Wireless PCI NIC in my freesco box?

If it does not fit any where else, then post it here.
SPAM is not allowed, here or any other forums

Wireless PCI NIC in my freesco box?

Postby Speedy Lan » Thu Aug 25, 2011 3:23 pm

Hello all,

To start off, I have never dabbled in the arcane arts of wireless networking because I have always felt they can not really be made safe and solid.
But, there is always a but, I have been thinking of putting a PCI wireless NIC into my Freesco box, and have this separate network up for testing etc.

So, therefore I have some questions, perhaps someone does know an answer on one of them.

1] Does it work, if I plug in a wireless PCI NIC?
Will Freesco be able to use that as a new network?

2] If I go buy one, what kind of driver does it need to have, if I remember correctly the drivers are .o-files.
Many cards nowadays just support XP, vista and W7, and I guess that there will not be the kind of driver that we need for Freesco.
Perhaps they can emulate some common NIC and we can use the inbuild drivers in Freesco?

3] All those cards they come with setup-software, again, just for windows, is it possible to setup a connection in some other way?

As an example of some possible NIC's I can buy here, I provide 2 links:
http://www.conceptronic.net/site/Deskto ... Pid=C300Ri
http://www.tp-link.com/en/support/downl ... =TL-WN851N

Any reactions are greately appreciated.

Speedy Lan

edit:
One more question:
That NIC will become an Internal network with nothing else on it except for some testing machine or some war-driver that has gained illegal access.
The HTTP-control panel will be a great security risk* , it should not be available on the wireless network, can that be done somehow?

*) I talk like Linton, for those who do not know who Linton is: just be happy and do go look on this comic site:
http://stationv3.com/d/20071205.html
Low lag, High bandwidth 8-)
User avatar
Speedy Lan
Junior Member
 
Posts: 26
Joined: Mon Jan 20, 2003 6:25 am
Location: Zwolle, The Netherlands (Holland)

Re: Wireless PCI NIC in my freesco box?

Postby Lightning » Sat Aug 27, 2011 9:10 pm

1] Does it work, if I plug in a wireless PCI NIC?
Will Freesco be able to use that as a new network?
No, there are no current PCI wireless network cards that will run with FREESCO.
2] If I go buy one, what kind of driver does it need to have, if I remember correctly the drivers are .o-files.
Many cards nowadays just support XP, vista and W7, and I guess that there will not be the kind of driver that we need for Freesco.
Perhaps they can emulate some common NIC and we can use the inbuild drivers in Freesco?
As stated above there are no drivers, however it is possible to run any wireless card in VMware or other virtual machines because then the driver for the base OS is what is used and the VMware environment uses a supported FREESCO driver.
3] All those cards they come with setup-software, again, just for windows, is it possible to setup a connection in some other way?
As stated, only when using a virtual machine environment.
One more question:
That NIC will become an Internal network with nothing else on it except for some testing machine or some war-driver that has gained illegal access.
The HTTP-control panel will be a great security risk* , it should not be available on the wireless network, can that be done somehow?
Yes a simple extra firewall rule for the netwoprk can restrict access to the control panel.

What I strongly recommend over a PCI wireless card is using either an access point or another wireless router connected internally and not through it's external connection. By doing this you maintain all of the various security features that are available through it's own web control panel and you still have control with FREESCO.

By "connected internally" I mean that if it is another wireless router you connect it to one of it's internal rj45 slots rather than the standard Internet port and that you disable all of it's built in services such as DNS and DHCP. You can however still use encryption and MAC address filtering for added security. The only reason for using a wireless router over an access point is price. With quantity based pricing routers are usually cheaper than access points even though they are more complex.

For added network security you can connect it directly to a third network card and block communication between networks. Also a wireless access point or router is always better than a PCI card because they never need drivers regardless of the OS they are connected to and there security features are much easier to use over driver based security.
If you are afraid that you might make a mistake. The chances are high that you will never learn anything.
User avatar
Lightning
FREESCO GOD !!
 
Posts: 3045
Joined: Wed Nov 14, 2001 6:50 am
Location: Oregon, USA

Re: Wireless PCI NIC in my freesco box?

Postby Speedy Lan » Mon Aug 29, 2011 9:45 am

Oh many thanks for the info, Lightning.

I will go have a look at access points then.
I think I have an old one lying around, but it has crappy security.
So I would definitely need this simple extra line:

Yes a simple extra firewall rule for the network can restrict access to the control panel.


Would you maybe be so kind as to tell me how and where?

I will connect it to the 2nd internal network and assume it will be completely open and unprotected.

TIA for your response.

Speedy Lan
Low lag, High bandwidth 8-)
User avatar
Speedy Lan
Junior Member
 
Posts: 26
Joined: Mon Jan 20, 2003 6:25 am
Location: Zwolle, The Netherlands (Holland)

Re: Wireless PCI NIC in my freesco box?

