My struggle to setup a Linksys WRT54GS v.4 in client-bridge mode

The problem

I’ve been fighting for weeks now trying to get my home wireless network to work smoothly. I’m living in an apartment in Ireland, built in the 1970’s, that has concrete walls for every single wall in the house. It does wonders for my wireless signal, and to date the only thing that has provided a decent (albeit not strong) signal in all rooms was a Linksys WAP54G.

I recently purchased my first Mac desktop (the wonderful Apple 27″ iMac with the quad-core i7 chip). It is a brilliant machine, the fastest I’ve ever owned, and I didn’t want to limit it with a slow wireless connection. My partner and I both have Mac laptops as well, and I wanted to see a speed improvement there too. Finally, we both have Wifi enabled phones, I have an iPod, there are a couple of AirPort Express for broadcasting iTunes music and sharing a printer, an AppleTV for renting movies, and a Popcorn Hour A-110 that we stream movies to (using one of the AirPort Express as a bridge).
To improve my network, I went with the latest Apple AirPort Extreme (Simultaneous Dual-Band II). My hope was that I could 802.11n at 5GHz for the Macs, and 802.11n and 802.11g at 2.4GHz for the rest. Unfortunately though, despite MUCH fiddling (trying lots of channels, fiddling with this that and the other, etc.), I kept running into problems. First off, the only place in the apartment where I could get a usable 5GHz signal (decent as defined by sustaining more than 3MiB/s transfers) was at the kitchen table about 5m away from the AirPort (through one wall). In my bedroom (about 10m away from the AirPort and through three walls) where the 27″ iMac is, I usually could get between 24-144Mbps signal (never constant) and could usually sustain around 1.7MiB/s transfers. And, I could not for the life of me get a good streaming signal – one that always worked without pauses – to stream movies to the Popcorn Hour in the living room (about 10m away and two walls). Sometimes, yes, but not always. This situation is actually worse than it was before!
I must say that I love the AirPort Express for its ease of configuration, and its IPv6 support, but it just isn’t working for me with the vast amount of concrete I have.

To try to solve my problems with my iMac, I decided to configure an old Linksys WRT54GS I have in a client-bridge configuration. The Linksys has two spiffy antennas with potentially better gain than the built-in antenna of the iMac. I chose the WRT54GS as it has a built-in switch – which would be nice to have in the bedroom – whereas the WAP54G I used in the past has only a single port.
As it turns out, after spending literally hours trying to get such a configuration working, the solution was incredibly simple. I found lots of interesting but conflicting information on the web about how to do this, but was unable to get any of it to work. I must be honest and state that I did not want to use the nvram command to do the configuration. I just find that such by-hand configurations are hard to reproduce should I need to someday, and prefer to have a documented, easy-to-understand, and repeatable solution instead.
I finally decided to forge ahead without docs to see what I could get going.
The solution


This section assumes a cleanly installed OpenWrt firmware on the router. (See below on how to reflash with TFTP if you need.) It also assumes you are logged into the more advanced Administration mode (not the default Essentials mode) of the OpenWrt interface.
Configure the WAN interface (Network > Interfaces > WAN)
I changed nothing here.
wan
Protocol: DHCP
Bridge interfaces: unchecked
Interface: eth0.1
Zone: wan
Configure the LAN interface (Network > Interfaces > LAN)

My local network subnet is 172.18.0/24 so I placed the LAN interface within that subnet. By doing this, I can telnet into the router without needing to specially configure a machine to talk to it.
lan
Protocol: static
Bridge interfaces: checked
Enable STP: unchecked
Interface: eth0.0
Zone: lan
IPv4-Address: 172.18.0.11
IPv4-Netmask: 255.255.255.0
IPv4-Gateway: 172.18.0.1
DNS-Server (added): 172.18.0.1
Click Save.

