tips on install of ipfire

Having installed two ipfire boxes now, some simple tips. Overall it is a pretty straightforward install but these may save you a few minutes:

* You can find this in the online doc, but during install, remember: red is your wan connection; green is your local lan; and blue is your local wifi. You need cards for at least red and green or the install will flip out.
* Post install, you can only admin from the green subnet, which is totally sensible. And if you install ssh, it is only active by default on the green subnet, again totally reasonable.
* Post install, your wifi network will be inert and useless. You have to further install the hostapd extension using the pakfire command line or gui, and then configure the ssid and password, turn on dhcp, and further enable the mac addresses of each wireless device you want to support. Online guides suggest you also need to install wifi card drivers but this doesn’t seem to be needed, the lastest ipfire build seems to include them.
Blue useless.
* I’d highly recommend installing the ssh extension. also tcpdump. I have a bunch others installed too.
* The samba extension doesn’t seem to work well, all my machines have trouble authenticating to the ipfire box. samba seems to offer a kajillion security settings and i can’t find quite the right combo to work.

Dorking around with open source router/gateway/firewall stuff

Just for yucks I am using a linux box in my house as gateway for all the devices in my house, I just want to be able to see what is going on at the network level and do a little more finegrained control.

I considered using “dd-wrt”: but it is not keeping up with router releases — it is not available for any of the routers on the shelf at best buy locally, for instance. and these router boxes are kind of a mess anyway, super limited on ram and storage, which constrains what I can do. i can easily build a cheap linux box with ethernet in, wifi out. the only advantage the router boxes have are the 4+ onboard wired ethernet ports. but wired ethernet seems to be going the way of the dodo in the home.

There are a ton of code bases to choose from. Here are some that seemed notable

* “untangle”: commercial product but also some open source light version which they try to hide on their site. which makes me think the open source thing is 99% of the commercial thing. nice UI. They obviously don’t really want to support people like me tho, probably will steer away from this.
* “clearOS”: similar but looks even more open-sourcy, they say the right things about supporting open source community.
* “ipfire”: very open sourcy and modern (git repositories for instance). git repositories seem active
* “zeroshell”: old school open source (not git based for instance), looks a little rough around the edges, but very complete.
* “devil linux”: boots off cd/usb so easy to try but doesn’t seem to have the network depth of the previous choices

i’ll probably start with an ipfire trial. unless someone has a better idea.

Thinking about gameday cell network performance

When I sit in Ohio Stadium for a football game, my fancy smartphone is a useless piece of metal and plastic. Some developers have tried to come up with apps to improve the gameday experience, but these apps miss the point. With 105,000 fans in the stadium, another huge set of ticketless fans milling around outside, all the stadium staff as well as security and service staff outside the stadium — there are probably 200,000 network devices in 30-40 acres all trying to jam onto the system, and all failing. The cell network simply can’t handle the load.

Our cell networks are wonderful things, but in the build out of our networks, the notion of broadcast has been left behind. 98% of the fans want the same exact data — top 25 scores, breaking football news, in-game replays, radio game feed. And yet the cell network and data apps feed this data to each user via dedicated single-user transactions. Cell broadcast exists in the standards but is not really in use in networks or handsets. Qualcomm tried to push Mediaflo for this use but got very little uptake and eventually shut down the service.

It’s unfortunate that the idea of broadcast has been left behind. It would be hugely useful in these kinds of crowded venues. I wonder if Qualcomm might not have succeeded had they just focused on NFL and NCAA football fans — people who spend stupid amounts of money on tickets and related gameday expenses, and who would probably spend money on dedicated gameday data services. It is not an easy service to provide tho. It requires spectrum, devices using that spectrum, and local content assemblage and editorial. There may be too many moving parts. It might be easier just to truck in lots of picocells to events and say screw it, dynamically expand the cell network as needed.

I don't get cable/coax networking protocols.

I’m having problems getting a clean Comcast signal to one room in my house. Used to work fine but at about the time of the digital transition, the signal started to fail. Comcast can see and query the cablecard but we can’t get any channel signals through. All the coax and cat5 cabling in our house goes back to a central wiring closet; the ethernet network in the room in question works fine at 1 gigabit but for some reason the coax/cable network fails.

Why does the protocol/modulation scheme for cable fail? Why can the device be addressed and queried but we can’t see channels? Why do they need to put a signal amplifier on the line — i never need to do this for ethernet? Is comcast still using some analog scheme to send the signals across? This just seems odd and ridiculously archaic. And the crazy pairing nonsense for cablecards with all kinds of identifiers needed to be traded back and forth — it makes DHCP and mac addresses look positively simple.

I know I could go read about 64QAM and 256QAM and Cablelabs and all kinds of other stuff to get all smartened up about this but I am frankly tired of dealing with it. I’ve been ignoring the verizon fios offering in our neighborhood but if it would let me junk the coax and move to all cat5/ip i might consider….


I guess I have been a little inattentive to my home network config. I’ve been installing a Slingbox and installation keeps dying during router config. I suspected that I had some unnecessary router complexity. As I dug in, I realized I was putting the Slingbox behind 3 (!) routers — the Moto cablemodem, a Linksys in the wiring closet distributing out to house, and a Dlink wired/wireless in the room with the Slingbox. The odds of me configuring all the port mapping/forwarding correctly for this chain of routers are basically zero. Time to simplify…