Postby Lightning » Sat Sep 03, 2011 12:00 pm

The line you need will go into the rc_user file

edit /rc/rc_user
Code: Select all
$fire)
   ipfwadm -I -a reject -P tcp -W eth2 -D 192.168.2.1 82
   ;;
rc_masq restart

The above assumes that the wireless interface is connected to eth2 and that the IP address on that interface is 192.168.2.1 and that the control panel is on port 82

As for security, most wireless units even old ones have "wep" encryption and a lot also have MAC address filtering and with both enabled they are reasonably secure, at least from standard users.
If you are afraid that you might make a mistake. The chances are high that you will never learn anything.
User avatar
Lightning
FREESCO GOD !!
 
Posts: 3045
Joined: Wed Nov 14, 2001 6:50 am
Location: Oregon, USA

Re: Wireless PCI NIC in my freesco box?

Postby Speedy Lan » Mon Sep 05, 2011 9:42 am

Thanks Lightning!

I am so very glad that you posted this info, I have been studying a whole Saturday on this and I could not get it to work.
It is driving me nuts at times. :roll:

I did put in your line:
Code: Select all
 ipfwadm -I -a reject -P tcp -W eth2 -D 192.168.2.1 82 901
(I added the 901-port for the samba swat screens)

and it does make the admin-screen on 192.168.2.1 un-accessible but the one on the 1st network can still be reached.
Even though I have made the 2nd network UNTRUSTED and when that not did work, I made both the 1st and the 2nd networks not trusted.
Still I can access the admin screen on 192.168.1.1 from my PC on 192.168.2.10.

Because of this reason I have been trying to make a rule like this:
Code: Select all
# ipfwadm -I -i reject -P tcp  -S 192.168.2.0/24 82 901

in order to block those ports coming from the 2nd network, but that does not work either.

If the 2nd network, 192.168.2 is not trusted, then it should NOT be able to go onto 192.168.1.1 right?
Is my freesco broken, perhaps?

Why does it not work when I want to block the source 192.168.2.0/24 ?
It does block on 192.168.2.1 but not on 192.168.1.1 when I make it an Output-rule, however.

So far I have not been able to get the admin screen on 182.168.1.1 to be blocked from the 192.168.2.0 network.

Code: Select all
                ipfwadm -I -a reject -P tcp -W eth2 -D 192.168.2.1 82 901
                ipfwadm -I -a reject -P tcp -W eth2 -D 192.168.1.1 82 901


OK, this seems to do the trick, i.e. it makes that network 2 can no longer access the admin-screen on port 82 and neither the SWAT-screen on port 901.
However,it does not look like an elegant way to do it.

If someone has some enlightenment other than
http://www.xos.nl/resources/ipfwadm/info/
http://www.fwtk.org/ipfwadm/faq/ipfwadm ... html#ss4.1
http://freescofaq.hopto.org/5_44_en.html
please let me know.
I would very much like to get a grip on this matter.

TIA, Speedy Lan
Last edited by Speedy Lan on Fri Jan 13, 2012 3:25 pm, edited 1 time in total.
Low lag, High bandwidth 8-)
User avatar
Speedy Lan
Junior Member
 
Posts: 26
Joined: Mon Jan 20, 2003 6:25 am
Location: Zwolle, The Netherlands (Holland)

Re: Wireless PCI NIC in my freesco box?

Postby Lightning » Mon Sep 05, 2011 5:47 pm

The "untrusted" network option simply does not allow forwarding of information between the two networks. It does not effect any interfaces directly on FREESCO and thus the problem you are having. So in reality the rules that you are using are correct for your purpose.
Code: Select all
                ipfwadm -I -a reject -P tcp -W eth2 -D 192.168.2.1 82 901
                ipfwadm -I -a reject -P tcp -W eth2 -D 192.168.1.1 82 901
If you are afraid that you might make a mistake. The chances are high that you will never learn anything.
User avatar
Lightning
FREESCO GOD !!
 
Posts: 3045
Joined: Wed Nov 14, 2001 6:50 am
Location: Oregon, USA

Re: Wireless PCI NIC in my freesco box?

Postby Speedy Lan » Tue Sep 06, 2011 1:22 am

Thanks Lightning,

for again a little more insight in the occult arts of firewalling.
(Occult meaning here just 'hidden'. :) )

I think I am now ready to make it so on my real life freesco box, after doing all the tests in the Virtualbox.
Low lag, High bandwidth 8-)
User avatar
Speedy Lan
Junior Member
 
Posts: 26
Joined: Mon Jan 20, 2003 6:25 am
Location: Zwolle, The Netherlands (Holland)


Return to Other Discussions

Who is online

Users browsing this forum: No registered users and 0 guests