Configure the wireless to join my existing network (Network > Wifi > WL0)
Device wl0
enable: checked
Channel: auto
Transmit Power (dBm): 70
802.11h (added): checked
WMM Mode (added): checked
Interfaces
ESSID: KWAB
Network: lan
Mode: Client
Encryption: WPA2-PSK
Key: ******* (I’m not giving that up!! 😉 )
Click Save.
Switch (Network > Switch)
The Linksys WRT54GS v.4 uses slightly different VLAN ports than other routers. Basically, the WAN port is #0, whereas most other routers it is #4. I updated accordingly.
ETH0
ethX.0: 0 1 2 3 5*
ethX.1: 4 5
Click Save.
DHCP (Network > DHCP)
DHCP is enabled by default. It must be disabled. Uncheck the Dynamic DHCP option.
Click Save.
Apply all the changes (Changes > Save and Apply)
Once the settings are applied, the router should be pingable at 172.18.0.11 and the normal network should also be accessible using normal means (in my case DHCP). I have noticed that the router sometimes gets confused at this point, and a simple reboot [by pulling the plug] fixes that.
Enable multicasting
By default, the network interfaces do not support the full set of multicasting required for Bonjour and mDNS to work (two things I can’t live without with my Macs). To get them going, we need a quick shell script.
Edit the /etc/firewall.user script, and add these lines to it:
# enable full multicasting
for iface in br-lan eth0 eth0.0 eth0.1 wl0; do
ifconfig ${iface} allmulti
done
Run the script to setup the multicasting. In case you were wondering, Tte script will be executed automatically by the firewall script on subsequents boots.
We’re done!
The Result
After all was said and done… I still wasn’t happy 🙁
The iMac talking directly to the AirPort Extreme (jumping between 24-144Mbit/s as reported by the AirPort) was usually able to sustain 1.7MiB/s transfers, while the Linksys (jumping between 18-54Mbit/s as reported by the AirPort) could usually sustain only around 400KiB/s, more than 4x slower. Grumble.
I also use IPv6 on my network, but the Linksys isn’t bridging it through. It means when I do lookups for addresses like freenas.local (my NAS) I get the IPv6 address which I cannot talk to. There is probably a solution to that, but I haven’t looked into it yet.
In any case, back to the drawing board.
References
OpenWrt release: Kamakaze 8.09.2

Reflashing with TFTP
More than once, I locked myself out of the router during my fiddling. Luckily, OpenWrt has a default boot mode one can go into by holding down the reset button during power-on, releasing it once the DMZ LED lights. In this mode, the IP of the router returns [temporarily until reboot] to 192.186.1.1, and it allows telnet access without a password. Using telnet, I was able to manually erase the firmware, then reflash new firmware with TFTP.
To reset the router, I followed these steps:
  1. Placed a copy of OpenWrt in my ~/Downloads folder
  2. Changed to my ~/Downloads folder
    $ cd ~/Downloads
  3. Set a static IP on my laptop to 192.168.1.2
  4. Added a manual ARP entry (needed later for TFTP) to 192.168.1.2 (valid for OS X 10.5/10.6)
    $ sudo arp -s 192.168.1.1 00:16:b6:1e:a2:3f
  5. Telnetted into the router. For this to work, you must be plugged into the LAN portion of the router (the switch section) and not the WAN port (the Internet port).
    $ telnet 192.168.1.1
  6. Erased the flash on the router
    # mtd erase linux
  7. Pulled the power out of the router
  8. Started TFTP on my laptop
  9. $ tftp 192.168.1.1
    tftp> mode binary
    tftp> rexmt 1
    tftp> timeout 90
    tftp> trace
    Packet tracing on.
    tftp> put openwrt-wrt54gs_v4-squashfs.bin
  10. Plugged the router back in
  11. Waited for the firmware to flash. You should see something similar to this if the upload works: 
    sent DATA 
    received ACK 
    sent DATA 
    received ACK 
    ...
    sent DATA 
    received ACK 
    Sent 2166816 bytes in 61.9 seconds

    The number of blocks will of course be different for the release of OpenWrt you use.

The router will reboot on its own, and become available on the IP 192.168.1.1.

Getting Freenet running on Nexenta

THIS IS A WORK IN PROGRESS. I don’t have full working instructions yet 🙁

I had a few problems getting Freenet 0.7.5 running on my Nexenta 2.0 Server installation, so I thought I would mention what I did.

