What is a good method of encryption, then? What method do you recommend for a small office running wireless to use in order to protect them from outside sniffing/intruding?

In reply to the first question, I've only ever used WEP with a hexadecimal key, I could look into how passphrasing works, but really you could do just as good a job as me.

As far as locking down a small office... I hate to say it, but really, a VPN, which can be a bit of a headache to setup. Or, alternatively, if you have control of the cards, a MAC address oriented dhcp server and service denial built into your ipchains/tables based on client... but really that wouldn't protect the other clients out there. Wireless can be a great big hastle this way. There are plenty of how-tos over at linux-doc about building a VPN, but no matter what you do, I'd definately set up whatever routing box is dealing with this LAN with tripwire or some other log sniffer and airsnort so you can keep an eye on things.

A lot of the hub-ub about wardriving really is just FUD. The FBI I think it was set up a honeypot wireless LAN in DC, a big wardriving town, a few months back and has only gotten something like two nmap port scans and a few random dhcp requests. It was in the NYtimes, probably still online if you're curious.

Actually, come to think of it, most of the issues with locking down a wlan is more or less the same as a lan. If you get stuck along the way, post back in Security, I'm sure UnSpawn can handle anything you've got.

Sorry I'm not much help on this, my wireless router is a P133 laptop, OUTSIDE of my apartment's firewall and wide open... my friends and neighbors stop by all the time... one of them wishes I could boost the signal so he could browse down by the pool.

Cheers,

Finegan

Restarted PCMCIA services...yay..it came up

I'm running RH 7.3 with a v3 Linksys WPC11, and thanks especially to Finegan, it all works, more or less.

My remaining issue, which might not even be for this forum, is that the card only works when I have logged on as root, or if I have previously logged on as root. Btw, it works right away in the above situations.

I assume I need to put something in a config file, but wireless.opts is only for the iwconfig commands, whereas I think it needs to execute 'ifconfig eth0 up' and the dhcp command.

Thanks again

Thanks to this thread, I got my WPC11 v2. card working in about 30 minutes.

Not sure if it will work but I've been waiting for some more postings on this card since that is what I have. Now, I'm going to upgrade my 7.3 to 8.0 and will attempt to setup my wireless card as well so I'll keep everyone posted.

Wow. I am glad this turned out to be such a useful resource. Finegan is god.

Okay finegan, I think you're the best person to ask. I just wiped redhat and installed Slackware 8.1 on the laptop. I need to know the best place ( in Slack) for the RedHat ifcfg-eth1 equivalent so that it will boot up with a dhcp address on the card. I see that there are some serious differences between Redhat and slack when it comes to the location of the init scripts. By looking under the slack rc.d/ I'm not so sure that the scripts are what they call SysV style init. But I dont know the standards much so I'm not the one to judge that. I'm feeling some kind of distro-shock here, I guess. So where do you put your stuff?

They are way different. You've got it right, RH is sysV init while Slackware uses a BSD-ish style init. The file you're looking for is:

/etc/rc.d/rc.inet1

It has locations to setup the ifconfig info on 2 cards. In the case of a laptop its always going to treat any card loaded as eth0.

wireless specific settings go in /etc/pcmcia/wireless.opts, or barring that, you can just stick them in /etc/rc.d/rc.local

Cheers,

Finegan

Thanks fin.

Here is my current situation

SuSE 8.0
wireless-tools-23-52
pcmcia-3.1.31-107
WPC11 ver 3

After switching to "external" from "kernel" I am starting to make progress. I now hear two nice sounding beeps on startup versus the single thud I used to hear. Card works fine under Windows XP so no hardware issues.

