Sometimes it’s not convenient to run wires to all the computers on your network. Pulling Ethernet cables through existing walls can be a pain. Dragging wires into your garden so you can sit in a lounge chair and surf the Internet can ruin the ambiance. With inexpensive, high- speed wireless equipment available today, a wireless LAN is an economical solution.
Although you can use wireless LAN cards with other computer systems, you may want to use Linux systems for one or more nodes in your wireless network. For example, the features in Linux can eliminate the need to buy other types of equipment. Some additional features that make Linux a valuable asset on a wireless LAN include:
Internet access — You don't need a separate router or gateway machine to attach your wireless LAN to the Internet. Having wired and wireless Ethernet LAN cards on a Linux system enables your wireless clients to access the Internet through your Linux system.
Firewall — Owing to some inherent security weaknesses with wireless encryption protocols, you may want to add an extra measure of security to your network by configuring firewalls. With a Linux firewall (iptables) at the boundary between your wireless LAN and your larger network, you still have a measure of protection for your larger network if someone cracks your wireless LAN.
Monitoring and logging — All the tools you use for monitoring and logging activity on your wired networks in Linux are also available for your wireless network.
This section describes how to use wireless LAN equipment on computers running Fedora to create a wireless Ethernet LAN. It focuses on configuring two Linux systems for wireless communication; however, once you configure these nodes, you can add Windows, Linux, or other types of systems to your wireless LAN by installing compatible wireless cards on each system.
Wireless LANs are most appropriate in environments where wires are impractical. Despite some challenges such as security and interference, a wireless LAN provides these advantages:
You don’t have to run wires in places that are hard to reach. In many cases, a single wireless LAN can extend your network throughout a building or to another building without the need for wires between each node.
For the price of a wireless card, you can save the expense of wires, hubs (the air is your hub), and wall repairs (to fix the holes from pulling wires through).
You can freely move computers around within the transmission range that your environment allows (distances being limited by such variables as antenna power, obstacles, and rates of transmission).
Although several different wireless networking standards exist, this chapter focuses on the installation of relatively low-cost, standard IEEE 802.11b and 802.11g wireless-networking equipment. An 802.11b or 802.11g wireless network uses space in the spectrum available to the public (in other words, you use space in the air for which no special license is required). The 802.11 standards are often referred to as the Wi-Fi, or Wireless Fidelity, standard.
An 802.11 network is characterized by the following:
It provides transmission rates of up to 11 Mbps (802.11b) or up to 54Mbps (802.11g). Transmission rates can also be set (or auto-detected) to lower rates for each standard.
It uses the 2.4 GHz band of the spectrum. Microwave ovens and some high-end mobile phones also use this band. (Check local regulations if you are setting up an 802.11 network outside the United States.) To reduce congestion, 14 separate channels have been made available within the 2.4 GHz range.
It allows transmission over distances as short as a desktop away to as long as several miles away (using special antennas). Greater distances can be gained at lower transmission speeds.
Makes connections between multiple clients or clients and a base station (usually referred to as an access point). On the clients, the wireless LAN cards run in Ad-hoc mode, while the base station uses infrastructure mode (also called Managed mode).
| Note | The Orinoco card, as well as other wireless-network cards supported in Linux, cannot act as an access point because it does not do bridging. Bridging allows a node to receive a frame from one node and forward it to another node without changing the first node’s MAC address. (The MAC address uniquely identifies a network card.) A wireless LAN card in Linux, however, can communicate with an access point by running in Managed mode and indicating the MAC address of the access point. | 
Other 802.11 standards exist (such as 802.11a, which can operate at higher speeds), but for the most part wireless-equipment manufacturers originally rallied around the 802.11b standard, and now rally around the 802.11g standard (which can communicate at lower speeds with 802.11b equipment as well).
| Cross-Reference: | To see a complete list of Wi-Fi–certified products, visit the WECA Web site (www.wirelessethernet.org, then click Wi-Fi Certified™ Products). Although these products should be able to communicate with each other, they do not all have drivers that are compatible with Linux. | 
After your wireless network has been configured, you can use the wireless connections as you would a regular wired Ethernet connection. For example, you can configure TCP/IP on top of your wireless network so that it acts as a gateway to your network’s Internet connection. If you are using Linux as a wireless network client as well, you can take full advantage of firewall, masquerading, network proxy, or other networking features to protect and make full use of your wireless network.
