XS Techniques and Configuration: Difference between revisions
No edit summary |
|||
Line 70: | Line 70: | ||
Possible, but not recommended. Filters are not particularly smart, so they have to be complemented with human users reporting filtering errors. The amount and quality of that feedback makes the filtering |
Possible, but not recommended. Filters are not particularly smart, so they have to be complemented with human users reporting filtering errors. The amount and quality of that feedback makes the filtering |
||
better -- a local filter never gets enough input to get any good. |
better -- a local filter never gets enough input to get any good. |
||
=Using a wireless NIC for WAN= |
|||
If you have a wireless NIC for your WAN port... |
|||
* Create /etc/sysconfig/network-scripts/ifcfg-wlan0, which should look like |
|||
DEVICE=wlan0 |
|||
ONBOOT=yes |
|||
BOOTPROTO=dhcp |
|||
DHCP_HOSTNAME=schoolserver |
|||
ESSID=YOURESSID |
|||
TYPE=Wireless |
|||
USERCTL=yes |
|||
* Tell the firewall that the WAN port is wlan0, with |
|||
echo wlan0 > /etc/sysconfig/xs_wan_device |
|||
service iptables restart |
|||
* If the network is encrypted, ensure wpa_supplicant service is set to run, and configure the right device and driver in /etc/sysconfig/wpa_supplicant. Usually you want: |
|||
INTERFACES="-iwlan0" |
|||
DRIVERS="-Dwext" |
|||
* Restart wpa_supplicant :-) -- enable logging (and look at the logs) if you need to debug. |
|||
* If the network is encrypted, you'll want to add the passphrase like this: |
|||
wpa_passphrase ESSID mypassphrase >> /etc/wpa_supplicant/wpa_supplicant.conf |
|||
With this, <code>ifup wlan0</code> should bring the wlan up, and it should come up with the server after a reboot. |
|||
=Access Points= |
=Access Points= |
Revision as of 10:18, 5 October 2009
This page lists various techniques and configuration options available for the XS.
- If you are changing this page, mention it on server-devel@lists.laptop.org .
Keeping your XS software up to date
Upgrading a server is done using the yum package interface provided by Fedora.
If you have an Internet connection, you can upgrade from the default servers at OLPC, or your own mirrors of them. This is done using yum:
yum -y upgrade
Presence Service (ejabberd) Troubleshooting
If XOs are appearing when they should not, or not appearing when they should in an XS-hosted network, the following commands help understand what is happening.
On the XS,
## XOs need to be registered before they can use the XS-based ## collaboration protocol (gabble) # List who is registered with the XS /home/idmgr/list_registration # List who is registered with ejabberd # (this happens on the first reboot after the user has used the 'register' option) ejabberdctl registered-users `hostname -f` # List who is online ejabberdctl connected-users
On the XOs, check that it has been registered & restarted, then open a Terminal and try
# Will report various settings, including which jabber server it connects to # and whether the collaboration ("Telepathy") infrastructure is using # "Gabble" (XS-based) or "Salut" (for networks without an XS) olpc-netstatus
Internet Content Filtering
If you are going to encourage children to surf the Internet, you are strongly advised to arrange for some kind of content filtering. All filtering solutions are imperfect, it is important to emphasize user education -- see Online threats and security.
Use OpenDNS
Create your account with OpenDNS, configure it to your liking. Then set their DNS servers in a forwarders line in /etc/named-xs.conf.in , and then
cd /etc make -f xs-config.make named-xs.conf /etc/init.d/named restart
OpenDNS is good, and for simple deployments it may be enough. Many schools use it and users can report urls for blocking, so its wide usage makes the filtering better.
When users report domains that are not blocked, report the domains to the OpenDNS and they will be blocked.
Planning for a content filter
For multiple school deployments
Run a filter at the ISP, or at the facilities of the Ministry of Education. Avoid running the filter on the XS itself. It is serious burden on the XS memory, CPU and Internet bandwidth. And administration on a per-school basis is awkward and inefficient.
Instead, get a machine co-located at the ISP, run a filtering proxy there (such as DansGuardian). Don't forget to tighten the rules to avoid running an open proxy. And on the XSs at schools, enable Squid and point it to the "upstream" proxy.
This means the filter is in one place, and there is only one blacklist (and whitelist) to maintain.
Running a local filter on the XS
Possible, but not recommended. Filters are not particularly smart, so they have to be complemented with human users reporting filtering errors. The amount and quality of that feedback makes the filtering better -- a local filter never gets enough input to get any good.
Using a wireless NIC for WAN
If you have a wireless NIC for your WAN port...
- Create /etc/sysconfig/network-scripts/ifcfg-wlan0, which should look like
DEVICE=wlan0 ONBOOT=yes BOOTPROTO=dhcp DHCP_HOSTNAME=schoolserver ESSID=YOURESSID TYPE=Wireless USERCTL=yes
- Tell the firewall that the WAN port is wlan0, with
echo wlan0 > /etc/sysconfig/xs_wan_device service iptables restart
- If the network is encrypted, ensure wpa_supplicant service is set to run, and configure the right device and driver in /etc/sysconfig/wpa_supplicant. Usually you want:
INTERFACES="-iwlan0" DRIVERS="-Dwext"
- Restart wpa_supplicant :-) -- enable logging (and look at the logs) if you need to debug.
- If the network is encrypted, you'll want to add the passphrase like this:
wpa_passphrase ESSID mypassphrase >> /etc/wpa_supplicant/wpa_supplicant.conf
With this, ifup wlan0
should bring the wlan up, and it should come up with the server after a reboot.
Access Points
Zoom Wireless-G 4400
The steps for setting up a wireless router access point vary based on the wireless router being using, but this serves as a rough guide for installation. These steps were run using a Zoom Wireless-G model 4400 router.
- Press the reset button on the wireless router to reset it and connect it to any computer. It's possible to do this setup with an XO or any other machine with linux installed.
- Open terminal and type,
ifconfig eth0 IPaddress
Where IPaddress is in the same subnet as the default IP for the access point
- Connect to the access point by typing in the IP address in a web browser.
- Login to the access point using the default password (or skip entering a password if none is provided).
- Set the wireless channel to 1, 6 or 11 to minimize interference.
- Set a unique name for the wireless network.
- Make sure that the access point is NOT running as a DHCP server and it's not running NAT.
DD-WRT
- Turn off DNSmasq.
- Visit Advanced Routing / Operating Mode and change the mode from "Gateway" to "Router".
- Move all the interfaces to the same VLAN (you must change the operating mode first).