Pebble Linux: Debian on a Wi-Fi diet
By Kurt Starsinic
Access points are commodities. Epinons lists 659 of them. (http://www.epinions.com/Wireless_Access_Points) If you want to set up a public access point, however, you'll need something that gives you a high level of functionality and control, in a compact and reliable system. Something, of course, that runs on a form of Linux.
Pebble Linux (http://www.nycwireless.net/pebble) is a tiny Debian-based Linux that's the basis of a load-and-go, fully-featured, (relatively) easy-to-customize, no-moving-parts AP. Created by Terry Schmidt of NYCwireless (http://nycwireless.net), and maintained by a pack of user/hackers, Pebble is not a distro in the strict sense. It's Debian, stripped down to a size and shape that will fit cozily on a 64MB flash card. Since it's Debian, adding and removing packages is relatively easy.
Here's how Terry Schmidt says he did it.
I stripped out all the documentation, all the Perl stuff, a lot of the binaries, all the packages I didn't think were necessary. Basically, I just kept deleting files to see what didn't work. I got it down to 44 megs.
I created it because the next thing up from a boot floppy distro is the CD-ROM distro, which can run something like 600 megs. Then the next step up is the full install, which is about 2 gigs. So I wanted the functionality of a real distro like Debian in a size that would fit in a compact flash in something like a Soekris box. I could do apt-get install apache
and bang, we'd have Apache. So the full package manager is there, with all the ease and functionality you'd expect.
Terry's README file adds,
It's biggest advantage is that it mounts read-only. You don't have to worry as much about wearing down the compact flash, and you don't have to worry about doing proper shutdowns. Unplug and plug in as much as you want.
There are two packages in a base Pebble image that aren't installed as Debian packages:
- HostAP (a driver for Prism-based 802.11 cards that provides best support for running an AP, as opposed to a client) This is available as a Debian package, but Pebble uses the latest version from CVS, because it associates better with 11g clients
- NoCatAuth (more details below)
There are also a few custom convenience scripts:
- To remount the flash filesystem read-write or read-only
- To reboot quickly
- To remove extra files to trim down the system.
Three optional packages are also available:
- "Pebble mesh" support, which allows multiple Pebble machines to form a transparent mesh. This means that a user can roam without changing IP addresses or losing network connectivity. AP mesh capability (which is, IMNSHO, unbelievably cool) is the most interesting add-on for people building public wireless networks. You can build an arbitrarily-large wireless "hot zone," and -- best of all -- the devices autoconfigure, so adding or removing a node doesn't require modifying the configurations of the other nodes!
- Support for an ELAN SC520 watchdog timer. In particular, this addresses the built-in watchdog timer on the Soekris. This allows for automatic reboot in case of software glitches. It's particularly useful when the AP is mounted someplace that's hard to get to (like in a kiosk in a public park), or the AP isn't actively monitored (like just about every AP). This, along with the read-only filesystem, makes a Pebble system close to zero-maintenance.
- Support for running as a bridging firewall.
Pebble will run well on a 486 processor or better, and requires no more than 32MB of RAM and 128MB of "disk" storage. It will probably run on that old 486 in your closet, but for less than $300, you can buy the very cool and very tiny Soekris 4511-20 (http://www.soekris.com/) and a wireless card -- and be up and running in no time, If you're hard-core, you can buy the Soekris with no power supply and case and build your AP for less than $250. It's also reportedly run on --
- Stylistic 1000 PCMCIA
- Thinkpad T23 with mini-pci Prism3 and Intel 10/100
- Stylistic 400 with 16 megs of RAM (but without NoCatAuth)
- Mini-ITX boards
- Vetco industrial machines with touchscreens
- 1U servers at colo facilities.
Here's a list of what Pebble includes:
- NoCatAuth (http://www.nocat.net/) -- a tool for providing service classes so that, e.g., general public users can receive a different level of network access (different firewall rules) than privileged users.
- GNU Privacy Guard (http://www.gnupg.org/) -- used to authenticate users to NoCatAuth.
- djbdns (http://cr.yp.to/djbdns.html) -- a fast, small DNS server. You could do without this in a pinch, but it makes a big difference in the perceived performance of your network.
- dhcp (http://www.dhcp.org/) -- needed to provide DHCP addresses to wireless clients.
- dhcp-client -- used to acquire a DHCP address for the AP. You can get rid of this if your AP has a static IP address.
- zebra (http://www.zebra.org/) -- a flexible routing daemon. You can get rid of this if your system has a static routing table.
- ddclient (http://burry.ca:4141/ddclient/) -- used to update dynamic DNS entries. You can get rid of this if you're not using dynamic DNS.
- pppoe (http://www.roaringpenguin.com/pppoe/) -- used to connect to many DSL providers. If you have a direct or dialup connection, you may be able to eliminate this.
- rsync (http://samba.anu.edu.au/rsync/)-- a small and fast command line incremental file transfer utility, handy for quick backups.
