Fon Fun

Today I’ve been playing with my Fon Simpl wireless access point.

It has an “internet” ethernet port for WAN, a “computer” ethernet port for LAN and public and private wireless networks, so I wanted to minimise what goes through the internet port to just the heartbeat and disable routing between my wired/wireless LAN’s.

Essentially I’ve got the internet port in a different VLAN and subnet to my LAN or the private wireless network and the computer port is currently disconnected – if I want to admin the router I can plug a laptop into the computer port.

I’ve allocated ethernet port 4 on my OpenWRT router to the Fon VLAN (confusingly the physical port 0 marked as “internet” maps to logical port 4, and physical port 4 maps to logical port 0) by configuring a few NVRAM variables:

nvram set vlan0hwname=et0
nvram set vlan0ports="1 2 3 5*"
nvram set vlan1hwname=et0
nvram set vlan1ports="4 5"
nvram set vlan2hwname=et0
nvram set vlan2ports="0 5"
nvram set fon_ifname=vlan2
nvram set fon_proto=static
nvram set fon_ipaddr=
nvram set fon_netmask=
nvram set ifup_interfaces="lan wan wifi fon"
nvram commit

Then to allow some limited WAN (vlan1) routing via the internet port on the Simpl, and nothing to/from the LAN (wired and wireless LAN are bridged to br0) we add some rules to /etc/firewall.user:

iptables -A forwarding_rule -i vlan2 -o vlan1 -p udp --dport 1812 -j ACCEPT
iptables -A forwarding_rule -i vlan2 -o vlan1 -p udp --dport 53 -j ACCEPT
iptables -A forwarding_rule -i vlan2 -o br0 -j DROP   
iptables -A forwarding_rule -i br0 -o vlan2 -j DROP
iptables -A input_rule  -i vlan2 -p udp --dport 53 -j ACCEPT
iptables -A input_rule  -i vlan2 -p tcp --dport 53 -j ACCEPT
iptables -A input_rule  -i vlan2 -j DROP
iptables -A output_rule -o vlan2 -j DROP

Fon is a bit of a mucky implementation when you’re not using it as your main router, as you essentially end up with 3 wireless networks (Fon public, Fon private and my OpenWRT LAN) and 3 wired networks (Fon internet, Fon computer and my OpenWRT LAN) whereas before I only had one of each.

I’ve also upgraded to blog to WordPress 3.1

New Home Theatre setup

I’ve just bought a 37″ LCD TV, 1080i FullHD all the bells and whistles. Its lovely. I’m awaiting a HDMI->DVI cable for my Mac Mini, and then that will be hooked up to replace my Xbox as my media centre box (running Plex).

Someone is seriously inflating the cost of computer accessories in France though – a 1.5 metre HDMI->DVI cable was 30e in the supermarket where the LCD came from, or four quid including postage from ebay UK for 2m!

I’ve moved the CRT telly into the snooker room, along with the Xbox. I tried overclocking my OpenWRT wireless routers to get the signal through the two 3 foot walls, and it just managed it at 15dbm (up from 7dbm!) but there’s more noise and heat and less signal now, so streaming video doesn’t work, even though http/ping/ssh are usable. So I’m going to have to run some CAT5e up from my bedroom through the lofts and down I think – which I already did when we renovated the snooker room, although its on the opposite wall to where I need the TV, and we’ve sealed up where the a cable could run behind the skirting boards!

I’ve got to do the same down to the Mac, as I tested and even 720p video’s can’t stream over 54g wireless (regular DivX does of course) and VNC is a bit slow too, gigabit will be much nicer. So I should be able to run a cable from a switch in my computer room, through the ceiling where the gas pipes go, and along the beam in the lounge to the Mac. I’ve got to look into the effects of running UTP cable alongside copper pipes, and then either beg some cable from PP, or see if the couple of 25m lengths I’ve got are enough – should be for the Mac, dunno about the snooker room though.

If I cable those two up, I can completely disable wireless in my house, it is an awful piece of technology really – too many “standards” with differing implementations, way overstated speeds and far too vulnerable to interference from microwaves, phones etc. Fine for some casual web surfing from a laptop, although I don’t have a laptop anymore – another piece of technology I don’t really have a use for.

I’ve also got to get a friend to help me run some more satellite cable (which I’ve got to measure and buy too) for the snooker room, I’ve got a spare Sky box, card and LNB socket, so might as well plug it into the telly.

It’s sweltering hot the last couple of days, I’ve been over to the folks and used their jacuzzi, but it doesn’t cool you much when its over 31c outside. My lounge is about the coolest place at the moment, being all thick stone walls and tile floors, as long as I keep the door shut.

Update: I just moved my 24″ LCD onto my main desktop machine, seems like a waste on the laptop docking station (it used to share with the Mac Mini) and wow, 1900×1200 is a lot of desktop space! You can play 1280×1024 games in a window, or have what used to be a fullscreen VirtualBox session in a window and still have about a third of the desktop free. Websites can look a bit odd though. An 80-column text editor only fills about a third of the screen too, so it should be useful for programming. The sound is a bit tinny compared to the 19″ though – as that was a TV as well, so had good speakers. Of course its handy for watching movies with the widescreen aspect ratio.

Update 2: I found that even the wireless speed of the Mac Mini was unacceptable – scp’ing a 700Mb DivX took ages, so I’m currently hanging a 15m piece of CAT6 out of the window and in through the back door! Getting around 35MBytes/sec over GigE now, so copying a 4.4Gb Matroska file took under 3mins!

I’ve also figured out how to sleep the Mac Mini remotely, as if you use shutdown it won’t wake using WOL. So you just make the following AppleScript:


tell application "System Events" to sleep

chmod a+x it and run it over SSH.