Summary

To get Freenet running under Nexenta 2.0 Server, you need the following:

Freenet 0.7.5 wrapper
http://downloads.freenetproject.org/alpha/installer/freenet07.tar.gz
Freenet 01222 build
http://freenet.googlecode.com/files/freenet-build01222.jar
apt-get installed packages
java-runtime-headless nevada-compat

Instructions:

  1. Install the packages with apt-get.
  2. Extract the freenet07.tar.gz package somewhere.
  3. Copy the freenet-build01222.jar file into the extracted package directory where the run.sh file is. Name it freenet.jar
  4. Start the software with run.sh start.
  5. Try to figure out the rest because I haven’t had time.

Detail

I run my Nexenta server in a closet with no keyboard or monitor attached, so getting Freenet running in a headless mode was desirable. Using the headless system instructions from the “Linux and other Unix-like systems” section Freenet Download page, I got the software installed.

wget http://downloads.freenetproject.org/alpha/installer/freenet07.tar.gz
cat freenet07.tar.gz | gzip -d | tar xv
cd freenet
./run.sh start

When I called the run.sh script though, it failed as I didn’t have Java installed.

$ ./run.sh  start
Enabling the auto-update feature
Detecting tcp-ports availability...
Can not bind fproxy to 8888: let's try 8889 instead.
/opt/freenet/0.7/bin/1run.sh: line 49: java: command not found
/opt/freenet/0.7/bin/1run.sh: line 53: java: command not found
Can not bind any socket on 127.0.0.1:
              IT SHOULDN'T HAPPEN!

Make sure your loopback interface is properly configured. Delete Freenet's directory and retry.

So, I installed the java-runtime-headless package. It in turn pulled in a few extra packages and recommended a few more. I ignored the recommendations.

$ sudo apt-get install java-runtime-headless

Trying to run it again, I got a new error.

$ ./run.sh  start
Unable to locate any of the following binaries:
/opt/freenet/0.7/./bin/wrapper-solaris-i86pc-32
/opt/freenet/0.7/./bin/wrapper
Starting Freenet 0.7...

Let's start the node without the wrapper, you'll have to daemonize it yourself.
dl failure on line 685Error: failed /usr/lib/jvm/java-6-sun-1.6.0.10/jre/lib/i386/client/libjvm.so, because ld.so.1: java: fatal: libCrun.so.1: open failed: No such file or directory

After some searching on Google, I found an article entitled Installing JDK6 in Nexenta Zone that mentioning the need for the nevada-compt to fix the libCrun.so.1 error. So, I installed that package.

$ sudo apt-get install nexenta-compat

Trying to run it again, I got a new error.

$ ./run.sh  start
Unable to locate any of the following binaries:
/opt/freenet/0.7/./bin/wrapper-solaris-i86pc-32
/opt/freenet/0.7/./bin/wrapper
Starting Freenet 0.7...

Let's start the node without the wrapper, you'll have to daemonize it yourself.
Exception in thread "main" java.lang.NoClassDefFoundError: freenet/node/NodeStarter
Caused by: java.lang.ClassNotFoundException: freenet.node.NodeStarter
      at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
      at java.security.AccessController.doPrivileged(Native Method)
      at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
      at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
      at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
      at java.lang.ClassLoader.loadClass(ClassLoader.java:252)
      at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320)
Could not find the main class: freenet.node.NodeStarter.  Program will exit.

Argh… After poking around I now figured out that the actual Freenet software wasn’t included in the freenet07.tar.gz package. Looking at the files provided on http://freenet.googlecode.com/ I found the freenet-build01222.jar that looked interesting. I downloaded a copy to the same directory where the run.sh script was.

$ wget http://freenet.googlecode.com/files/freenet-build01222.jar -O freenet.jar

Trying to run it again, I got a new error.

$ ./run.sh startUnable to locate any of the following binaries:
/opt/freenet/0.7/./bin/wrapper-solaris-i86pc-32
/opt/freenet/0.7/./bin/wrapper
Starting Freenet 0.7...

