Thursday, 27 October 2005

WiFi High Speed Broadband in Ngaio Valley

Some of you will know that some friends and I run a not-for-profit high speed internet service in the Ngaio Valley. I thought it was about time I documented what it is and how we do it.

The system is broken into four components.

ISP
We currently purchase a 10Mbit/1Mbit cable service from Telstra. This is the fastest residential service you can buy. It costs about NZ$150 per month and has a 10Gb limit. The good thing about this connection is that the national traffic only counts for 1/10th. This means if you download 100Mb of national traffic, we only get charged for 10Mb.

Firewall

We run a SmoothWall 2.0 firewall on an old Compaq Deskpro SFF. We seem to be able to get these old PCs for $30. They are small and very reliable. SmoothWall is Linx based and runs within the 64Mb standard memory without the need for virtual memory.
The SmoothWall is configured to filter by outgoing IP addresses. We only run static IPs within the core of the network.
The SmoothWall is also used to monitor usage by the different clients. This is to ensure we do not go over our 10Gb allowance.
SmoothWall firewalls allow an ORANGE zone for webservers. We have had one operating and we are about to release a new machine onto it soon. We are also looking at adding a plugin that will provide content filtering. Being Linx based there are lots of plugins that have been developed for SmoothWall.

Main Transmitter

We use a Borg Wave Guide and a Proxim AP700. The Borg gives us the distance we need (about 4-5km). We mount the Proxim near the Borg to give us the greatest signal strength. The AP is in the weather proof box and we run power over ethernet to it.
The Proxim is used to filter MAC addresses. It also runs WEP but it is the MAC address filtering plus the IP filtering on the firewall that provide the main security.

Clients



We have six client sites at the moment. These have either a D-Link AP2000 plus or AP2100 at them (one has another Proxim). These are mounted in the antenna case. We run power over ethernet in all sites. The D-Link devices are not the best but we have not found anything better for the price. The latest firmware updates help but they have some really annoying features (like you have to re-enter your password with each page of their web based screens you go to).
Most sites run a SmoothWall firewall and have multiple users. Some sites have their own local WiFi network. The clients can do what they like the other side of their firewall.
A client site will take a day to get up and running from scratch.


This system has been running for close on a year. Our issues have been:

>unreliability of the D-Link devices (this was a problem with them talking to the Proxim - solved by firmware upgrades)
>a leak inside the client antenna box (resulted in frying two transformers and about 20 meters of cabling)
>interference from high voltage power lines (discontinued service to that site)
>poor fitting power socket on the power over ethernet interface (solved with small bit of paper jammed into plug)

We charge NZ$20 per month for 1Gb (although given the 1/10th charging and shared nature of the set up most people can use up to 2Gb before we get worried). This includes hardware costs which we retain ownership of. The upfront cost is about $1k. The Proxim and the Borg are not cheap.

For me it means I get a 10Mbit connection and 3Gb (ok I am a heavy user) for NZ$45 (I paid for my hardware). Previously I was paying NZ$75 for a 256Kbit connection. So for not quite half the $$$ I get 40X the speed.

It does take quite a bit of time to set up. Ongoing effort to look after it would be about 3 hours per month (now that it is stable).

2 comments:

Sym Gardiner said...

Just a note that we have changed to a 2Mb/2Mb plan. Previously we were on a 10Mb/1Mb plan. We never used over 2Mb downstream so we have chosen to move so we get faster upload speeds and a much reduced price.

Sym Gardiner said...

Hey... thannks for the comment. We filter on the IP addresses behind our firewall so there is no chance WHATSMYIP will provide any useful information. Basically your MAC and IP address need to agree or the system blocks you. This is pretty tight but if you know of a way that makes this open, do let me know.