To get started with a wireless Linux LAN, you need at least two computers and two wireless LAN cards. The two types of wireless LAN cards described in this chapter are PCMCIA-type cards that you insert into those credit-card–sized slots on laptop computers, and PCI cards.
Not all wireless LAN cards that you can purchase today can be used with Linux. When you select a card, the most important issue is to make sure that there is a driver available for that card that will work in Linux. There are two ways to approach the driver issue:
Native Linux driver — Some wireless cards have drivers that were created specifically for Linux systems. Cards with those drivers have a good chance of being detected automatically and working after you install the wireless card.
Windows driver — Some wireless manufacturers don't offer Linux drivers and don't make their specifications available for others to write open source drivers. In those cases, it's possible to use an open source driver called ndiswrapper along with the Windows driver for the card.
Table 15-1 shows a list of network cards that have drivers included with Fedora. To use a wireless card not on the list, refer to the list of cards supported using Windows cards with ndiswrapper (http://ndiswrapper.sourceforge.net/wiki/index.php/List).
| Note | It's possible that even if your your wireless card isn't listed in Table 15-1 that it might still work with drivers included with Fedora. Some wireless cards that include the same chipset (and therefore work with the same driver) may be referred to by different names. Rather than try to keep track of all the various acquisitions and name-changes in the wireless industry, I refer you to the Linux Wireless LAN HOWTO (www.hpl.hp.com/personal/Jean_Tourrilhes/Linux). The Drivers section provides more insight into which drivers work with which cards. | 
| Wireless Network Adapter | Module | 
|---|---|
| 350 Series Wireless LAN Adapter (Cisco Systems) | airo_cs.ko | 
| Aironet PC4500 (Cisco Systems) | airo_cs.ko | 
| Aironet PC4800 (Cisco Systems) | airo_cs.ko | 
| AT&T WaveLAN Adapter | wavelan_cs.ko | 
| Atmel AT76C50X wireless | atmel_cs.ko | 
| Cabletron RoamAbout 802.11 DS | wvlan_cs.ko | 
| Compaq WL100 11 Mbps Wireless Adapter | orinoco_cs.ko | 
| Digital RoamAbout/DS | wavelan_cs.ko | 
| ELSA AirLancer MC-11 | wvlan_cs.ko | 
| Lucent Technologies WaveLAN Adapter | wavelan_cs.ko | 
| Intersil PRISM2 11 Mbps Wireless Adapter | wvlan_cs.ko | 
| Lucent Technologies WaveLAN/IEEE Adapter | orinoco_cs.ko | 
| MELCO WLI-PCM-L11 | orinoco_cs.ko | 
| MELCO WLI-PCM-L11G | orinoco_cs.ko | 
| NCR WaveLAN Adapter | wavelan_cs.ko | 
| Orinoco PC Cards | orinoco_cs.ko | 
| PLANEX GeoWave/GW-CF110 | orinoco_cs.ko | 
| Planet WL3501 | wl3501_cs.ko | 
| Xircom CreditCard Netwave | netwave_cs.ko | 
| ZCOMAX AirRunner/XI-300 | orinoco_cs.ko | 
If you are setting up your wireless LAN among several computers in close proximity to each other, you may not need an additional antenna. To deal with obstructions and longer distances, however, you can add indoor or outdoor antennas to your wireless hardware.
Again, because I have been discussing Orinoco wireless PC cards, I illustrate different types of indoor and outdoor antennas that are compatible with those cards.
The antennas that are built into wireless LAN cards often work well enough to enable communication among computers in an open area. Additional indoor antennas are useful if the direct line of sight between the wireless LAN cards is blocked. A computer may be locked in a storage closet or stuck under a desk. A pile of papers might inhibit transmission, or a sheet of metal might stop it dead. A small antenna that draws the transmission away from the card might be the answer to these problems.
