:

/usr/local/sbin/fastreboot

After the reboot is complete, you're ready to test your configuration.

Update: Mar 22 2004: It's handy to set the time after getting everything going. In our configuration where our gateway runs an ntp server, you can do this with

ntpdate -u 10.0.0.1
/sbin/hwclock --systohc

This makes the logs much easier to compare with other logs after updating.

Update for Metrix Boxes

Some quick notes now that we're using Metrix boxes for most of our a/b relay/AP installs (mostly for myself so I don't have to remember each time!). Note that Metrix has bind installed and not djbdns.

• set bootdelay 2
• edit /etc/network/interfaces
• edit /etc/default/dhcp to add the interfaces which will have a DHCP server running
• edit /etc/dhcpd.conf so it serves appropriate addresses
• edit /etc/bind/named.conf and uncomment the query-source line and add the forwarders. Also add the line "forward only", not to be confused with the perhaps pre-existing commented out line "forward-only".