Differences between revisions 44 and 46 (spanning 2 versions)
Revision 44 as of 2009-06-05 12:56:31
Size: 17399
Comment: added some notes on the new network.
Revision 46 as of 2011-05-27 02:54:08
Size: 17662
Comment: switched the WDS link for a sparkling new batman-adv link (with OpenWrt replacing the ancient Metrix Pyramid)
Deletions are marked like this. Additions are marked like this.
Line 15: Line 15:
 * NuCab (provided by PersonalTelco)  * Alix 2D13 (provided by PersonalTelco)
Line 30: Line 30:
 * DebianLinux sarge
 * NoCatAuth
 * Pyramid Linux (on metrix)
 * AlixCab
  * OpenWrt r18781
  * NoCatAuth
  * OpenVpn
  * Olsrd
  * Snmpd
 * OpenWrt r27000 (on metrixes)
  * Batman-adv
  * ath5k drivers
Line 36: Line 42:
 * Hostname: [[http://en.wikipedia.org/wiki/Michael_Servetus|servetus]]  * Hostname: jodie
Line 55: Line 61:
 * BSSID (local coverage - wifi0): 00:0B:6B:56:01:93
 * BSSID (wds link - wifi1): 00:0B:6B:4F:6A:16
 * WDS channel: 165
 * BSSID (local coverage - wlan1): 00:0B:6B:56:01:93
 * BSSID (batman-adv link - wlan0): 00:0B:6B:4F:6A:16
 * WDS channel: 161
Line 61: Line 67:
 * Purpose: Repeater/AP
 * BSSID (local coverage - wifi1) 00:0B:6B:0A:7F:18
 * BSSID (wds link - wifi0) 00:0B:6B:0A:7E:9B
 * WDS channel: 165
 * Purpose: AP
 * BSSID (local coverage - wlan1) 00:0B:6B:0A:7F:18
 * BSSID (batman-adv link - wlan0) 00:0B:6B:0A:7E:9B
 * WDS channel: 161
Line 96: Line 102:
=== To Do List ===

 * Add emerson and origen to DNS
 * Coverage Maps
 * Talk to OutsideIn about using their DSL line too -- collaboration in general.
Line 104: Line 104:
 * 2011-05-27: Reflashed the metrixes (basalt and emerson) with OpenWrt r27000 images including batman-adv to replace the old WDS links. Hopefully, this will make emerson more stable (it sometimes freezes or locks up the wifi, requiring intervention). --RussellSenior
 * 2009-12-31: MarinoDuregon and I replaced the old NuCab "servetus" with an AlixCab "jodie". --RussellSenior

Node name: First Unitarian Church
Live Date: 2006-02-27
Contact: Chris Gates

Portland Maps

1011 SW 12th Avenue
Portland, OR 97205
(503) 228-6389
Office hours M - F, 9:00 am to 4:00 pm

Map: https://cwnmyr.personaltelco.net/nodes/FirstUnitarian


  • Alix 2D13 (provided by PersonalTelco)

  • NetgearWgt634u (provided by First Unitarian Church)

  • Metrix Mark II Kit (provided by First Unitarian Church)
    • Soekris net4826
    • 2 A/B/G 100mW Atheros Radios
    • PoE injector
    • Rooftop Sled
    • 9 dBi Antenna with 7-degree downtilt
    • 5ft LMR-195 Jumper with female N connectors
  • 17 dBi 5.8 GHz backfire antenna (surplus from the MGP)
  • 5' LMR-400 Jumper (donated by CalebPhillips)

  • Oldish Netgear Wireless Router (donated by GregZupan)

Software Installed

Network Configuration

  • Hostname: jodie
  • Internet Network:
  • Gateway:
  • Upstream DNS servers:,
  • PTPnet Network:
  • IP:
  • Purpose: Gateway

  • Hostname: origen (a WGT634U)

  • SSID: www.personaltelco.net
  • BSSID: 00:09:5B:F8:17:F6
  • Channel: 1
  • IP:
  • Ethernet MAC: 00:09:5B:F7:69:2A
  • Purpose: AP

  • Hostname: emerson (a metrix)

  • IPs:
  • Purpose: AP
  • BSSID (local coverage - wlan1): 00:0B:6B:56:01:93
  • BSSID (batman-adv link - wlan0): 00:0B:6B:4F:6A:16
  • WDS channel: 161

  • Hostname: basalt (a soekris net4826-50 located at NodeCornerstone)

