Search:  
Gentoo Wiki

HOWTO_Tivo_Wireless_Networking_with_Gentoo_firewall

This article is part of the HOWTO series.
Installation Kernel & Hardware Networks Portage Software System X Server Gaming Non-x86 Emulators Misc

Contents

Goals

  1. Allow a series 2 tivo to synchronize its lists over the internet, instead of your phone
  2. Connect Tivo wirelessly to your home network
  3. Set up Gentoo Box as access point.

Introduction

The Series 2 Tivo unit connects to the Tivo service using HTTP requests. It also may send pings to the host to make sure it is up before sending the HTTP requests along. This type of connection is very basic and should work perfectly with almost every type of firewall. It is important to remember however that embedded devices like the TiVo are usually VERY picky about their communications protocols, and do not handle unexpected data well.

This guide explains how to set up a simple Gentoo access point on an old laptop, but could be adapted for a regular PC as well.


Requirements

  1. Wireless ethernet card that can be controlled using iwconfig
  2. Regular linux supported ethernet card
  3. Server already existing on home wired network that provides DHCP to wired ethernet connected clients.

Kernel required configuration parameters

You need to have a few things compiled into your kernel. I'm using 2.4.27 hardened for this (hardened-sources in portage).

  1. Wireless support (Network device Support -> Wireless LAN (non-hamradio) )
  2. Bridging support (Networking options -> 802.1d Ethernet Bridging)

Installing the packages on the access point

emerge wireless-tools
emerge bridge-utils
emerge pcmcia-cs

Accesspoint Start and Stop Scripts

I have basically copied the init.d script named "local" for our purposes. This could definately be cleaned up and made more tolerant of odd situations. It calls two helper scripts, accesspt.start and accesspt.stop to actually create the bridge.

File: /etc/init.d/accesspt
#!/sbin/runscript
# Copyright 1999-2004 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
# $Header: /home/cvsroot/gentoo-src/rc-scripts/init.d/local,v 1.11 2004/04/21 17:08:18 vapier Exp $

# Hacked together by jonnyro, based on pre-existing local script

depend() {
  #This is required if you are using pcmcia cards for your network interfaces
  use pcmcia
}

start() {
  ebegin "Starting wireless access point"
  if [ -e /etc/conf.d/accesspt.start ]
  then
    source /etc/conf.d/accesspt.start
  fi
  eend $? "Failed to start wireless access point."
}

stop() {
  ebegin "Stopping wireless access point"
  if [ -e /etc/conf.d/accesspt.stop ]
  then
    source /etc/conf.d/accesspt.stop
  fi

  eend $? "Failed to stop wireless access point.
}
File: /etc/conf.d/accesspt.start
 
#Need interface name for wireless net
WIRELESS_INTERFACE="wlan0"

#Need interface name for ethernet card connected to local network
LOCAL_INTERFACE="eth0"

#Enter your wep key below, as a string of 26 Hexadecimal characters, A-F or 0-9
WEP_KEY="PUTYOURKEYHERE"

#The gateway wont have an ip address, but it will have an SSID
SSID="mywireless"

#The master mode usually only works with prism2 cards, and the hostap driver.  
#It is probably safe to say ad-hoc here if you dont have one of those cards.
MODE="Master"

#Set up the wireless card with the ssid and encryption keys
iwconfig $WIRELESS_INTERFACE essid $SSID mode $HOME enc $WEP_KEY restricted

#Make the wireless interface capture all packets that reach it, no ip needed
ifconfig $WIRELESS_INTERFACE promisc up
ifconfig $LOCAL_INTERFACE promisc up

#Create the bridge, and slave connect both interfaces to it
brctl addbr wifi
brctl addif wifi $WIRElESS_INTERFACE
brctl addif wifi $LOCAL_INTERFACE

#Bring up the bridge, that should cover it.
ifconfig wifi up
File: /etc/conf.d/accesspt.stop
#bring down the bridge in prep for deletion
ifconfig wifi down

#delete the bridge
brctl delbr wifi

Setting up the scripts to start at system boot

Dont bother setting up the net.eth0 script to start or anything like that, just make sure that the interfaces you want to use exist at boot time, either by their being compiled directly into the kernel, or loaded using the pcmcia startup scripts, or by being loaded by the module autoloading scripts. Just do the following

rc-update add accesspt default

And then reboot. Everything should come up nicely

Firewall requirements for Tivo Series 2 Units

Since the series 2 uses http connections on port 80 to get out, you just have to make sure that you create a rule in your firewall configuration that allows port 80 connections out, in this example the firewall is on another machine. Also, for good measure you might want to enable outgoing pings.

On my firewall I use the following rule, in my shorewall configuration:

ACCEPT loc net tcp 80
ACCEPT loc net icmp -

And since I have a transparent proxy configuration using squid, I need to keep requests to the Tivo servers from being pushed through the transparent proxy.

REDIRECT loc 3128 tcp www - !192,168.8.254,204.176.49.2

This prevents shorewall from redirecting local requests to 192.168.8.254 and 204.176.49.2. The second of which being the address my tivo tries to connect to when synchronizing. This is obviously a really ugly hack, since it's quite possible that the address of the Tivo server could change in the future. Instead I would reccomend a rule that focuses specifically on the known IP address of your tivo unit.

Note from Abraham Elias:

Tivo tries to update using port 80. If you run squid and dansguardian, and are having difficulty getting Tivo to update... Try this:

iptables -t nat -I PREROUTING -i $LANIP -s $TIVOIP -p tcp --dport 80 -j ACCEPT

Key is -I instead of -A, since the insert will add the rule to the top of the table.

Help Contact

If you need any help with these scripts, you can contact the following person: JonnyRo (jonnyro@jonnyro.com)

Retrieved from "http://www.gentoo-wiki.info/HOWTO_Tivo_Wireless_Networking_with_Gentoo_firewall"

Last modified: Mon, 26 Jun 2006 17:23:00 +0000 Hits: 22,894