Node name: First Unitarian Church
Live Date: 2006-02-27
Contact: Chris Gates
1011 SW 12th Avenue
Portland, OR 97205
(503) 228-6389
Office hours M - F, 9:00 am to 4:00 pm
Map: https://cwnmyr.personaltelco.net/nodes/FirstUnitarian
Equipment
Alix 2D13 (provided by PersonalTelco)
NetgearWgt634u (provided by First Unitarian Church)
- Metrix Mark II Kit (provided by First Unitarian Church)
- Soekris net4826
- 2 A/B/G 100mW Atheros Radios
- PoE injector
- Rooftop Sled
- 9 dBi Antenna with 7-degree downtilt
- 5ft LMR-195 Jumper with female N connectors
- 17 dBi 5.8 GHz backfire antenna (surplus from the MGP)
5' LMR-400 Jumper (donated by CalebPhillips)
Oldish Netgear Wireless Router (donated by GregZupan)
Soekris net4521 (provided by PersonalTelco)
- Ubiquiti SR2 miniPCI radio
- 2x Ruckus VF2825 access points (provided by First Unitarian Church)
- Linksys WRT54G (provided by Personal Telco)
Software Installed
OpenWrt r27000 (on metrixes)
- Batman-adv
- ath5k drivers
Network Configuration
- Host: jodie (alix2 gateway)
- Internet Network: 70.98.244.206/30 (integra)
- Gateway: 70.98.244.205
- Upstream DNS servers: 204.130.255.3, 209.63.0.6
- IPv4addr: 10.11.61.1/24
- IPv6addr: 2001:470:e962:3d01::1/64
Host: origen (a WGT634U)
- IPv4addr: 10.11.61.2/24
- Channel: 1
- SSID: www.personaltelco.net
- BSSID: 00:09:5B:F8:17:F6
- Ethernet MAC: 00:09:5B:F7:69:2A
Host: emerson (a metrix)
- IPv4addr: 10.11.61.3/24
- wlan0:
- Mode: adhoc (batman-adv)
- Channel: 161
- SSID: ptp-mesh-a
- BSSID: 00:0B:6B:4F:6A:16
- wlan1:
- Mode: ap
- Channel: 1
- SSID: www.personaltelco.net
- BSSID: 00:0B:6B:56:01:93
Host: basalt (a soekris net4826-50 located at NodeCornerstone)
- IPv4addr: 10.11.61.4/24
- wlan0:
- Mode: adhoc (batman-adv)
- Channel: 161
- SSID: ptp-mesh-a
- BSSID: 00:0B:6B:0A:7E:9B
- wlan1:
- Mode: ap
- Channel:
- SSID: www.personaltelco.net
- BSSID: 00:0B:6B:0A:7F:18
Host: clara (soekris net4521 gateway)
- IPv4addr: 10.11.66.1/23
- Channel: 1
- SSID: www.personaltelco.net
- BSSID: 00:15:6d:51:09:bc
- ar0 (airrouter infodesk, ATTITUDE ADJUSTMENT bleeding edge, r29617)
- IPv4addr: 10.11.66.5/23
- Channel: 11
- wlan0:
- SSID: www.personaltelco.net/eliot
- BSSID: 00:27:22:22:C6:C4
- wlan0-1:
- SSID: www.personaltelco.net/ar0
- BSSID: 02:27:22:22:C6:C5
- ar1 (airrouter B104, ATTITUDE ADJUSTMENT bleeding edge, r29617)
- IPv4addr: 10.11.66.6/23
- Channel: 1
- wlan0:
- SSID: www.personaltelco.net/eliot
- BSSID: 00:27:22:22:C7:90
- wlan0-1:
- SSID: www.personaltelco.net/ar1
- BSSID: 02:27:22:22:C7:91
- ar2 (airrouter B201, ATTITUDE ADJUSTMENT bleeding edge, r29617)
- IPv4addr: 10.11.66.7/23
- Channel: 6
- wlan0:
- SSID: www.personaltelco.net/eliot
- BSSID: 00:27:22:22:C8:C4
- wlan0-1:
- SSID: www.personaltelco.net/ar2
- BSSID: 02:27:22:22:C8:C5
- ar3 (airrouter B304, ATTITUDE ADJUSTMENT bleeding edge, r29617)
- IPv4addr: 10.11.66.8/23
- Channel:
- wlan0:
- SSID: www.personaltelco.net/eliot
- BSSID:
- wlan0-1:
- SSID: www.personaltelco.net/ar3
- BSSID:
- ar4 (airrouter A108, ATTITUDE ADJUSTMENT bleeding edge, r29617)
- IPv4addr: 10.11.66.9/23
- Channel: 6
- wlan0:
- SSID: www.personaltelco.net/eliot
- BSSID: 00:27:22:22:C9:6E
- wlan0-1:
- SSID: www.personaltelco.net/ar4
- BSSID: 02:27:22:22:C9:6F
Installers / Organizers
Maintained by the NetworkOperationsTeam.
