Wireless IP for Canyon Rd.
I've been working with and using ``wireless Ethernet'' (802.11b) for
a while now, both at work and at home. However, my initial approach
to using wireless at home was the simplistic one: hang an ``access point''
(``AP''), acting as a ``dumb bridge,'' off of the internal network. I
turned on WEP, restricted the AP to talk to only certain known MAC addresses,
and configured the AP to not divulge the SSID in its beacons. And when
I used the wireless net to access the machines I cared about, I did so
Well, that certainly worked, and it had the virtue of (relative)
simplicity. However, there was a concern: I wanted to migrate to a
point where I could feel reasonably comfortable ``opening up'' access to
the wireless net to those of our good neighbors who were interested in
taking advantage of this. And no matter how much I trust our neighbors,
I did not want them running around on my internal net.
(For that matter, were the situation reversed, I wouldn't want to be
running around on someone else's internal net, either.)
Long ago, I had placed a 3rd NIC (network interface card -- an
Ethernet adapter) in my firewall machine. So the straightforward
approach seemed to be to configure the firewall so the wireless AP was
connected via the 3rd NIC, to a completely separate network. Well,
around the beginning of October, I finally got the firewall
re-configured in a way that seems to work OK:
- The firewall has one NIC for connecting to the Internet (via
Pac*Bell DSL). This NIC is assigned the sole IP address I have.
Traffic from the outside world is only permitted if it meets certain
fairly strict requirements: for example, a reply to a request
origanted from one of the internal nets is permitted. A few other
things are permitted; in some cases, things appear to be permitted, but
what is happening is rather different (because of a combination of NAT
(Network Address Translation) and port-forwarding), but details of that
are outside the scope of this document.
- There is one NIC for the internal net. Nearly any traffic is
permitted if it originates from this net.
- There is the above-mentioned 3rd NIC, which is connected to what I
call the ``guest net'' (to emphasize, as I did when I ran one of the
first free public-access UNIX systems in Orange County, CA, that folks
who use the net in question are my guests, and are expected to be
mindful of that). This is where the wireless AP is connected.
- Both the ``internal'' and ``guest'' nets use RFC 1918 numbering
schemes: internal uses 172.16/16; guest uses 172.17/16. NAT is handled
on the Internet-facing interface.
- The only TCP connections that are permitted from the guest net to
the internal net are port 22 (SSH), and that to a designated SSH server
on the internal net.
- TCP connections from the guest net to the outside world are not
restricted, except that port 25 (SMTP -- email) is only permitted to the
firewall machine. I really dislike spamming, and I
don't even want my net responsible for any such incidents accidentally,
if I can help it. I may re-visit this at some point.
So I think I'm just about ready to let some neighbors in on
the fun. I expect that at first, I'll do it by manually "registering"
their MAC addresses, until I get a feel for how well things are
But I think there may be an issue with getting the signal(s) where
they need to be. Where my spouse & I live is a semi-rural area of
Redwood City, just below Emerald Hills. And the ground doesn't tend to
have too many horizontal planes around our area. Indeed, as the below
diagram depicts, the upper part of our back yard is above the peak of
our roof; our garage is under our (nominally single-story) home; the
floor of the garage is about 5' above the street. And the ground across
the street is below street level (the creek that inspired the name for
Canyon Rd. runs in back of our across-the-street neighbors' houses).
We see here a rough diagram of the profile (looking due west) of the
area where our house is. The salient features, from the left, are:
- A neighbor's house. This one is 2 stories high. I didn't bother
trying to show their yard.
- The roadbed of Canyon Rd. Yes, it's all of 20' wide in front of our
- That brownish ``triangle'' (except that its ``hypoteneuse'' is so
irregular) is intended to represent a cross-section of the hillside on
which our lot sits.
- Going uphill from Canyon Rd., we get to our garage. (The garage isn't
as wide as the house, and the back part of the garage is well under the
natural grade of the hill.)
- Above the garage is our house. The point marked ``A'' in green
denotes the present location of the wireless AP, mounted upside-down on
the underside of one of the beams that supports the roof. In this
location, the only part of the house that doesn't seem to get adequate
coverage is the one room where nearly all the other computer stuff is,
so the lack of coverage isn't a critical problem: wired connectivity is
easily available there.
- The dashed green line that intersects point ``A'' shows an
approximation of line of sight to a hypothetical point on a neighbor's
house. By displaying a grid in the background as I manipulated the
drawing, I determined that the green line was at an angle to the
horizontal that corresponds to the arctangent of 1/13, which works out
to 4.3987 degrees. Given the lack of precision in the drawing itself
(for which I measured very little, though I expect it's close enough for
discussion -- but not for placing an order for components), I think
expressing it as 4.4 degrees is adequate.
- Continuing up the hill (to our right, which is north), we cross over
a levelled patio area, then get back to going uphill. About 6' south of
where the yard levels off for a bit, some prior resident stuck a
vertical 4x4 in the ground, which extends 14' above grade at that
point. That places the top of the post (marked with a blue ``B'')
well above anything else (other
than trees) in the yard. I think it brings point ``B'' almost to the
level of the floor of the house above/behind us.
- I show a dotted blue line intersecting point ``B'' and the same
hypothetical point just above our neighbor's house. Using the same
approach as for point ``A'', I find that the angle with the horizontal
for this line of sight is about 7 degrees.
- According to my GPS, the post is at 37 28 13.7 N 122 15 17.3 W, in
case that helps someone in figuring out how this is supposed to work.
- The line of sight (LOS) distance for point ``A'' is about 92.3';
that for point ``B'' is about 177.4'.
- Who's having flashbacks to high school trigonometry right about now?
I'm thinking that the better part of valor would be to see if my
neighbor (across the street) -- who has a ham license... -- can cobble
up enough of an antenna to get our signal the way things are right now.
If so, we should be able to experiment without needing to deal with
lengthy cable runs, weather exposure, lightning protection, and expense
-- not one of which seems like something I'd miss terribly.
An idea that recently (July, 2002) occurred to me -- as a means of
reducing the exposure to damage even in the event of an admittdely rare
lightning strike, if nothing else -- would be to use a passive reflector
on the top of that post, and beam the RF to it from the house. I'm not
sure how good an idea it is, but it is still an idea....
Comments? Please send them to firstname.lastname@example.org -- thanks!
$Id: wireless.html,v 1.5 2002/07/07 04:02:46 david Exp $