  • IPs:
  • Purpose: AP
  • BSSID (local coverage - wlan1) 00:0B:6B:0A:7F:18
  • BSSID (batman-adv link - wlan0) 00:0B:6B:0A:7E:9B
  • WDS channel: 161

Installers / Organizers

Installation Notes



FirstUnitarianChurch owns the entire block. This includes several entire buildings and a lot of diverse architecture. The overall goal is to saturate a few specific spots inside the buildings and cover the surrounding neighborhood with free wireless internet. The relevant buildings are:

  • The Eliot Center ("EC") will be built in coming months and years. It will take the place of several existing, smaller buildings. Once constructed, the Eliot center will be used for various community events, education and activities. As such, it will need some wireless coverage. However, this is still a couple of years off.
  • The Office Building ("0") houses the existing IT infrastructure and many small offices. Currently, there is a DSL line which serves something like 2-dozen users and a couple of servers. I suspect that Wifi coverage in the Office Building is not a huge priority, as most anywhere you would want connection has a lan-drop. However, it would still be nice.
  • The Salmon Street Sanctuary ("SS") is on the corner of 12th and Salmon, it is on the historic registry, and is currently undergoing construction for seismic upgrades, which are expected to finish by March. Once this construction finishes, its bell-tower may be the ideal location for a some sector antennas pointed out windows to cover the surrounding area. Also, the inside of this building should be covered eventually. It's construction is steel re-enforced masonry with plaster inlaid with steel mesh - a FarradayCage. Below and around the sanctuary are several other floors which house classes for NW Academy (who appear to have their own wireless network locally), religious education, music classes, and some other things.

  • The Main Street Sanctuary ("MS") houses a second sanctuary (which has recording hardware for podcasting and is used for religious service as well as various speaking events) and "Fuller Hall" in the basement, which hosts community gatherings. Both the second sanctuary and Fuller hall are prime candidates for initial unwiring.
  • The unlabelled building is an apartment building for the Outside-In, which would surely benefit from FreeWireless, and may be willing to collaborate. If they are, they sure do have a nice chimney (on top of a scary roof).

Line of sight from 12th and Jefferson to Emerson's Yagi:


Maintenance and System Log

  • 2011-05-27: Reflashed the metrixes (basalt and emerson) with OpenWrt r27000 images including batman-adv to replace the old WDS links. Hopefully, this will make emerson more stable (it sometimes freezes or locks up the wifi, requiring intervention). --RussellSenior

  • 2009-12-31: MarinoDuregon and I replaced the old NuCab "servetus" with an AlixCab "jodie". --RussellSenior

  • 2009-06-04: Installed a new network in the new wing of the church (on the NW corner of the block). This new building used "modern" construction techniques that appear to severely attenuate RF. I was unable to associate from the curb just outside the building. The new network consists of a Netgear WGT634U (hostname: clara (as in clara barton)) running NoCatAuth (yes, not NoCatSplash), and two Ruckus VF-2825-US access points. The WGT634U in located in a wiring closet in the basement. One Ruckus is on the first floor at the West end of the building, while the other is on the second floor on the East end of the building. The WGT634U is hanging off of a new DSL service through Qwest, this because running an ethernet cable through to the old building was seen as more difficult. --RussellSenior

  • 2008-12-05: Two recent incidents:
    • Noticed that the rooftop access point radio had not been seen in a while, rebooted, which seemed to fix it for a while (saw it driving by on I405 a day or so later);
    • Noticed a few days ago that emerson (rooftop) was no longer reachable from servetus. Called and then went by today and power-cycled it from the bell tower stairwell. Connected to it via the ethernet, then via wireless, and it's back online again.

    Also noticed that there is another access point in the vicinity, but did not connect: 00:09:5B:33:29:65, which looks like maybe another wgt. --RussellSenior

  • 2007-09-07: Yesterday, the Church IT guy (Doug) gave me the password for the DLINK router. I went down and tried to figure out what was wrong. I was seeing the dropped packets in the log, but couldn't figure out which rule they were referencing. This afternoon I went back and did a factory reset, and then reconfigured by loading a configuration backup. That didn't immediately fix it either, but it got me looking more closely at the rules. I think the problem was that the DMZ rules were default DROP. We needed a rule that allowed traffic. And we needed to add the rules in a way that caused the DLINK to let them stick (which I think might have been the issue yesterday). I tested that incoming tcp ports did not get redirected by default to our box, just the ones that were specified in the router (the ISP guy seemed to be under the mistaken impression that all ports got redirected to the DMZ host unless redirected elsewhere). Doug implied that the ISP guy was responsible for the rule ALLOW rule elimination. Anyway, it is back up and apparently functional again, in time for the Church's teacher training event this weekend. Sorry for the long outage folks, but it was outside of my control. --RussellSenior

