Date: Thu, 10 Feb 2011 11:20:15 -0800 From: Jeremy Chadwick <freebsd@jdc.parodius.com> To: Boris Kochergin <spawk@acm.poly.edu> Cc: freebsd-net@freebsd.org Subject: Re: Reliable PCI wifi cards, and layer 7 filtering Message-ID: <20110210192015.GA64265@icarus.home.lan> In-Reply-To: <4D541B0C.6000909@acm.poly.edu> References: <20110210155622.GA60117@icarus.home.lan> <4D541B0C.6000909@acm.poly.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Feb 10, 2011 at 12:06:20PM -0500, Boris Kochergin wrote:
> On 02/10/11 10:56, Jeremy Chadwick wrote:
> >(I was considering cross-posting this to freebsd-pf but decided against
> >it, instead starting here first. Please keep me CC'd as I'm not
> >subscribed to freebsd-net)
> >
> >I'm looking into the possibility of using my home FreeBSD box as my home
> >firewall/NAT box, to replace my Linksys E2000 router (which runs Linux,
> >specifically the TomatoUSB firmware).
> >
> >I plan on using pf for the NAT and firewall layer. ipfw will not be
> >used (I have long since moved away from it). I've got solutions for
> >everything except two items:
> >
> >1) Wireless hardware support
> > - What consumer PCI cards are known to be reliable and have good
> > support on FreeBSD? It looks like anything that relies on ath(4)
> > might be a good choice, but I'm not sure what specific chipset is
> > considered decent/worthwhile, or if there's a specific model of
> > card from Vendor X(tm) which works great.
>
> I have a ton of Atheros 5212s deployed as access points. They are
> solid. Some field-tested implementations:
>
> - Netgear WPN311NAR
> - D-Link WDA-2320
Thank you very much -- exactly the kind of answer I was hoping for.
Sadly, neither of these products are manufactured and have been EOL'd
per the vendors. This doesn't sound like a wise purchase (for me
anyway). See below however.
> > - The card and driver need to support both 802.11b and 802.11g
> > simultaneously. 802.11n (for the future) would also be good.
>
> Simultaneous 802.11b and 802.11g works, but the 5212 chipset does
> not support 802.11n.
This helps a lot, thank you!
I dug around and it looks like the D-Link DWA-547 uses the AR5416
chipset, which is supported per ath(4)'s man page. This card also
offers 802.11n, but I'm not too focused on that at this point.
There's also the D-Link DWA-552 which uses the AR5416, but I see on some
Mac forums people are getting very frustrated with it (who knows what
the driver on OS X is like compared to FreeBSDs though; I imagine ours
is much more reliable). Anyway, getting 802.11b and 802.11g working
would be a fantastic start. I imagine if I have issues with the 802.11n
piece (when I get there) I can talk to Adrian about it.
> > - Driver or OS needs 128-bit WEP -- this is not a joke, I really do
> > have devices which do not do WPA or WPA2.
>
> This works.
>
> > - MAC address filtering is needed too, but it looks like that's
> > already available (looking at ifconfig(8) man page).
>
> Indeed.
Awesome. Perfect.
> >2) Layer 7 filtering
> {snipping your response -- but thank you VERY MUCH for it}
As it turns out, I realised I can solve this in an indirect way: by
simply using a different piece of software that doesn't pull in the ads.
The software I'm referring to is Yahoo Messenger and Windows Live, by
the way. By switching to Miranda IM, I can avoid all of this. Pshew!
Time for me to make some hardware purchases and give things a shot.
Today so far has been super horrible for me (fighting with my landlord
and neighbours over stupid stuff, resulting in my loss of sleep, and
some family matters), so the above information is surprisingly a very
positive moment for me.
I'll probably blog about my experience migrating from the E2000 to
FreeBSD. It'll be a learning experience for sure, but a fun one. First
time I've ever delved into the wireless AP world too...
--
| Jeremy Chadwick jdc@parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110210192015.GA64265>