While most wireless LAN cards don’t require a completely unobstructed line of sight, an obstacle can certainly slow reception. To get around this problem, an antenna such as the Orinoco IEEE range-extender can plug directly into an Orinoco Gold or Silver wireless LAN card. A 1.5-meter extension cable can bring the signal out from behind a closed door or out on top of a desk. When you set up the antenna, it is recommended that it be:
placed in a central location.
mounted vertically.
located away from obstructions (metal surfaces in particular, and, to a lesser extent, solid objects such as concrete walls or stacks of papers).
Refer to the instructions that come with your antenna for specific guidelines regarding placing and mounting the antenna.
Choosing and setting up outdoor antennas for your wireless LAN can be more difficult and expensive than setting them up indoors. Once the outdoor antennas are in place, however, you can save money because you won’t need multiple Internet access accounts (monthly fees, DSL/cable modems, and so on).
Although a complete description of the use of outside antennas with your wireless LAN is outside the scope of this chapter, here are some tips that will help you choose the best antennas for your wireless LAN.
Point-to-point versus multipoint — If you are creating a point-to-point link between two outdoor locations (for example, to share an Internet connection between two buildings), a directional antenna can help you achieve greater distance and transmission speeds. However, if your antenna is providing multipoint access for several other outdoor antennas or wireless clients (such as students working from laptops on the campus lawn), an omnidirectional antenna may be more appropriate.
Clearance — The clearer the line of sight between each outdoor antenna, the greater the distance and transmission speed you can achieve. Placing antennas at the highest possible points can prevent diminished performance caused by trees, cars, buildings, and other objects. The amount of distance between obstacles and the coverage area of your wireless transmission is referred to as the clearance factor (see Figure 15-9).
  
 
 Figure 15-9:   The distance of obstructive objects from the wireless signal is called the clearance.  
Distance — Although the actual distances over which antennas can send and receive data varies greatly based on different factors, you can achieve distances of many miles with outdoor antennas. For example, two Orinoco 24 dBi directional parabolic-grid antennas can theoretically achieve distances of up to 52 miles at an 11 Mbps transmission speed with a 180-meter clearance. Reduce that transmission rate to 1 Mbps and you can achieve distances of up to 149 miles with a 1200-meter clearance. Shorter distances are achieved with less expensive equipment, such as the Orinoco 14 dBi directional antenna which can achieve distances of up to 5.3 miles at 11 Mbps with a 13- meter clearance.
Cable factor — The distances that transmissions travel on the cables between the wireless cards and the antennas can be a factor in choosing the right antenna. The shorter the cables, the greater the distance and speed you will get on your antenna.
The power of an antenna is rated in terms of gain. Gain is measured in decibels, based on a theoretic isotropic radiator (or dBi). Higher gains offer opportunities for reaching greater distances at greater speeds. However, the ability of the antenna to focus that power (directional versus omnidirectional), greatly affects the speeds and distances that can be achieved.
If you are using a wireless card that includes a supported driver in Fedora, it's likely that it will be autodetected and you will be able to configure it as described later in this section. However, using a Windows driver and the ndiswrapper driver requires some extra configuration. The following procedure contains an example of configuring ndiswrapper with a Linksys 802.11g wireless PCI adapter card.
| Note | Much of this procedure was from the INSTALL file that comes in the ndiswrapper package. You should check that file to make sure that the procedure hasn't changed with the release of a new version of ndiswrapper. | 
Determine the kind of wireless card you are using. If you have a PCI card, type:
# lspci -v | less 00:0a.0 Network controller: Broadcom Corporation BCM4306 802.11b/g Wireless LAN Controller (rev 03) Subsystem: Linksys: Unknown device 0014 Flags: bus master, fast devsel, latency 32, IRQ 5 Memory at ee000000 (32-bit, non-prefetchable) [size=8K]
In this example, the PCI card is a BCM4306 802.11b/g Wireless Controller from Broadcom Corporation.