- ssh/sshd (http://www.openssh.com/)-- for accessing your AP if something goes wrong.
- traceroute -- a handy necessity for debugging network issues.
Pebble is designed to work out-of-the-box with any Intersil Prism2 or
Prism2.5-based 802.11b card, such as the Linksys WPC11, the D-Link DWL-650,
or the Compaq WL100 and WL200. With some simple configuration, it should
work with any Linux-supported 802.11b card.
When you're ready to get started with Pebble, see the project site. There you'll find links to:
- The Pebble users' mailing list archive
- The Pebble README
- The base Pebble tarball
- Links to three optional packages
As an alternative to Pebble for the truly minimal-minded, you might consider WISP-Dist (Wireless ISP Distribution -- http://leaf.sourceforge.net/). WISP is incredibly tiny; it will fit on an 8MB flash ROM and 16MB of RAM. It's not nearly as full-featured as Pebble (it's a really-vanilla AP), nor is it as easy to customize. But you want to run an AP on a clock radio or a PDA, WISP-Dist is probably the best place to start.
Testimony
I sent out a call to the Pebble list, to see who was using Pebble, where, and why. Here are a couple samples:
- Southampton, UK:
- 2 deployed on the University Campus. 1 more for testing/research. Part of local community network. Running on Soekris boards, NET4511s.
- Need Linux & HostAP to do meshing. Picked pebble over wisp etc because it's much much more usable and easy to develop for.
- Perth, Australia:
- I'm running it as my gateway/router/firewall to the WAFreeNet, a wireless network in Perth, Western Australia. It is running on a box that will eventually go back in the roof cavity. It replaces an LRP offshoot that I've been running for the past 12 months.
- I was running a much smaller installation, but the WAFreeNet is developing software to reduce the impact of hidden node issues (since our nodes range from 1 to perhaps 15 km from the AP). Unfortunately a 2.4 kernel, iptables and the Frottle software would not fit on a floppy. I had downloaded and looked at Pebble v25 some time ago, and after looking at several other options decided this was the way to go.
- Other reasons include:
- It's kinda Debian
- Read-only filesystem is good when there is the chance of power failure
- Runs in 20 MB RAM on a 486
- Will run easily from HDD or CF
- It's running on an NEC Versa V/50. 486/50 20 MB RAM, 800 MB HDD. /dev/hda1 (root) 100 MB /dev/hda2 (swap) 128 MB (I've never used more than 5 MB, so this is a little extreme) /dev/hda3 (rest of disk) just in case.
- Other things:
- I've added hdparm to put the hdd to sleep, and ftp just to make my life easier in configuring the system.
- The generation of SSH keys seems to work, but SSH always complains there's no keys to be found. *shrug* I walk over and type on the console.
- I use nameif to tie interfaces to MAC addresses and to give them meaningful names so that a failure to load a PCMCIA card means that I won't end up configuring my wireless interface as my internal interface (or vice versa). Unfortunately this makes shutting down strange because eth0 is now called something else (uplink) and the shutdown code can't find it. Oh well, I can work on that later too :-)
- I'm busy writing a configuration and installation tool to ease my task in porting my changes to v31. Eventually it means that I can create modifications as packages that can be easily installed and configured at the time the cf (or hdd) image is written.
Making it happen
To set up your own public AP, all you need is:
- An ISP that doesn't care if you share bandwidth
- An AP
- A target service area
- A directional antenna
- Motivation
EULAs (End User License Agreements) vary widely from one ISP to the next. Some, like Bway.net in New York, are glad to let you share the bandwidth you pay for. Others, like Time-Warner Cable and AT&T Broadband, will crack down on users sharing bandwidth over wi-fi. (http://news.com.com/2100-1033-942323.html) A local (or not-so-local) public-Wi-Fi organization can help you locate an ISP with suitable terms of service, or help you to lobby your ISP to change their terms of service. Freenetworks.org (http://www.freenetworks.org/) can help you find your nearest public-Wi-Fi group. (See the Links sidebar for more listings.)
NYCwireless' mission is to target outdoor public spaces, such as parks. Placement means everything. As Doc and Britt discovered when trying to reach Tudor City's park from high in a building half a block away, distance is a problem. A highly directional antenna can help by concentrating energy in a narrow beam, but a nearby omni antenna will outperform a distant directional antenna nearly every time. Bryant Park is served from a number of points by a combination of omni and sector (directional) antennas on the tops of kiosk buildings. City Hall Park is much better served by a sector antenna on the J&R store across the street. Verizon gets great curbside service from simple omni antennas on public phone booths.
Antennas are not commodities, but they don't have to be expensive, either. And sometimes just putting an AP in a window will do the job. Ben Hammersly did exactlly that for Kynance Mews in London, and served a whole street, including two oudoor cafes.
Motivation, of course, is up to you.