  • 2007-08-08: While trying to patch up snmp node monitoring here, I found that UDP appears to be blocked. This is fucking up DNS, which is reducing the utility of the node. Unblocking other UDP ports would be nice as well, like SNMP. Also, their port forward of 5280 appears to go to our port 80, which is broken. Should just forward to 5280. Need to contact the IT folks to inquire. --RussellSenior

  • 2007-08-03: This week we experienced some outages due to complaints from a mega-corporation about our network serving up bittorrent ports. As a result, the ISP called the church IT people, who unplugged our gear. I spoke to the IT people and the ISP. The ISP claims that there were ports open for connecting prior to the unplugging. I was never able to confirm that any ports were actually open, so my diagnosis was mostly blind. I believe it *might* have been due to an iptables rule for the meraki network that involved -m state --state RELATED,ESTABLISHED. It is possible that those were being twiddled to forward ports back into the network. I have disabled that rule and also configured nat/masquerading at basalt, the NodeCornerstone soekris. Today, having seen the bittorrent traffic reappear, I called the ISP and they were not seeing any external ports open either. Unless new information arrives, the case appears to be closed. --RussellSenior.

  • 2007-05-06: RussellSenior, BenGates, MichaelHanna, and I Installed gear on cornerstone Apt. Building. We Used a WDS link on 5.8 Ghz to connect this gear (named basalt) to emerson. It provides additional local coverage to this area with a 9dbi omni antenna. -- CalebPhillips

  • 2007-04-04: Met with guys from apartment building at 12th and Jefferson. They want to connect to and repeat the signal from the metrix and have both gear and roof access. We start by aiming the yagi on the church bell tower. Then, move to the apartment building roof and try to connect with an SMC bridge and enclosed yagi they have. Run into some trouble configuring the bridge. We need to upgrade the firmware (Michael is doing this) and may need to enable WDS on the metrix as it seems the SMC bridge wants it. The connection just using laptops is awesome - ping flooding drops no packets and there is perfect line-of-sight. Also, this roof has line of sight to other roofs in the area we may be able to get on. SamChurchill showed up and took some photos. As a proof-of-concept, it was very successful. We just need to get all the gear together and do the install. We played around with a couple Meraki minis, using one as a bridge connected to the UU metrix, but ran into problems with routing because the Meraki's want to use which colides with the address space of the node ( - we need to figure out how to change the addressing scheme the meraki's use. -- CalebPhillips

  • 2007-02-05: Tamarack, RussellSenior, and I visited the node, fixed the crimps on the LongRun and then it worked (after a bit of head-scratching). The rooftop devices are now production-ready. -- CalebPhillips

  • 2007-02-05: Swapped the churches configured WGT (origen) back in for the loaner. Noticed that someone had plugged in the cat5 run towards the roof, but couldn't ping from either side. Need to get in and check the crimps at both ends, then the roof with *finally* be online and usable! --RussellSenior

  • 2007-01-21: Made some configuration changes on servetus for NodeMonitoring. Also, sometime in December, RussellSenior put OpenWRT on the WGT, but it never got documented here. -- CalebPhillips

  • 2006-11-12: RussellSenior, GregZupan, ChrisGates, and I did the "StageTwo" install by putting a metrix and sled on the bell-tower on the corner of 12th and Main. Currently this does not have a full cat-5 run up to the rest of the network, but is getting power, and is functional. FirstUnitarian staff will run cat-5 the rest of the way, and then it should be working. Photos from install here. -- CalebPhillips

  • 2006-09-25: RussellSenior, GregZupan, ChrisGates, PesheScott, and I did a site survey for "StageTwo". Decided that the best option is a non-penetrating quadropod sled on the 12th and Main tower (which has a flatspace on top) with a soekris in the typical MetrixMarkII enclosure with an omni. Will have a second radio for a point-to-point link at some point. Going foward on gear purchases and logistics, looking forward to an install within a month or two. -- CalebPhillips