Check the following list of wireless card drivers known to run under ndiswrapper:
http://ndiswrapper.sourceforge.net/wiki/index.php/List
If your card is on the list, download the driver recommended on that page. I used the Linksys WMP54GS Wireless-G PCI Adapter (which was reflected by the chipset BCM4306 802.11g, rev 03 shown in the lspci output above). So I downloaded the driver as follows:
# mkdir wireless # cd wireless/ # wget ftp://ftp.linksys.com/pub/network/wpc54g_v2_driver_utility_v2.0.zip
After the file is done downloading, unzip the driver file. For the example, I typed:
# unzip wpc54g_v2_driver_utility_v2.0.zip
Next, get the ndiswrapper software (currently only source code is available) by downloading it to your Fedora Core system from the following site:
http://sourceforge.net/projects/ndiswrapper
With the ndiswraper source code package in the current directory, unzip and untar it as follows:
# tar xvfz ndiswrapper-*tar.gz
Change to the ndiswrapper directory and run the make command as follows:
# cd ndiswrapper* # make install
Get the INF file from the unzipped driver package. From our example, the file we needed was lsbcmnds.inf. Then run the ndiswrapper -i command to install the driver. For example, with the lsbcmnds.inf file in the current directory, I ran:
# ndiswrapper -i lsbcmnds.inf
Check that the driver is now available and the hardware is available:
# ndiswrapper -l lsbcmnds driver present, hardware present
To load the ndiswrapper module, type the following
# modprobe ndiswrapper
To check that the ndiswrapper module loaded properly, you can check the /var/log/messages file. These messages appeared after the module was loaded:
Nov 2 20:28:53 toys kernel: ndiswrapper version 0.11 loaded (preempt=no,smp=no) Nov 2 20:28:53 toys kernel: ACPI: PCI interrupt 0000:00:0a.0[A] -> GSI 5 (level, low) -> IRQ 5 Nov 2 20:28:53 toys kernel: ndiswrapper: using irq 5 Nov 2 20:28:54 toys udev: creating device node '/dev/ndiswrapper' Nov 2 20:28:54 toys kernel: wlan0: ndiswrapper ethernet device 00:0f:66:6f:b9:0a using driver lsbcmnds Nov 2 20:28:54 toys kernel: wlan0: encryption modes supported: WEP, WPA with TKIP, AES/CCMP Nov 2 20:28:54 toys kernel: ndiswrapper: driver lsbcmnds (The Linksys Group, Inc.,07/17/2003, 3.30.15.0) added
From the output, you can see that the ndiswrapper module was loaded, that it found the wireless PCI card, and that the wlan0 interface was assigned to that device using the lsbcmnds driver. With the card properly detected, you can configure TCP/IP to use with that card.
If you did a personal desktop or Everything installation of Fedora on your computer, the software packages you need to create your wireless LAN may already be installed. Drivers and modules needed to support PCMCIA cards and wireless cards should be in your system.
Besides the wireless drivers, the following software packages contain tools for configuring and working with your wireless LAN cards in Fedora:
pcmcia-cs — Contains commands and configuration files to support your wireless card if it happens to be a PCMCIA card.
wireless-tools — Contains commands for setting extensions for your wireless LAN interface. Commands include iwconfig (for configuring your wireless interface) and iwlist (for listing wireless statistics).
After you have established a wireless LAN interface, you can use a variety of Linux software to monitor and control access to that interface. You will need to install the appropriate software packages as well.
Before you begin testing the distances you can achieve with your wireless Linux LAN, I recommend that you configure wireless cards on two computers within a few feet of each other. After the two computers are communicating, you can change wireless settings to tune the connection and begin experimenting with transmission distances.
The following sections describe the steps you need to take to set up a wireless LAN between two Linux systems. Although only two nodes are described, you can add more computers to your wireless LAN once you know how. This procedure describes how to operate your wireless Linux LAN in two different modes:
Ad hoc — All the computers in your wireless LAN are gathered into a single virtual network made up of only one cell. A single cell means that you cannot roam among different groups of wireless nodes and continue your communication invisibly. To do that requires a managed network.
Managed — As I noted earlier, many wireless cards supported in Linux cannot operate as access points. A Linux wireless card, however, can operate as a node in a managed network. The wireless-configuration tools that come with Fedora let you identify the access point for Linux to use by indicating the access point’s MAC address.
Install your wireless cards per the manufacturer's instructions. Then configure the interface for each card as described in the following procedure.
