blog

Shorewall Router with Wired and Wireless

I wanted to set up a shorewall router using an Ubuntu 9.04 machine with three interfaces.

1) eth0 – Internet
2) eth1 – LAN
3) ath0 – WLAN

Most shorewall 3 interface tutorials explain how to set up a LAN with DMZ, which doesn’t help me at all. Most wireless shorewall tutorials, on the other hand, describe how to setup shorewall with three interfaces, two zones, and have wireless and wired on separate subnets. I don’t prefer this because, while shorewall will allow wired and wireless to communicate since they are in the same “loc” zone, the separate subnets make things more difficult such as getting samba shares to play nicely.

My solution to this problem was to add the LAN interface and the WLAN interface to a bridge, then masquerade that traffic to the internet. First i installed bridge-utils

#> apt-get install bridge-utils

Next I created my bridge

#> ifconfig eth1 0.0.0.0
#> ifconfig ath0 0.0.0.0
#> ifconfig eth1 up
#> ifconfig ath0 up
#> brctl addbr br0
#> brctl addif br0 eth1
#> brctl addif br0 ath0

Now I assigned an ip adress to my bridge

#> ifconfig br0 192.168.1.1 netmask 255.255.255.0

Now that my bridge was setup I had to configure shorewall. I copied the TWO INTERFACE example in to my /etc/shorewall folder. Notice I’m using the two-interface example since I am only using two interfaces: br0 and eth0. I edited /etc/shorewall/interfaces to include “net eth0″ and “loc br0″ I had to add “routeback” to the options for the br0 interface so that the routing would be handled correctly between the wired and wireless clients. Next i edited the masq file and changed it to say “ath0 br0″. Aside from these two changes you can follow the instructions for a standard shorewall setup with two interfaces found here.

Jetway Mini-ITX J7F4K1G2E-PB as Ubuntu Wireless Router

I bought this board with plans to use it as a router/wireless access point/web server. It handles this very well. It runs at a cool idling temperature and my setup uses only around 18 watts of power. However, there were a few hurdles I had to overcome along the way.

1) The board seems to be picky about memory. The specs said to use DDR2 400. I tried booting with 1GB of gskill, no luck. I was greeted with a screeching beep and no post screen. Next I tried a 512mb Corsair stick and it posted. This little board goes from touching the power button to loading the OS faster than any other board I’ve ever worked with.

2) This board did not like booting from a USB cd-rom drive. I had to change two settings in the bios to get this to work. One for USB storage legacy support, and then change the boot device priority NOT to CD-ROM but USB-CD-ROM. Then I also had to enable legacy USB keyboard support for my keyboard to be recognized.

Next I Installed Ubuntu Server 9.04 on a 2.5 hdd and rebooted. There were a few tweaks that needed to be made in order for the system to work the way I wanted.

1) I wanted to use the board as an access point so I chose a D-Link WDA-2320 wireless G PCI Card. It has the Atheros AR5212 chipset which supports Access Point/Master mode (Monitor and Injection also). In order to put the card in access point mode I had to tell ubuntu not to load the ath5k driver by placing the following at the bottom of /etc/modprobe.d/blacklist.conf

Blacklist ath5k

This might not have been needed but I also added to /etc/modules

ath_pci

which makes sure the madwifi drivers get loaded at boot time.

2) This board has a nasty speaker on it that makes a really loud annoying system beep so to take care of that I also added to /etc/modprobe.d/blacklist.conf

blacklist pcspkr

Now with those things in place it was time to set up the routing. I installed hostapd to manage wireless connections. The only lines I had to edit in the config were interface, driver, bridge, and the WPA settings. Most tutorials tell you to put your wired and wireless networks on different subnets. I don’t like this proposal. I’d rather have my wired and wireless on the same subnet similar to most commercial wireless routers. To accomplish this, I created a bridge using the bridge-utils package, added my LAN and WLAN interface to the bridge. Then masqueraded all traffic from that bridge to my other interface (internet). I installed dnsmasq to hand out ips to everthing on the bridge. For details on setting up Shorewall to manage the three interfaces see my other post here.

Ubuntu 9.04 and XBMC on the ZOTAC IONITX-C-U

I recently picked up a Zotac IONITX-C-U.  This board caught my attention because it is fanless, low-power, and has a plethora of outputs available for such a small footprint.  My plans for the board were to build a media pc to use in my living room.  In this post I’ll be describing the process required to make it happen.

I’m going to assume that if you’re reading this post you are somewhat familiar with putting a pc together from scratch.  The build process was uneventful for the most part, with one exception.  This board has an on board power supply and comes with an ac-adapter.  On the board there is a four-pin molex connector into which you plug a pig tail with 3 sata power plugs on it.  The people at Zotac probably assume that this board will be placed in a tiny case to make use of it’s small size requirements, so this pig-tail is only about 6 inches long.  In other words, if your hard drives are going to be more than 6 inches from this plug you’re out of luck.  That being said, we’ll move on.

After getting the board installed in the case I powered it on and installed Ubuntu Jaunty 9.04 from an external usb dvd drive.  The installation was completely painless, and in no time I was looking at an Ubuntu Gnome desktop.  I next allowed Ubuntu to install all the latest updates.  I was surprised however, that I had not been bothered about installing restricted Nvidia drivers.  This is because, at the time of this post, Ubuntu did not recognize the Nvidia ION chipset this board shipped with.  I went to the Nvidia website and downloaded the latest linux driver for the ION Chipset.  The version I downloaded was 185.18.14.  I saved the file to my desktop and did chmod 755 <filename> to make the file executable.  In order for the driver to be built you will need the package “build-essentials” installed so from a terminal window type “sudo apt-get install build-essentials.”  Next, in order to install the drivers you have to stop your xserver so I opened a terminal and typed “sudo /etc/init.d/gdm stop.”   This dropped me to a shell prompt.  I then logged in as my user changed to my desktop directory where I saved the file and ran “sh  <filename>.”  The installer will attempt to download a kernel module pre-complied for your kernel but if it can’t find one it will have to build one so I let it do that.  At the end I let it update my xorg.config file and then restarted my xserver by typing “sudo /etc/init.d/gdm start.”  Now I was greeted with my desktop once again except this time with display effects provided by the Nvidia graphics drivers.

In order to install the latest version of XBMC I followed the instructions on this page.  Then typed “sudo apt-get install xbmc”  and xbmc was installed.  I wanted to be able to control the box with a IR remote so I installed “lirc” by typing “sudo apt-get install lirc,” then specifying which remote I would be using.

Now XBMC was up and running so lets talk performance.  I primarily will be using this box for playing 720p mkv files and listening to music.  The first file I tried to play caused the cpu usage to go up to about 60%.  However, XBMC now supports VDPAU so I enabled that by changing Settings->Video->Player->Rendering->VDPAU.  To my amazement, the cpu usage dropped to 6-9% usage while watching the same file!  It handled the playback beautifully as well with no dropped frames or quality issues.

So far I’ve been very impressed with this little board.  I’m sure I’ll find many more uses for this box in the future.