[[Mathias Chauvin]] - IT stuff

For some any reasons, you need to get a wireless access point running (let say you router or ISP box has just failed)
If you have a spare laptop and an Atheros based wireless card (a Cisco AIR-CB21AG-E PCMCIA is that great!), then you’re in luck.

1/ What is needed?
In order to create the wireless access point, the laptop will run Debian GNU/Linux.
The wireless adapter will be used in Access Point mode. In order to do so, hostapd daemon will be used.
Then, in order to run the router, iptables rules will need to be setup.

2/ Install Debian GNU/Linux and configure the OS and network
Get the latest Debian GNU/Linux installer and install Debian GNU/Linux on the spare laptop.
Install hostapd and shorewall:

root@wap:~# apt-get install hostapd 
root@wap:~# apt-get install shorewall shorewall-doc

3/ Configure hostapd
The example hostapd.conf file is quite long, detailed and full of options. But you can make it light and quick, as described here.
Note that this is working for an Atheros based Wireless adapter, and in this case, the interface is known as wlan1 on the system.

root@wap:~# cat /etc/hostapd/hostapd.conf
interface=wlan1
driver=nl80211
ssid=TheNameOfTheWirelessNetwork
auth_algs=1
channel=1
hw_mode=g

wpa=1
wpa_passphrase=ThePassphraseOfTheWirelessNetwork
wpa_key_mgmt=WPA-PSK
wpa_pairewise=CCMP
ignore_broadcast_ssid=0

Edit the hostadp default file to let the daemon know about its config file:

root@wap:~# cat /etc/default/hostapd 
# Defaults for hostapd initscript
#
# See /usr/share/doc/hostapd/README.Debian for information about alternative
# methods of managing hostapd.
#
# Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration
# file and hostapd will be started during system boot. An example configuration
# file can be found at /usr/share/doc/hostapd/examples/hostapd.conf.gz
#
DAEMON_CONF="/etc/hostapd/hostapd.conf"

# Additional daemon options to be appended to hostapd command:-
# 	-d   show more debug messages (-dd for even more)
# 	-K   include key data in debug messages
# 	-t   include timestamps in some debug messages
#
# Note that -B (daemon mode) and -P (pidfile) options are automatically
# configured by the init.d script and must not be added to DAEMON_OPTS.
#
#DAEMON_OPTS=""

4/ Configure shorewall
This part is the simplest ever, thanks to Shorewall contributors…
If you remember what you’ve just done in step 2, you’ve installed both Shorewall and the Shorewall docs.
In these docs, you’ll find an example of a two interfaces system, that can easily be configured to route traffic from the wireless adapter to the ethernet adapter (so, from the WLAN to the WAN )

First, copy this example to the shorewall configuration directory:

root@wap:~# cd /etc/shorewall
root@wap:~# cp /usr/share/doc/shorewall/examples/two-interfaces/* .

Then edit the files to match your network configuration. In my scenario, eth0 is the ethernet adapter connected to the WAN, wlan1 is the wireless adapter acting in Access Point mode.
Here below, the file that have been modified as compared with the example:

root@wap:/etc/shorewall# cat interfaces
#ZONE	INTERFACE	BROADCAST	OPTIONS
net     eth0            detect          dhcp,tcpflags,nosmurfs,routefilter,logmartians
loc     wlan1           detect          tcpflags,nosmurfs,routefilter,logmartians

root@wap:/etc/shorewall# cat routestopped 
#INTERFACE	HOST(S)                  OPTIONS
wlan1		-

To have shorewall starting on boot, edit the /etc/shorewall/shorewall.conf and change the line

STARTUP_ENABLED=No

to

STARTUP_ENABLED=Yes

“Et voilà"! Enjoy!!!

I’ve just upgraded an Ubuntu VM from 9.10 to 10.04 LTS running in Oracle VirtualBox 3.2.6.
When trying to install the Guest Additions, I’ve been facing a non returning script, and a guest which did not allow a higher resolution than 800x600.

I’ve figured out that the Ubuntu machine was missing the DKMS package.
So in order to have the Guest Additions operational in an Ubuntu 10.04 VM (after a dist-upgrade), make sure to install DKMS:

[user@ubuntu1004:~] sudo apt-get install dkms

While trying to upgrade a CheckPoint SmartCenter running SPLAT (SecurePlatform) on a Dell PE2950, I’ve been facing a few issues.
The Dell PE2950 on which I’m running CheckPoint has a DRAC controller and an IDE CD/DVDrom drive.

The first issue was linked to the IDE CDrom drive, not able to run the installer of CheckPoint. Therefore, the ISO file of the Installation CDrom has been used from the DRAC virtual media.

The second issue is still linked to this IDE CDrom drive. If enabled, then two cdrom devices are created under the SecurePlatform OS, preventing the use of

patch add cd

to do an upgrade.
By default the upgrade process looks for the CD to be /dev/cdrom while both /dev/cdrom and /dev/cdrom1 are available, the first being the IDE CDrom drive, the second being the DRAC Virtual Media.

In order to run the upgrade, the IDE CDrom can be disabled from the BIOS, and the /etc/fstab updated to match the CDrom device to be mounted to /mnt/cdrom (using the expert mode).

A quick remark from a Sun tech guy:

“It is prefered to create a ZFS storage pool using a full disk…”

I was looking for a remote server Serial Number and found out that, when running Windows, WMI has a command line tool which can save you a lot of time!

C:\>wmic /user:administrator /node:remote-host bios get serialnumber