The Network Configuration window (neat command) can be used to configure wireless Ethernet card interfaces, as well as regular wired Ethernet cards. The following procedure describes how to configure a wireless Ethernet card using the Network Configuration window.
| Note | If your wireless card driver does not appear on the list, you may need to configure your wireless card manually, as described later in this chapter. Step through this procedure and if you are not able to activate the wireless card, refer to the description of the ifcfg-eth1 file. | 
Start the Network Configuration. From the red hat menu, click System Settings ® Network, or, as root user from a Terminal window, type neat. The Network Configuration window appears.
Click the New button. The Select Device Type window appears.
Click Wireless connection and Forward. The Select Wireless Device window appears.
Select your wireless card from the list of cards shown, and click Forward. The Configure Wireless Connection window appears, as shown in Figure 15-10.
  
 
 Figure 15-10:   Add a wireless interface using the Network Configuration window.  
Add the following information and click Forward:
Mode — Indicates the mode of operation for the wireless LAN card. Because I am setting up a wireless LAN consisting of only one cell (in other words, with no roaming to cells set up in other areas), I could set the mode to Ad hoc. Ad hoc mode allows the card to communicate directly with each of its peers. You can use Managed mode if you have multiple cells, requiring your card to communicate directly to an access point. You can also use Managed mode for a point-to-point network.
Network Name (SSID) — The network name (or Network ID) that identifies cells that are part of the same network. If you have a group of cells (which might include multiple nodes and repeaters among which a client could roam), this name can identify all of those cells as falling under one virtual network. Choose any name you like and then use that name for all computers in your virtual network. (SSID stands for Service Set ID.)
Channel — Choose a channel between 1 and 14. You can begin with channel 1; if you get interference on that channel, try changing to other channels.
Transmit Rate — Choose the rate of transmission from the following rates: 11M, 5.5M, 2M, 1M, or Auto. Choosing Auto allows the interface to automatically ramp down to lower speeds as needed. Lower speeds allow the interface to transmit over greater distances and deal with noisy channels.
Key — You need the same encryption key for all wireless LAN cards that are communicating with each other. It is critical to get this value right. This key is used to encrypt all data transmitted and decrypt all data received on the wireless interface. You can enter the number (up to 40 digits, depending on what is supported by your card) as XXXXXXXXXX or XXXX-XXXX-XX (where each X is a number from 0 to 9 or letter between A and F). For 64-bit encryption, the key must be ten hexadecimal characters; for 128-bit encryption, the key must be 26 hexadecimal characters.
A Configure Network Settings window appears.
You can enter the following information:
Automatically obtain IP address settings with: If you want to get your IP address from a DHCP server, click this box and the rest of the information is obtained automatically. Otherwise, set the IP address statically using the other options.
Host name: If you are using DHCP, you can optionally add a host name to identify this network interface. If none is entered here, the output from the /bin/hostname command is used.
Statically set IP addresses: Click here to manually set your IP addresses.
Address: If you selected static IP addresses, type the IP address of this computer into the Address box. This number must be unique on your wireless network.
Subnet Mask: Enter the netmask to indicate what part of the IP address represents the network. (Netmask is described later in this chapter.)
Default Gateway Address: If a computer on your wireless LAN is providing routing to the Internet or other network, type the IP address of the computer here.
Click Forward to see a listing of the information you just entered.
Click Apply to complete the new wireless network interface.
Click File ® Save (on the main window) to save the interface.
This procedure creates an interface configuration file in your /etc/sysconfig/network-scripts directory. The name of the configuration file is ifcfg- followed by the interface name (such as eth0, eth1, and so on). So, if your wireless card is providing your only network interface, it would be called ifcfg-eth0.
Using any text editor, open the ifcfg-eth? file (replacing ? with the interface number) as root user. The following is an example of an ifcfg-eth1 file:
# Please read /usr/share/doc/initscripts-*/sysconfig.txt # for the documentation of these parameters. IPV6INIT=no ONBOOT=no USERCTL=no PEERDNS=no GATEWAY=10.0.0.1 TYPE=Wireless DEVICE=eth1 HWADDR=00:02:2d:2e:8c:a8 BOOTPROTO=none NETMASK=255.255.255.0 IPADDR=10.0.1.1 DOMAIN= ESSID= CHANNEL=1 MODE=Ad-Hoc RATE=11Mb/s NETWORK=10.0.1.0 BROADCAST=10.0.1.255
In this example, the wireless card’s hardware (MAC) address is automatically set to 00:02:2d:2e:8c:a8.(Your MAC address will be different.) The interface is not yet set to come up at boot time (ONBOOT=no). The interface device is eth1 (which matches the interface filename ifcfg-eth1), because this particular computer has another Ethernet card on the eth0 interface. The interface type is set to Wireless.