  • 2006-08-02: Moving forward on initial plans to cover a radius of 2-3 blocks, ChrisGates, GregZupan, and I have initiated some more planning, which should result in action come September2006 and October2006. -- CalebPhillips

  • 2006-02-27: GregZupan, ChrisDawson, and I met at the Church at 6:00pm to finish up the install. We quickly determined that the cable run must have been pinched somewhere along the line. We made a second run of cable, tested it, and it worked. After removing the bad cable, pinning up the good one, crimping ends, and plugging in - everything seems to work. In fact, this log is being made via the connection from the upper balcony of the Main Street Sanctuary (MSS). Yay. -- CalebPhillips

  • 2006-02-26: GregZupan and ChrisGates attempted to finish the install only to find the cable run was bad -- CalebPhillips

  • 2006-02-19: Cleaned up a few more "node 42" references from our builder mis-steps. Added the local DNS servers to /etc/net-node/named.conf.options. Made /etc/nocatauth/gateway/htdocs a symlink to /home/web/node/firstunitarian, and /etc/net-node a symlink to /root/firstunitarian (the local svn checkout) instead. --RussellSenior

  • 2006-02-18: Met out at the church today with the intention of running Cat5e from the office to the MSS balcony and installing the captive the portal server. I was joined by RussellSenior and a few people from the church (ChrisGates, GregZupan, and GardnerGrice). The Cat5e run was put off until a more powerful drill can be acquired for getting through a concrete wall. Installing the gateway seems to have been successful. I have updated the information above accordingly. Also, we setup a the WGT in the office as a proof-of-concept until the cable run is complete. Work will continue as soon as possible. -- CalebPhillips

  • 2006-02-16: RussellSenior and I did a "builder install" on NuCab for this node. In spite of the builder-scripts only partially working (due to subversion authentication), the resulting NuCab seems to mostly work. -- CalebPhillips

  • 2006-02-11: ChrisGates did some reconnaissance, getting in touch with the OutsideIn and NWAcademy. He also determined a way to run Cat5e from the Office to the MS. Next step is to buy gear and install it -- CalebPhillips

  • 2006-02-02: Went out to site to do an initial site survey. Details above. Will post pictures at some point. -- CalebPhillips


  • Photos of this node and it's installs are in the gallery.

  • More information about this node can be found in Adhocracy.

  • Origen (the Netgear WGT634U) configuration:
    • Built OpenWrt r6007 and installed the jffs2 image

    • From serial console:
      • set password:
        # passwd
      • configured wireless in: /etc/config/wireless
        • modified channel and ssid
          config wifi-device  wifi0
                  option type     atheros
                  option channel  1
          config wifi-iface
                  option device   wifi0
          #       option network  lan
                  option mode     ap
                  option ssid     www.personaltelco.net
                  option hidden   0
                  option encryption none
      • configured network in: /etc/config/network
        • added all interfaces to interface lan's bridge (so it doesn't matter which port you plug the ethernet into)
        • added a default gateway to lan's configuration
        • commented out the wan interface stanza entirely
          #### VLAN configuration 
          config switch eth0
                  option vlan0    "0 1 2 3 5*"
                  option vlan1    "4 5"
          #### Loopback configuration
          config interface loopback
                  option ifname   "lo"
                  option proto    static
                  option ipaddr
                  option netmask
          #### LAN configuration
          config interface lan
                  option type     bridge
                  option ifname   "ath0 eth0.0 eth0.1"
                  option proto    static
                  option ipaddr
                  option netmask
                  option gateway
          #### WAN configuration
          #config interface       wan
          #       option ifname   "eth0.1"
          #       option proto    dhcp
      • disabled dnsmasq and firewall in /etc/init.d:
        # cd /etc/init.d
        # mv dnsmasq dnsmasq_
        # mv firewall firewall_
    • modified hostname to "origen" in /etc/init.d/boot
      # Copyright (C) 2006 OpenWrt.org
      start() {
              [ -f /proc/mounts ] || /sbin/mount_root
              [ -f /proc/jffs2_bbc ] && echo "S" > /proc/jffs2_bbc
              vconfig set_name_type DEV_PLUS_VID_NO_PAD
              echo ${HOSTNAME:=origen}>/proc/sys/kernel/hostname
      #       echo ${HOSTNAME:=OpenWrt}>/proc/sys/kernel/hostname
              mkdir -p /var/run
              mkdir -p /var/log


NodeFirstUnitarian (last edited 2013-01-27 01:10:34 by RussellSenior)