Differences between revisions 40 and 41
Revision 40 as of 2002-03-05 01:02:58
Size: 6294
Editor: 34-pool1
Revision 41 as of 2002-03-05 16:26:29
Size: 6389
Editor: 137
Deletions are marked like this. Additions are marked like this.
Line 8: Line 8:
 * Add egress filter to prevent participating in [DRDoS http://grc.com/dos/drdos.htm] attacks

This is to help track and resolve bugs with the DebianLinuxAccessPoint and DebianApImage projects. If you think you've found a bug in how the image works please list it here along with all the information I might need to fix it. Thanks -- AdamShand.

See also: DebianAp, DebianApImage

Feature Requests

  • Set it up to sync to an NTP server to keep the time correct (Stylistics don't appear to have good clocks)
    • Add 5 * * * * root /etc/init.d/ntpdate start > /dev/null 2>&1 to the /etc/crontab file -- AdamShand

  • Add egress filter to prevent participating in [DRDoS http://grc.com/dos/drdos.htm] attacks

To Be Fixed Soon
  • Install DNS Masq instead of Bind (http://www.thekelleys.org.uk/dnsmasq/doc.html)

  • Setup stunnel for nocat for SSL start pages to work. stunnel localhost:5281 -> localhost:5280 (change nocat firewall rule)

  • Setup for as few disk writes as possible so it can be run off CF or CDROM. Remote syslog, all writes to RAM disk etc.
  • Increase DHCP lease time to reduce wireless traffic and allow detection of inactive connections
  • Add BillHolmstrom's ptp.ico as ../nocat/htdocs/favicon.ico

  • Fix default resolv.conf, hosts and hostname files. make sure sudo works.
  • Configure MTA to be able to send messages and setup alias for root/postmaster to send to ops@lists.ptp.net

  • Setup cricket to graph total bandwidth usage.
  • Update glibc, at, sudo wireless-tools
  • line 15 in ../nocat/htdocs/splash.html needs 'images/' added to it
  • line 25 in /etc/pcmica/prism2.conf has the manfid for Lucent cards(instead of the D-Link that is says it is), so when you try to use a Lucent card it loads prism2 instead of wvlan_cs
  • Setup for iw_mode command to set default mode (master/managed/adhoc)
  • Add notes on how to set power for cards
  • Test NoCatAuth CaptivePortal mode (once the behind NAT fix is in place make captive mode the default)

  • Touch screen support. :) Can this be done without X? non-X-scribble?

    • I think this requires X. X will be supported once I get docs from CoryWebb on how to make the pen drivers work and a working XF86Config file.n -- AdamShand

      • You should check with Mark Curran, I think he has added X to your image already --MichaelCodanti

  • Add documentation on what needs to be setup and what it does
  • Create setup script to make configuration easier
  • Setup a Debian Apt repository for PTP packages and configure sources.list to use it.
  • Figure out command to use grub to install boot sector when image is not the boot device
  • Move default NoCatAuth log file to /var/log where it will (hopefully) be rotated).

To Be Done "Sometime"

These are as much ideas as anything else. Comments are appreciated.

  • Is webmin a good idea?
  • Setting up a default message on telnet/ssh; "you are not logged in via nocat, please goto http://aa.bb.cc.dd/"

    • This would be a little tricky to do with telnet and there is no real way to do this with SSH that I can think of (because there is no way to display a banner before login). Actually I just learned something ... this can be done. It still requires some trickery and I'm not sure it's really that important but it would be cool. If you wanna contribute the necessary firewall rules to make it happen please do, the best way I can think of doing this is to redirect port 22 and 23 traffic to anywhere to the stylistic and display a banner there. -- AdamShand

  • ExtrusionDetection (Snort)

  • Automatic rules update for ExtrusionDetection

  • Setup Exim with TLS for mail proxying (warn about earthlink)
    • Setup transparent proxy for port 80 and port 25
  • SSL support on nocat auth page -EricJohanson

    • Are you referring to the NoCatAuth bug where https requests don't get proxied to the portal properly or are you wanting the login page to the SSL'd? -- AdamShand

  • Real time reporting...

Open Bugs

From AdamShand

From EricJohanson:

  • /etc/lilo.conf.install does not point to correct kernel image; (both 2.2.x and 2.4.x)
  • What does this mean? Any why is it saying it sooooo much? I get 1-2 of these per second. /var/log on my system is over 300 megs.
    • I believe this will be fixed with the next update which includes the lastest HostAp drivers. Well see anyway -- AdamShand

Unable to Duplicate

  • DNS Server doesn't load upon bootup
  • DHCP Server doesn't load upon bootup
    • I had this problem when i was setting up my own linux ap image, you the hostap driver takes a little while to initialize, longer than a normal one, so i fixed it by bumping dhcp to S99 in /etc/rc2.d/ --ForrestEnglish

  • Setting up image to work with other devices (EG: SBCs with different PCMCIA bridges)
    • I think this should "just work". Can you document any issues? -- AdamShand

  • Why can't I ping/traceroute out via the NAT?
    • interesting ... i'm not sure. the nocat nat implementation must be incomplete, i'll look into it.

Resolved Bugs

8 Jan 2002

  • Having lynx installed would help debugging 'net connections
    • It has links installed which is a better lynx then lynx :-) I've added a symlink for the uninitiated.

  • Add the debian package for Wavemon (new in unstable)
  • Screen doesn't turn off (might be my bios settings)
    • This is apparently a BIOS issue. Eric can you provide details of what you did to the BIOS?
  • AdHoc mode! This would be VERY helpful for SWN folks..... I've heard rumors that we want to use ADHoc for PtP links...

    • This was a known issue with the 2.4.16 kernel, please upgrade to 2.4.17. -- AdamShand

  • warnings loading modules; /var/log/something is readonly on kernel boot
    • this is normal, don't worry about it

10 December 2001

  • Update to 2.4.16 (10 Dec 2001)
  • Disable -- MARK -- in syslog ("-m 0") (10 Dec 2001)
  • Add simple batch file or configuration to switch to bridging instead of NAT (see /usr/local/bin/bridge-setup.sh)


DebianApImageBugs (last edited 2012-03-11 02:31:44 by RussellSenior)