Other information in the file sets standard TCP/IP address information. The NETMASK is set to 255.255.255.0 and the IP address for the card is set to 10.0.1.1.The broadcast address is 10.0.1.255.
You can also set many options that are specific to your wireless network in this file. The following list explains some additional options that you might want to set:
NWID — Identifies the name of this particular computer on the network. The computer’s host name (determined from the uname -n command) is used by default if you don’t set it with NWID.
FREQ — You can choose a particular frequency in which to transmit. No value is required, because selecting a channel implies a certain frequency. If you do enter a frequency, the value must be a number followed by a k (kilohertz), M (megahertz), or G (gigahertz). The default values for the channels you select range from 2.412G (channel 1) to 2.484G (channel 14), with other channels occurring at increments of .005G. The default is 2.422G.
SENS —You can select the sensitivity level of the access point. SENS can be set to 1 (low density), 2 (medium density), 3 (high density). The default is 1.The sensitivity threshold has an impact on roaming.
| Caution | The encryption algorithm used with 802.11 networks is the Wired Equivalent Privacy (WEP) algorithm. Though using the encryption key is more secure than not using it, experts feel that WEP has some inherent flaws that might allow a drive-by hacker to decrypt your wireless LAN traffic. For that reason, I strongly recommend using additional techniques to protect your wireless LANs, such as firewalls and diligent log-checking. See the “Wireless Security” sidebar for further information. (In the future, keep your eyes open for support for WPA encryption standards, which are expected to be more secure than WEP.) | 
Besides those options just shown, you can also pass any valid options to the iwconfig command (which actually interprets these values), by adding an IWCONFIG option to the configuration file. Display the iwconfig man page (man iwconfig) to see all wireless options. Also view the /etc/sysconfig/network-scripts/ifup-wireless script to see how the options you just added are processed.
| Note | On the computer that is acting as a gateway from your wireless network to the Internet, you need to turn on IP packet forwarding. Change the value of net.ipv4.ip_forward to 1 in /etc/sysctl.conf. Open that file as the root user with a text editor and change the line as follows: net.ipv4.ip_forward = 1 | 
Repeat the configuration procedure for each wireless Fedora computer on your LAN. At this point, your wireless network should be ready to go. Restart your network, as described in the following steps, to make sure that it is working.
To immediately activate the wireless interface you just configured, select the Wireless entry on the Network Configuration window and click the Activate button. After a few seconds, the Status should appear as Active.
To have the interface start when you reboot your computer, click the wireless interface from the Network Configuration window and select Edit. From the Wireless Device Configuration window that appears, click the box next to “Activate device when computer starts.”
If you want to explicitly enter a Network Name (SSID), click the Wireless Settings tab on the Wireless Device Configuration window. From there, select Specified, type the network name (any name you choose to match others on your wireless network), and click OK.
Be sure to save your changes on the Network Configuration window by clicking File ® Save.
Your wireless LAN interface should be operating at this point. If another wireless computer is available on your wireless network, try communicating with it using the ping command and its IP address (as described in the "Can you reach another computer on the LAN?" section later in this chapter).
If you are not able to communicate with other wireless nodes or if transmission is slow, you may have more work to do. For example, if you see messages that say “Destination Host Unreachable,” instead of the output shown earlier, refer to the section on “Troubleshooting a wireless LAN” for help.
|  | 
The Wireless Ethernet Compatibility Alliance (WECA) has recommended changes in response to security concerns about wireless networks. They did this because, unlike wired networks, which can often be physically protected within a building, wireless networks often extend beyond physical boundaries that can be protected.