Installation Notes
Overview:
http://www.personaltelco.net/~caleb/diagrams/NodeFirstUnitarian.jpg
FirstUnitarianChurch owns the entire block. This includes several entire buildings and a lot of diverse architecture. The overall goal is to saturate a few specific spots inside the buildings and cover the surrounding neighborhood with free wireless internet. The relevant buildings are:
- The Eliot Center ("EC") will be built in coming months and years. It will take the place of several existing, smaller buildings. Once constructed, the Eliot center will be used for various community events, education and activities. As such, it will need some wireless coverage. However, this is still a couple of years off.
- The Office Building ("0") houses the existing IT infrastructure and many small offices. Currently, there is a DSL line which serves something like 2-dozen users and a couple of servers. I suspect that Wifi coverage in the Office Building is not a huge priority, as most anywhere you would want connection has a lan-drop. However, it would still be nice.
The Salmon Street Sanctuary ("SS") is on the corner of 12th and Salmon, it is on the historic registry, and is currently undergoing construction for seismic upgrades, which are expected to finish by March. Once this construction finishes, its bell-tower may be the ideal location for a some sector antennas pointed out windows to cover the surrounding area. Also, the inside of this building should be covered eventually. It's construction is steel re-enforced masonry with plaster inlaid with steel mesh - a FarradayCage. Below and around the sanctuary are several other floors which house classes for NW Academy (who appear to have their own wireless network locally), religious education, music classes, and some other things.
- The Main Street Sanctuary ("MS") houses a second sanctuary (which has recording hardware for podcasting and is used for religious service as well as various speaking events) and "Fuller Hall" in the basement, which hosts community gatherings. Both the second sanctuary and Fuller hall are prime candidates for initial unwiring.
The unlabelled building is an apartment building for the Outside-In, which would surely benefit from FreeWireless, and may be willing to collaborate. If they are, they sure do have a nice chimney (on top of a scary roof).
Line of sight from 12th and Jefferson to Emerson's Yagi:
http://www.personaltelco.net/~caleb/diagrams/emerson_los.jpg
Maintenance and System Log
2013-01-27: Updated jodie to r35318 with linux kernel version 3.7.4 and IPv6 --RussellSenior
2011-07-22: First Unitarian has been having some trouble with its gateway device, which resulted in killing our internet connection for a while. There was a brief on-age and then another outage. In consultation with church IT staff, we decided to move to another DSL circuit, and when we got a publicly usable IP address, we managed to get the network functioning again. We are getting another static ipaddr, and the current one might change soon to consolidate a /29. --RussellSenior
2011-06-03: Visited to reset ruckus1 to restore access to admin interface. Also noticed that the node details had not been recorded in the wiki! Russell FAIL! --RussellSenior
2011-06-02: Replaced clara (WGT634U) with clara (Soekris net4521) for its better robustness and RAM capacity. Attempted to give Ruckus AP's a default gateway to facilitate remote management, caused access to be lost. --RussellSenior
2011-05-27: Reflashed the metrixes (basalt and emerson) with OpenWrt r27000 images including batman-adv to replace the old WDS links. Hopefully, this will make emerson more stable (it sometimes freezes or locks up the wifi, requiring intervention). --RussellSenior
2009-12-31: MarinoDuregon and I replaced the old NuCab "servetus" with an AlixCab "jodie". --RussellSenior
2009-06-04: Installed a new network in the new wing of the church (on the NW corner of the block). This new building used "modern" construction techniques that appear to severely attenuate RF. I was unable to associate from the curb just outside the building. The new network consists of a Netgear WGT634U (hostname: clara (as in clara barton)) running NoCatAuth (yes, not NoCatSplash), and two Ruckus VF-2825-US access points. The WGT634U in located in a wiring closet in the basement. One Ruckus is on the first floor at the West end of the building, while the other is on the second floor on the East end of the building. The WGT634U is hanging off of a new DSL service through Qwest, this because running an ethernet cable through to the old building was seen as more difficult. --RussellSenior
- 2008-12-05: Two recent incidents:
- Noticed that the rooftop access point radio had not been seen in a while, rebooted, which seemed to fix it for a while (saw it driving by on I405 a day or so later);
- Noticed a few days ago that emerson (rooftop) was no longer reachable from servetus. Called and then went by today and power-cycled it from the bell tower stairwell. Connected to it via the ethernet, then via wireless, and it's back online again.