Let's start the node without the wrapper, you'll have to daemonize it yourself.
Exception in thread "main" java.lang.NoClassDefFoundError: org/tanukisoftware/wrapper/WrapperListener
      at java.lang.ClassLoader.defineClass1(Native Method)
      at java.lang.ClassLoader.defineClass(ClassLoader.java:621)
      at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)
      at java.net.URLClassLoader.defineClass(URLClassLoader.java:260)
      at java.net.URLClassLoader.access$000(URLClassLoader.java:56)
      at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
      at java.security.AccessController.doPrivileged(Native Method)
      at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
      at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
      at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
      at java.lang.ClassLoader.loadClass(ClassLoader.java:252)
      at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320)
Caused by: java.lang.ClassNotFoundException: org.tanukisoftware.wrapper.WrapperListener
      at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
      at java.security.AccessController.doPrivileged(Native Method)
      at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
      at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
      at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
      at java.lang.ClassLoader.loadClass(ClassLoader.java:252)
      at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320)
      ... 12 more
Could not find the main class: freenet.node.NodeStarter.  Program will exit.

I’m giving up for the moment. I’ve got other work to do, so I’ll put this on the back burner. Maybe somebody else can figure this out.

I fought the Silicon Image 3114 with Solaris and won!

The battle
My latest battle has been against a 4-port SATA-I PCI RAID card powered by the Silicon Image 3114 chipset (it shows up as a pci1095,3114 device). As luck would have it, the card did not work out of the box with Solaris, but some Google searches did provide some hints.
In my research, I found that the card is not a true hardware RAID card as there is no actual RAID magic happening in the chip. It is all in the provided software driver (hense the Windows only drivers). The chip basically allows the computer to “understand” how the drives get sliced and diced, and does the appropriate translation so the machine can speak to the drives. Nothing else. No wonder Solaris didn’t like it. Myself, I don’t at all care that the RAID is less than functional as I plan to use ZFS+raidz for my filesystems anyway.
For Solaris to recognize the drives, the card must be flashed with the IDE version of the BIOS (see the Silicon Image link above). If one has a DOS floppy around, this process should be a piece of cake. Considering I don’t own a floppy drive anymore, and also don’t have a CDROM in my server, the process turned out to be more challenging. In the end I was successful, but it took me about 6hrs of fiddling to get it done. (The Ultimate Boot CD was a lifesaver.)
The real sticking point for me was a simple command I ran the previous night in an attempt to get the card to work. According to OpenSolaris Bug ID 6595150, all I had to do was run an update_drv command to get things going. It added an entry to the bottom of /etc/driver_aliases to indicate that the RAID card was in fact associated with the ata driver, something that made complete sense to me at the time. Turns out, this bug is from an older version of OpenSolaris, and I never should have run this command. Of course the OS was never nice enough to tell me anything, so I was flying in the dark trying to figure out why nothing was working. After literally hours of debugging – this after the many hours already spent trying to flash the annoying little card – I removed the line and everything started working. Yay!
Moral of the story
When everyone else on Internet says you need to flash the BIOS with the IDE version for this particular card, listen to their wisdom. You don’t need to fiddle with things.
The system I got the card running on
OS: Nexenta 2.0RC3 (based on OpenSolaris b104+)
CPU: VIA Samuel 2 @800MHz
What I got running
For those who care, here is a semi-complete list of items I purchased. My goal was adding ~900G of redundant storage to my little Nexenta based Solaris server. I had practically no space free in the case as there is only a single 3.5″ drive bay, and a single 5.25″ drive bay. And, as the motherboard itself is pretty old, it only has two PATA connectors, USB 1.1, and a single PCI slot. In other words, not much to work with. As such, I felt that filling the single PCI slot with a 4-port SATA card and adding a special drive enclosure that would hold four 2.5″ drives was the way to go. My server sits in a closet and all of my machines connect via wireless, so high disk I/O bandwidth was not one of my design goals.
4-bay 2.5″ SATA HDD in 5.25″ drive enclosure
4-port SATA-I PCI card
This seems to be a generic card as I have seen pictures that look exactly the same from other venders, such a LINDY in the US.

4x Western Digital 320G Scorpio 2.5″ SATA HDD

shFlags 1.0.3

I made a new release of shFlags today, version 1.0.3.

It is mostly minor bug fixes, but it does fix a major issue in the handling the mixing of flag and non-flag arguments on the command-line (the enhanced version of getopt is required).

