Friday, February 01, 2008

Packet from table 6

I wish I knew more about networking. I have a technical need that I can barely describe, much less name.

For our new Dayton Oracle SIG, we want to run interactive, laboratory-style meetings. We'll meet in a place with wireless, one member will bring a laptop running an Oracle server and Oracle Application Server, and other members will use their laptops to access it and muck around.

This requires the computers using the wireless network to access not just the internet, but each other. I'd call this "peer-to-peer" networking, but it's really "peer-to-router-to-peer".

If I connect to my wireless at home and issue ifconfig, it reports eth1 ... inet addr:192.168.1.45. For other machines connected to the same router, that IP address is as usable as anything on the internet. If Oracle and Apache are running on the machine, I can use 192.168.1.45:1521 and 192.168.1.45:80 to log into the database or view webpages from other machines. If I go into my router and set Port Forwarding to ship incoming traffic to 192.168.1.45, then those become visible to the wider internet... but, to access them within the wireless network, I don't even need to do that. (In fact, I don't see any way I could turn it off even if I wanted to.)

So all we need is a meeting location that allows the same thing. It's not that simple, though. As far as I can tell, the wireless at Panera Bread (my first choice) doesn't permit this kind of inter-machine connection. That locally assigned IP address doesn't produce any response from other machines in the same network; it seems the router simply doesn't route traffic between machines. For security's sake, that kind of makes sense; I wouldn't want somebody hacking my database from the next table over. (Actually, if they did, I'd invite them to the SIG, but that's me.) But it removes some really neat possibilities for interaction.

I've found one place so far - the Hope Hotel in Fairborn - where the wireless does allow connections between machines. I was all ready to declare the hotel restaurant our meeting location, until my boss reminded me that it's full of GIANT TELEVISION SCREENS BLARING SPORTS and some people don't tune that out as automatically as I do.

I suppose there's always the option of bringing a router with me... but then I'd have to bridge people's traffic up to the internet somehow. I'm sure it can be done, it's just something I've never developed the skills for, nor do I own a particularly portable router. Hmm...

3 comments:

Sean Reifschneider said...

Some higher end APs, such as those used at PyCon costing around $200, have an option to allow or block wireless stations from sending packets amongst themselves. Last year at PyCon one of the APs still had this ability disabled, so the Addison room couldn't do it but other places could, until I poked that.

As you say, it's meant to be a security thing so that one computer can't infect another.

Fixing it, as you say, probably will require brining your own router. DLink has a nice little "travel router" that works relatively well for that sort of thing, and is smaller than a deck of cards.

That device can run as a wireless client, an AP, or a router. If I were doing it I'd connect it up to my laptop via USB for power, Ethernet for networking, and set the device as an AP.

Set up your laptop wireless to connect to Panera, Ethernet on another subnet, and set up forwarding and masquerading, and a DHCP server.

Lots of moving parts, but not particularly hard to do. I'll e-mail you some examples.

Sean

sillyevar said...

I thought I didn't have a good answer until the very end when you said "bring my own router."

Here is what you can do:

1. Buy an additional PCMCIA or USB wireless device. You can probably get one used. My dad finds 'em at Garage Sales all the time.
2. Install it on your laptop. Now you have 2 wireless nics.
3. Connect one to the Panera bread.
4. Configured the second as an AP itself (not all hardware is capable of this) or try "ad-hoc" mode
5. Bridge the two wireless connections.
6. Tell people to connect to "pyOraGeek" network instead of the panera network.

By bridging you allow full internet access for everyone and the Panera network will even do things like provide DHCP and DNS, but, any network rules don't have effect because the IP routing will go through YOU instead of through the panera access point.

The only catch is that the COULD (I have never seen anyplace do this) configure to only allow a single MAC address per wifi connection. In this case bridging will fail and you will need to resort to routing. Still doable, but now you have to run your own DHCP, or tell people to configure manually.

Good luck.

Rob said...

It seems to me that there are a couple of simpler options.

1. Bring your own router (e.g., to Panera) preconfigured to be a secure AP, and allow people to connect to your laptop through it. Let everyone ALSO connect to the existing AP for their Internet connection. Perhaps some devices will have trouble with managing two wireless connections, but I think this will work fine in most cases.

2. Same as #1, but don't bring a router at all--instead, allow everyone to connect directly to your laptop as a peer (again with preconfigured security).

Both of these should work (I discussed something similar as a way for a friend to "wire" his house), but I want to try it myself to be sure. I have similar needs and opportunities, so I would love to have this in my "tool belt".