Also noticed that there is another access point in the vicinity, but did not connect: 00:09:5B:33:29:65, which looks like maybe another wgt. --RussellSenior
2007-09-07: Yesterday, the Church IT guy (Doug) gave me the password for the DLINK router. I went down and tried to figure out what was wrong. I was seeing the dropped packets in the log, but couldn't figure out which rule they were referencing. This afternoon I went back and did a factory reset, and then reconfigured by loading a configuration backup. That didn't immediately fix it either, but it got me looking more closely at the rules. I think the problem was that the DMZ rules were default DROP. We needed a rule that allowed traffic. And we needed to add the rules in a way that caused the DLINK to let them stick (which I think might have been the issue yesterday). I tested that incoming tcp ports did not get redirected by default to our box, just the ones that were specified in the router (the ISP guy seemed to be under the mistaken impression that all ports got redirected to the DMZ host unless redirected elsewhere). Doug implied that the ISP guy was responsible for the rule ALLOW rule elimination. Anyway, it is back up and apparently functional again, in time for the Church's teacher training event this weekend. Sorry for the long outage folks, but it was outside of my control. --RussellSenior
2007-08-08: While trying to patch up snmp node monitoring here, I found that UDP appears to be blocked. This is fucking up DNS, which is reducing the utility of the node. Unblocking other UDP ports would be nice as well, like SNMP. Also, their port forward of 5280 appears to go to our port 80, which is broken. Should just forward to 5280. Need to contact the IT folks to inquire. --RussellSenior
2007-08-03: This week we experienced some outages due to complaints from a mega-corporation about our network serving up bittorrent ports. As a result, the ISP called the church IT people, who unplugged our gear. I spoke to the IT people and the ISP. The ISP claims that there were ports open for connecting prior to the unplugging. I was never able to confirm that any ports were actually open, so my diagnosis was mostly blind. I believe it *might* have been due to an iptables rule for the meraki network that involved -m state --state RELATED,ESTABLISHED. It is possible that those were being twiddled to forward ports back into the network. I have disabled that rule and also configured nat/masquerading at basalt, the NodeCornerstone soekris. Today, having seen the bittorrent traffic reappear, I called the ISP and they were not seeing any external ports open either. Unless new information arrives, the case appears to be closed. --RussellSenior.
2007-05-06: RussellSenior, BenGates, MichaelHanna, and I Installed gear on cornerstone Apt. Building. We Used a WDS link on 5.8 Ghz to connect this gear (named basalt) to emerson. It provides additional local coverage to this area with a 9dbi omni antenna. -- CalebPhillips
2007-04-04: Met with guys from apartment building at 12th and Jefferson. They want to connect to and repeat the signal from the metrix and have both gear and roof access. We start by aiming the yagi on the church bell tower. Then, move to the apartment building roof and try to connect with an SMC bridge and enclosed yagi they have. Run into some trouble configuring the bridge. We need to upgrade the firmware (Michael is doing this) and may need to enable WDS on the metrix as it seems the SMC bridge wants it. The connection just using laptops is awesome - ping flooding drops no packets and there is perfect line-of-sight. Also, this roof has line of sight to other roofs in the area we may be able to get on. SamChurchill showed up and took some photos. As a proof-of-concept, it was very successful. We just need to get all the gear together and do the install. We played around with a couple Meraki minis, using one as a bridge connected to the UU metrix, but ran into problems with routing because the Meraki's want to use 10.0.0.0/8 which colides with the address space of the node (10.11.61.0/24) - we need to figure out how to change the addressing scheme the meraki's use. -- CalebPhillips
2007-02-05: Tamarack, RussellSenior, and I visited the node, fixed the crimps on the LongRun and then it worked (after a bit of head-scratching). The rooftop devices are now production-ready. -- CalebPhillips
2007-02-05: Swapped the churches configured WGT (origen) back in for the loaner. Noticed that someone had plugged in the cat5 run towards the roof, but couldn't ping from either side. Need to get in and check the crimps at both ends, then the roof with *finally* be online and usable! --RussellSenior
2007-01-21: Made some configuration changes on servetus for NodeMonitoring. Also, sometime in December, RussellSenior put OpenWRT on the WGT, but it never got documented here. -- CalebPhillips
