On Mon, 11 Nov 2019 14:36:25 +0100 Per Jessen <per@computer.org> wrote:
Dave Howorth wrote:
On Mon, 11 Nov 2019 09:37:25 +0100 Per Jessen <per@computer.org> wrote:
An external aerial does seem reasonable - reception inside a metal case will surely always be poor?
I think the WLAN module is sitting on something called a MINI PCIE1 connection, similar to that shown in this picture, but not identical:
https://i.ebayimg.com/images/g/tYkAAOSwhcJWGsII/s-l1600.jpg
Mine has a black wire coming off the module that goes to a black plastic lump attached outside the back of the PC. It also has a white wire attached to the module that leads to the front of the PC but I can't tell where it goes. Maybe one of those is an antenna? And the other one is bluetooth?
Yeah, sounds like a reasonable guess. Okay, so reception ought to be fine.
The other devices do seem to swap between connections on 5 GHz and 2.4 GHz depending where they are in the house, so I guess signal levels may be marginal.
I googled "acer RTL8821AE" and I saw a couple of hits such as "keeps dropping copnnection', "wifi constantly dropping". Not sure if that helps.
Dunno. I realized that I have a Raspberry Pi sitting underneath my desk at the moment, so I enabled wi-fi on that and it seems to work without a problem. So I'll give up on trying to get my PC to work I think.
The wifi "aerial" on the Raspi is part of the pcb, quite some intricate trickery. If that works, there's probably nothing wrong with your wifi signal.
Next step is to learn how to secure the wi-fi on the Pi. I only want it to be able to make outgoing connections; nobody should be able to connect to it.
Assuming you don't have fixed ip addresses, i.e. you are behind a NAT gateway, that should not be a problem (unless you are also worried about internal traffic). Depending on what you are running on the Raspi, it won't have much open either - probably only sshd.
Well I am behind a NAT gateway but the addresses tend to be fixed. It's more a case of defence in depth. These wireless connections are on what my router calls its 'guest' SSID. All the IoT devices I don't trust and whatever actual guests bring and put on it. They can talk to one another and the Internet at large but they can't see my LAN or main WLAN. So in theory this pi could be used to gain access to my main net from somemalware installed on a random device on the guest net. That's what I'm trying to defend against. I'll have to figure out how to check exposed ports on raspbian.
And I'd specifically like to prevent ssh sessions using that interface; they should only be possible using the wired interface. I've no idea whether either of those goals is doable.
Put a ListenAddress in sshd_config. The default is to listen on all addresses. Otherwise it's firewall stuff.
Thanks Per, that seems to work. Even more impressive to my tiny brain was that I can $ sudo systemctl restart ssh without disrupting the ssh connection I'm using at the time. That's clever! Oh and BTW, run and do not walk to your nearest zypper and install wavemon! It's a marvellous beast for looking at wlan stuff. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org