Linux Firmware For Some 802.11b Access Points

drwho writes "This just unveiled at the BAWUG meeting tonight: Linux firmware for Access Points. Check this URL for more info. I haven't tried it yet but it looks great!" The upshot is that certain Access Points can be flashed with a stripped-down Linux system, which makes them more flexible than they'd be under the included firmware. There are even some screenshots of a modded access point booting up.

2.4.x

[tulare]

A quick thought - iptables on an access point? That I like. Think of all the possiblities...

Re:2.4.x

[tulare]

Not a bad point, actually. I don't imagine that you could run all the packets through some 500-line list of various netfilter errata. What I had in mind would be more like

1. iptables -A INPUT -s --source-mac [mac address of my allowed devices] -j ACCEPT
2. 
   iptables -P INPUT DROP
   iptables -t nat -A POSTROUTING -o [er, whatever the interface is called] -j MASQUERADE

Not neccessarily complete or accurate in terms of syntax, but you get the gist. Nothing requiring too much memory usage, but enough to ensure you can limit the use of the access point to trusted devices.

Re:2.4.x

[Nectar]

Screw WEP anyway. You don't need anything special on the access point for IPsec: just configure your mobile units to use IPsec, and tunnel through some other host or use transport mode.

Re:firewall replacement

[linzeal]

Underclock the proc and run it without a fan but get a big cheap socket 7 heatsink and get an rpm adjustable fan that will rev up and down according to a temparture probe included. I have an amd 500mhz underclocked to 375mhz without a fan that runs my firewall.

Hmm, security?

[RC514]

After the initial install with the SRAM card the access point can be upgraded over the network.

Does that mean the vendors of access points do not write protect the operating system on the hardware level? Or are future modifications only possible when the jumper remains in the upgrade position? If the jumper becomes meaningless after the upgrade, its implementation is a serious design flaw and an undetected rooting waiting to happen.

Re:firewall replacement

[Raptor+CK]

How about this?

Two 10/100 ports, 1 serial port, one Mini-PCI slot, two PCMCIA/CardBus slots.
Granted, it's not out just yet, but you could make it handle wireless, inbound traffic, and two internal segments fairly easily.

The only problem is the dependence on CF. Logging isn't generally a good idea to media that can't handle excessive writes. While a Microdrive would fare better, it would also cost much more.

Can I use this to turn my old notebook into an AP?

[mocm]

I have been looking for a reliable software that can be used to turn a notebook into an AP. There is
a driver for prism2 cards which works well enough, but lacks roaming support and in the latest version
WEP doesn't seem to work.
I had been looking for AP software under Linux, but the prism2 card combined with bridging in the kernel
was all I could find. It works, but could be better.
So, the question is, if I could use this to turn an old notebook into something more usefull. And,
if so, why has it only been announced as Linux for certain AP hardware.

Use serial port for modem backup?

[Fencepost]

One of the features that I like about the MultiTech router/switch I have is that a modem can be hung off the serial port and used as a backup connection. What would it take to do the same with this, and is there a getty out there that would support operating both ways (i.e. use a modem for dialout, but if a terminal was connected instead then allow login).