Jan 4 13:01:45 tooger cardmgr[626]: socket 0: Linksys WPC11 11Mbps 802.11b WLAN Card
Jan 4 13:01:45 tooger cardmgr[626]: executing: 'insmod -v /lib/modules/2.4.18-4GB//pcmcia-external/prism2_cs.o'
Jan 4 13:01:46 tooger kernel: init_module: prism2_cs.o: 0.1.13-devel1 Loaded
Jan 4 13:01:46 tooger kernel: init_module: dev_info is: prism2_cs
Jan 4 13:01:46 tooger cardmgr[626]: + Using /lib/modules/2.4.18-4GB//pcmcia-external/prism2_cs.o
Jan 4 13:01:46 tooger cardmgr[626]: + Symbol version prefix ''
Jan 4 13:01:46 tooger cardmgr[626]: executing: './wlan-ng start wlan0'
Jan 4 13:01:46 tooger kernel: prism2_cs: index 0x01: Vcc 5.0, irq 3, io 0x0100-0x013f
Jan 4 13:01:46 tooger kernel: hfa384x_corereset: hfa384x_corereset not supported on pcmcia. Use driver services COR access function instead
Jan 4 13:01:46 tooger kernel: ident: nic h/w: id=0x801b 1.0.0
Jan 4 13:01:46 tooger kernel: ident: pri f/w: id=0x15 1.1.0
Jan 4 13:01:46 tooger kernel: ident: sta f/w: id=0x1f 1.4.2
Jan 4 13:01:46 tooger kernel: MFI:SUP:role=0x00:id=0x01:var=0x01:b/t=1/1
Jan 4 13:01:46 tooger kernel: CFI:SUP:role=0x00:id=0x02:var=0x02:b/t=1/1
Jan 4 13:01:46 tooger kernel: PRI:SUP:role=0x00:id=0x03:var=0x01:b/t=4/4
Jan 4 13:01:46 tooger kernel: STA:SUP:role=0x00:id=0x04:var=0x01:b/t=1/9
Jan 4 13:01:46 tooger kernel: PRI-CFI:ACT:role=0x01:id=0x02:var=0x02:b/t=1/1
Jan 4 13:01:46 tooger kernel: STA-CFI:ACT:role=0x01:id=0x02:var=0x02:b/t=1/1
Jan 4 13:01:46 tooger kernel: STA-MFI:ACT:role=0x01:id=0x01:var=0x01:b/t=1/1
Jan 4 13:01:46 tooger kernel: Prism2 card SN: 99SA01000000
Jan 4 13:01:46 tooger cardmgr[626]: + usage: ./network [action] [device name]
Jan 4 13:01:46 tooger cardmgr[626]: + actions: start check stop suspend resume
Jan 4 13:01:46 tooger cardmgr[626]: + Device <wlan0> not found in stab
Jan 4 13:01:46 tooger kernel: p80211knetdev_hard_start_xmit: Tx attempt prior to association, frame dropped.
Jan 4 13:01:47 tooger kernel: p80211knetdev_hard_start_xmit: Tx attempt prior to association, frame dropped.
Jan 4 13:01:49 tooger /etc/hotplug/net.agent[2418]: No HW description found ... exiting
Jan 4 13:01:51 tooger kernel: p80211knetdev_hard_start_xmit: Tx attempt prior to association, frame dropped.
Jan 4 13:01:54 tooger /etc/hotplug/net.agent[2442]: No HW description found ... exiting
Jan 4 13:01:55 tooger kernel: p80211knetdev_hard_start_xmit: Tx attempt prior to association, frame dropped.
Jan 4 13:01:56 tooger kernel: wlan0: no IPv6 routers present

tooger:/home/jason # cardctl ident
Socket 0:
product info: "The Linksys Group, Inc.", "Instant Wireless Network PC Card", "ISL37300P", "RevA"
manfid: 0x0274, 0x1613
function: 6 (network)

tooger:/home/jason # iwconfig wlan0
wlan0 IEEE 802.11-b ESSID:"non-spec"
Mode:Managed Frequency:2.422GHz Access Point: 44:44:44:44:44:44
Link Quality:0 Signal level:81 Noise level:27
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0

tooger:/home/jason # iwconfig wlan0 essid linksys
Error for wireless request "Set ESSID" (8B1A) :
SET failed on device wlan0 ; Function not implemented.


I think I'm almost there. Please could somebody help me finish the job. Hopefully without any kernel rebuilds if I can avoid it.

Thanks

You are using the linux-wlan drivers so iwconfig and the rest of wireless tools is pretty much useless, especially with 0.1.13. The prism2_cs driver package is just now getting around to correctly supporting kernel wireless extensions. All of the changes to essid, rate, encryption and the like need to be done in the /etc/pcmcia/wlan-ng.opts file and then restart pcmcia to get them to take effect. Also remember to bring the device up:

ifconfig wlan0 up

as it'll default to down.

Cheers,

Finegan

Thanks for the fast answer!

I am still seeing this in /var/log/messages. I think this is the problem or at least a symptom of the problem:

Jan 4 13:01:46 tooger cardmgr[626]: + usage: ./network [action] [device name]
Jan 4 13:01:46 tooger cardmgr[626]: + actions: start check stop suspend resume
Jan 4 13:01:46 tooger cardmgr[626]: + Device <wlan0> not found in stab

Why can it not find wlan0 when cat /var/lib/pcmcia/stab reveals

Socket 0: Linksys WPC11 11Mbps 802.11b WLAN Card
0 wlan-ng prism2_cs 0 wlan0

I appreciate any further help you can give me. I feel I am almost there.

Can one of the guys who've got this locked down post a sample of their ifcfg-ethX file? I want to make sure I have all of the parameters covered.

I have the card coming up now and I am just trying to get it to take an IP address via DHCP. Finn's DHCPCD command is nowhere to be found on my RH 8.0 install...

Thanks!

yzxbmlf,

I wouldn't worry about the mis match between cardmgr and stab. It might have to do with the fact the linux-wlan drivers use a non standard device name, I don't really know, but if that were to be an issue it would come into effect with getting the device recognized, which you've done. Your problem at this point seems to be just association with the router. What did the wlan-ng.opts file turn up?

merana,

RedHat decided to switch clients with 8.0, they use dhclient, invoked with:

dhclient eth0

I don't have an ifcfg-eth file... I use slackware so I've even forgotten how those were put together.

Cheers,

Finegan