The Wireless Equivalent Privacy (WEP) standard adds encryption to the 802.11 wireless standard. WECA refers to WEP as its way of providing “walls” that make wireless Ethernet as secure as wired Ethernet. However, you need to implement WEP, as well as other security methods that would apply to any computer network, in order to make your wireless network secure. Here are WECA’s suggestions:
Change the default WEP encryption key on a regular basis (possibly weekly or even daily). This prevents casual drive-by hackers from reading your encrypted transmissions.
Use password protection on your drives and folders.
Change the default Network Name (SSID).
Use session keys, if available in your product (session keys are not supported in current Linux wireless drivers).
Use MAC address filtering (supported in a limited way in Linux).
Use a VPN (Virtual Private Network) system, which can add another layer of encryption beyond that which is available on your wireless network.
For larger organizations requiring greater security, WECA suggests such features as firewalls and user-verification schemes (such as Kerberos). As I mentioned earlier in this chapter, features for protecting from intrusions and restricting services are already built into Fedora. Refer to the descriptions of security tools in Chapters 14, 15, and 16 for methods of securing your network, its computers, and their services. In particular, you could consider adding a VPN such as CIPE (described in Chapter 16) to further secure all data sent on your wireless LAN.
|  | 
Although you may be thrilled to have a wireless LAN working between two computers, you will probably want these computers to be located some distance from each other to make the LAN useful. Getting your wireless LAN to work at the desired distances can be quite a challenge. See the section “Selecting antennas” earlier in this chapter for suggestions on selecting and using antennas to configure the type of wireless LAN you are interested in.
After the wireless module is loaded, you can change wireless extensions using the iwconfig command. The iwconfig command is the command that is actually used to set the options added to the ifcfg configuration script (for example, for the eth1 interface, the script would be /etc/sysconfig/network-scripts/eth1).
Some of the same options that you set when the module was loaded can be reset using the iwconfig command. The iwconfig command can be useful for testing different settings on an active wireless LAN. The syntax of the iwconfig command is as follows:
# iwconfig interface parameter value
The interface is the name of the wireless interface you want to change, such as eth1 or wvlan0. The parameter is the name of the option, and the value is replaced by its value. For example, to set your network name (ESSID) to Homelan, you could type the following as root user:
# iwconfig eth0 essid "Homelan"
Table 15-2 contains a list of available options for the iwconfig command. Refer back to the "Configuring the wireless interface" section for further details on these options.
| Option | Description | 
|---|---|
| essid name | Indicates the network name. | 
| ap address | Indicates that the access point is at a particular MAC address. For low-quality connections, the client driver may return to trying to automatically detect the access point. This setting is only useful in Managed mode. | 
| channel # | Picks the channel number to operate on. | 
| frag frag_size | Sets the fragmentation threshold for splitting up packets before they are transmitted. | 
| freq 2.4??G | Sets the frequency of the channel to communicate on. | 
| key xxxx-xxxx-xx | Sets the key used for WEP encryption. | 
| mode option | Sets the mode used for communications to Ad-hoc, Managed, Master, Repeater, Secondary, or Auto. | 
| nick name | Sets the station name to define this particular computer. | 
| rate XXM | Defines the transmission rate to use. | 
| rts number | Sets the RTS/CTS threshold for packet transmission. | 
| retry number | For cards that support MAC retransmissions, you can use this option to determine how many retries are made before the transmission fails. The value can be a number (indicating number of seconds allotted for retries), or a number followed by an m (for milliseconds) or u (for microseconds). Instead of a number, you can set a number of retries using the limit parameter. For example: retry limit 100 indicates that the transmission can retry up to 100 times. | 
| sens number | Sets the lowest possible sensitivity threshold for which the wireless interface will try to receive a packet. Raising this level can help block out interference from other wireless LANs that might weakly encroach on your transmission area. | 
The best place to add iwconfig options permanently in Fedora is the configuration file for your wireless interface in the /etc/sysconfig/network-scripts directory.
Options to iwconfig are added to the wireless interface file (such as ifcfg-eth0 or ifcfg-eth1) using the IWCONFIG parameter. For example, to add an encryption-key value of 1234-1234-12 for your wireless LAN card, you could add the following line to your wireless-interface file:
IWCONFIG="key 1234-1234-12"
