Mailing List os2-wireless_users@2rosenthals.com Archived Message #4059

From:	Lewis G Rosenthal <os2-wireless_users@2rosenthals.com>	Full Headers Undecoded message
Sender:	os2-wireless_users-owner <os2-wireless_users-owner@2rosenthals.com>
Subject:	[OS2Wireless] OS/2 Access Point
Date:	Fri, 12 Dec 2003 15:43:11 -0500
To:	os2-wireless_users@2rosenthals.com

John, please kick me in the head if I ever sound like I'm being condescending; I certainly don't mean to be. I just read over some of my recent posts to you, and I hope you're setting aside whatever my tone appears to be (just a few frustrating days in the office, that's all). ;-) On 12/11/2003 08:11 am, John Poltorak thus wrote : On Wed, Dec 10, 2003 at 09:35:09PM -0500, Lewis G Rosenthal wrote: No. "Default route" or "default router" or "default gateway" implies the "most direct route from this network to another." I've always thought of it as the route of from one IP address to another if a direct connection cannot be established. A router connects to logically separate networks: 192.168.1.0 ---> router ---> 192.168.2.0 A bridge connects two physically dissimilar segments of the same network: 192.168.1.0 over ADSL ---> bridge ---> 192.168.1.0 over 100baseT A hub connects two or more nodes on the same segment, dividing the available bandwidth equally (as normal AP's do): Wired: 100baseT | 100baseT | 10baseT | 10base2 Wireless: 802.11b | 802.11b | 802.11g A switch connects two or more nodes on the same segment, rapidly turning on and off the available "pump" as stations request bandwidth, thus giving each station (or node) the "appearance" of a dedicated point-to-point link at or near the node's bandwidth limit: 100baseT | 100baseT | 10baseT | 10baseT 100Mbps -----------------> 10Mbps -----------------> So, your assumption that the AP acts as a router, is correct in actuality, if not in semantics. Yes, it "directs" the traffic from one to the other, but it acts as a hub. If you had three wired connections, and disconnected them from the hub, they wouldn't be able to communicate with each other. Likewise, while in infrastructure mode, if you "disconnect" the Wi-Fi clients from the AP, they can't communicate with each other. As all Wi-Fi clients in the hotspot are on the same network, the default route has no bearing whatsoever. The Sputnik AP simply does not act as a regular hub in its native mode. Instead, it acts as a partitioned smart hub, meaning it cordons off each attached client from seeing the other. In this manner, it appears to each client as though it (the client) is the only node on the network, even though all of the clients share a common subnet address. So, if we have five clients on the 192.168.1.0 subnet, numbered from 1 through 5, 192.168.1.1 cannot ping .2, .3, .4, or .5. It can, however, ping 4.2.2.2 (one of the root servers on the net), as that goes through its default gateway (say, 192.168.1.100, or whatever the AP's address is - the Sputnik AP actually combines a router in the same box as the AP). Surely the AP can ping .1 and .2 so why wouldn't tracerte find a way from .1 to .2 via the AP using the defaullt route? With a normal AP, yes, in a way. The beauty of the Sputnik software is that it partitions the hub, so that the guy slouched down in his chair at the coffee shop, on the same logical subnet as the guy at the next table checking his email at the office, can't start probing that guy's machine for open ports. With a normal AP, you wouldn;t need a default route, as that only gets used when you want a way off of your local subnet or you want to go somewhere where you have no other static route defined. Thus, if I am on a Wi-Fi network of 192.168.1.1 (associated with an AP), and you are also associated with that AP and have an address of 192.168.1.2, I can reach you, even if I have no default route assigned. In fact, for a default route to even be valid, it must exist on the same subnet as my - or your - address! Simply stated, if you consider a subnet to be a room, you don't need to go through a doorway (gateway/router/default route) to reach someone else in the same room. However, if you must go outside, there has to be a doorway from which you may exit the room and then (perhaps) another to get you outside. If there's no doorway to your room (default route, local to your subnet), you can't get out, even if I tell you that you have to go to the front door - 'cause you can't get to the front door without getting into the hallway! :-) It's not a NIC. It's a bridge which connects directly to the PCI bus, instead of connecting via ethernet. (I know, I know...I'm splitting hairs). :-) This is where my knowledge gets a little hazy. I thought a NIC defined the hardware and the bridging was done using software... No, not necessarily. Again, we're arguing more semantics than anything else. A "NIC" is simply a "network interface card." Usually, that "network" is a CAT-5 or coaxial LAN cable (thus "bridging" from the PCI bus to the ethernet bus - see my notes above), but it could just as easily be ADSL. It's still bridging from one bus to another. Seriously, though, an OS/2 box configured as an AP could very well do with just a NIC to go to an external bridge (and would be more flexible in its placement). Neat card, though. Thanks for the link!! There are quite a few ADSL PCI cards around and many have Linux drivers so maybe it would be possible to port them to OS/2, although I have no idea about how. Hmmm... I guess with the prices of routers down where they are, and motherboards with embedded NICs (another misnomer, as NIC implies a "card," and all that's embedded is an ASIC, or chip), I don't think of single-point cards to connect to ADSL. And you might find the following link interesting, as well: http://www.personaltelco.net/index.cgi/LinuxAccessPoint Thanks. I'll have to try out one of these Linux apps some day. One of the best features of this whole new wireless thing is the ability to snap things together. I missed out on the whole HAM radio craze, but this stuff more than makes up for it! In this scenario, yes, the all-in-one ADSL bridge card would come in handy. I see where you're headed, now. The proxy also gives you the best security, even beyond NAT. Yes, I don't like the idea of having to load a whole range of software on every client including firewall software when everything could just be installed on the gateway. Also a proxy provides quite a few options for access control for specific machines as well as being able to block 'undesriable' web sites for the whole LAN. This is the whole basis for Novell's BorderManager proxy cache, which I work with on a regular basis. You've hit the security issues right on the head, John. -- Lewis ------------------------------------------------------------ Lewis G Rosenthal, CNA Rosenthal & Rosenthal Accountants / Network Consultants New York / Northern Virginia www.2rosenthals.com Team OS/2 / NetWare Users International www.novell.com ------------------------------------------------------------ This OS/2 system (Apollo) uptime is 0 days 00:10 hours and 36 seconds =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= To unsubscribe from this list, send a message to steward@2rosenthals.com with the command "unsubscribe os2-wireless_users" in the body (omit the quotes). For help with other commands, send a message to steward@2rosenthals.com with the command "help" in the body (omit the quotes). =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Subscribe: Feed, Digest, Index.
Unsubscribe
Mail to ListMaster