2006-11-12: RussellSenior, GregZupan, ChrisGates, and I did the "StageTwo" install by putting a metrix and sled on the bell-tower on the corner of 12th and Main. Currently this does not have a full cat-5 run up to the rest of the network, but is getting power, and is functional. FirstUnitarian staff will run cat-5 the rest of the way, and then it should be working. Photos from install here. -- CalebPhillips
2006-09-25: RussellSenior, GregZupan, ChrisGates, PesheScott, and I did a site survey for "StageTwo". Decided that the best option is a non-penetrating quadropod sled on the 12th and Main tower (which has a flatspace on top) with a soekris in the typical MetrixMarkII enclosure with an omni. Will have a second radio for a point-to-point link at some point. Going foward on gear purchases and logistics, looking forward to an install within a month or two. -- CalebPhillips
2006-08-02: Moving forward on initial plans to cover a radius of 2-3 blocks, ChrisGates, GregZupan, and I have initiated some more planning, which should result in action come September2006 and October2006. -- CalebPhillips
2006-02-27: GregZupan, ChrisDawson, and I met at the Church at 6:00pm to finish up the install. We quickly determined that the cable run must have been pinched somewhere along the line. We made a second run of cable, tested it, and it worked. After removing the bad cable, pinning up the good one, crimping ends, and plugging in - everything seems to work. In fact, this log is being made via the connection from the upper balcony of the Main Street Sanctuary (MSS). Yay. -- CalebPhillips
2006-02-26: GregZupan and ChrisGates attempted to finish the install only to find the cable run was bad -- CalebPhillips
2006-02-19: Cleaned up a few more "node 42" references from our builder mis-steps. Added the local DNS servers to /etc/net-node/named.conf.options. Made /etc/nocatauth/gateway/htdocs a symlink to /home/web/node/firstunitarian, and /etc/net-node a symlink to /root/firstunitarian (the local svn checkout) instead. --RussellSenior
2006-02-18: Met out at the church today with the intention of running Cat5e from the office to the MSS balcony and installing the captive the portal server. I was joined by RussellSenior and a few people from the church (ChrisGates, GregZupan, and GardnerGrice). The Cat5e run was put off until a more powerful drill can be acquired for getting through a concrete wall. Installing the gateway seems to have been successful. I have updated the information above accordingly. Also, we setup a the WGT in the office as a proof-of-concept until the cable run is complete. Work will continue as soon as possible. -- CalebPhillips
2006-02-16: RussellSenior and I did a "builder install" on NuCab for this node. In spite of the builder-scripts only partially working (due to subversion authentication), the resulting NuCab seems to mostly work. -- CalebPhillips
2006-02-11: ChrisGates did some reconnaissance, getting in touch with the OutsideIn and NWAcademy. He also determined a way to run Cat5e from the Office to the MS. Next step is to buy gear and install it -- CalebPhillips
2006-02-02: Went out to site to do an initial site survey. Details above. Will post pictures at some point. -- CalebPhillips
Notes
Photos of this node and it's installs are in the gallery.
More information about this node can be found in Adhocracy.
- Origen (the Netgear WGT634U) configuration:
Built OpenWrt r6007 and installed the jffs2 image
- From serial console:
- set password:
# passwd
- configured wireless in: /etc/config/wireless
- modified channel and ssid
config wifi-device wifi0 option type atheros option channel 1 config wifi-iface option device wifi0 # option network lan option mode ap option ssid www.personaltelco.net option hidden 0 option encryption none
- modified channel and ssid
- configured network in: /etc/config/network
- added all interfaces to interface lan's bridge (so it doesn't matter which port you plug the ethernet into)
- added a default gateway to lan's configuration
- commented out the wan interface stanza entirely
#### VLAN configuration config switch eth0 option vlan0 "0 1 2 3 5*" option vlan1 "4 5" #### Loopback configuration config interface loopback option ifname "lo" option proto static option ipaddr 127.0.0.1 option netmask 255.0.0.0 #### LAN configuration config interface lan option type bridge option ifname "ath0 eth0.0 eth0.1" option proto static option ipaddr 10.11.61.2 option netmask 255.255.255.0 option gateway 10.11.61.1 #### WAN configuration #config interface wan # option ifname "eth0.1" # option proto dhcp
- disabled dnsmasq and firewall in /etc/init.d:
# cd /etc/init.d # mv dnsmasq dnsmasq_ # mv firewall firewall_
- set password:
- modified hostname to "origen" in /etc/init.d/boot
# Copyright (C) 2006 OpenWrt.org START=10 start() { [ -f /proc/mounts ] || /sbin/mount_root [ -f /proc/jffs2_bbc ] && echo "S" > /proc/jffs2_bbc vconfig set_name_type DEV_PLUS_VID_NO_PAD HOSTNAME=${wan_hostname%%.*} echo ${HOSTNAME:=origen}>/proc/sys/kernel/hostname # echo ${HOSTNAME:=OpenWrt}>/proc/sys/kernel/hostname mkdir -p /var/run mkdir -p /var/log [...]