Interesting read: The Other Half of “Artists Ship”

http://paulgraham.com/artistsship.html

I find the article very intriguing. So very true, and so very sad that it is so true.

I don’t want to think the fact that a previous company I worked for had seven levels of approval just to purchase a new computer monitor, or the fact that another company required ten signatures just to get any software pushed to production.

I am glad that my current employer fights such political nonsense, and that I as an employee can point out problems and suggest improvements to any check I feel might be a waste of time and money.

I’m up and running with IPv6

I don’t know why, but I got a bee in my bonnet today and decided to setup IPv6. As it turned out, I already had the necessary hardware (an Apple Time Machine which is also a full featured AirPort Extreme Base Station) and only needed a tunnel broker. After some googling, I came up with a list of several and decided to try one out.

The first one I tried was SixXS. After going through the sign-up and email verification, I was left waiting for validation of my data. Humpf. Not so fun. After waiting all of maybe two minutes, I decided to try another.

I rang up a friend from work to find out who he uses. He recommended Hurricane Electric so I gave them a try. All I can say is I was amazed how quickly and easily I got an account setup, and got my tunnel information. They even allow up to four tunnels on the account, which means I could set one up at my brother’s house as well.

The difficulties came in three areas.

  1. Getting the Time Capsule configured
  2. Getting my ADSL router to route packets to the Time Capsule
  3. Updating my WPAD files so that IPv6 traffic would not use my proxy

Configuring the Time Capsule

Hurricane provided me with the following information to setup my IPv6 tunnel with.

Server IPv4 address: 216.66.80.26
Server IPv6 address: 2001:470:1f08:71d::1/64
Client IPv4 address: 87.198.128.166
Client IPv6 address: 2001:470:1f08:71d::2/64
[Client] Routed /64: 2001:470:1f09:71d::/64

In AirPort Utility, I went into manual mode for the Time Capsule, selected Tunnel mode on the IPv6 page (Advanced > IPv6), and pasted the info in, including manually setting the LAN Prefix Length. (In case you were wondering, my firmware version 7.3.2, the /64 prefix is automatically stripped once Update is clicked).


Once the Time Capsule restarted, I looked at my network settings on my MacBook Pro, and found that I now had an IPv6 address that was in the LAN IPv6 range. I tried ping6 ipv6.google.com, but it didn’t work. After lots of troubleshooting, I realized that I could ping only the Local IPv6 address of the Time Capsule, but not the Removte IPv6 address. That made me think router.

Configuring the router

Honestly, this was a piece of cake once I figured out where all the settings were. Basically, I had to disable the firewall on the router and then set it to forward all packets to the Time Capsule (I set it as the default server). Once I had those two things, I was able to ping6 ipv6.google.com, but was unable to pull up http://ipv6.google.com/ in my browser.

Configuring WPAD

To make my life easier, I have WPAD (Web Proxy Autodiscovery Protocol) setup on my local network so that the Auto-detect proxy settings for this network works in Firefox. I use Squid for my proxy on separate Linux server, but unfortunately the version I use (3.0STABLE1 on Ubuntu 8.04) doesn’t support IPv6. (The newer 3.1 release apparently does, but I’m not in the mood to spend lots of time compiling a new binary today.) I did some googling and found that I could make a single minor change to my wpad.dat file to get things working.

The basic change was to add a dnsResolve() check that was then compared against anything with a “:” in it. IPv6 addresses have colons ‘:’ in them, but IPv4 addresses don’t. If an IPv6 address is found, the proxy gets skipped. (I’ll save Squid 3.1 for another rainy day).

Here’s the final version of my wpad.dat.

function FindProxyForURL(url, host) {
if (host == "localhost" || host == "127.0.0.1") { return "DIRECT"; }
if (isPlainHostName(host)) { return "DIRECT"; }
if (shExpMatch(host, "*.local")) { return "DIRECT"; }

// route ipv6 directly
if (shExpMatch(dnsResolve(host), "*:*")) { return "DIRECT"; }

return "PROXY 172.18.0.8:3128; DIRECT";
}

function LocalFindProxyForURL(url, host)
{
FindProxyForURL(url, host);
}

That is pretty much it. Overall the process was much simpler than I expected. Hopefully this helps someone else get their IPv6 running as well!