[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Fedora] Re: Wireless Access Point

Ashley M. Kirchner wrote:
Craig White wrote:
generally the preferred method is to require a VPN to connect the LAN
through a wireless system given the security implications of wireless.
I can't enforce that on all of our clients. Some of them barely know how to properly turn off their computers...

that notwithstanding though, if you use a dhcp server OTHER than the
Linksys device, you can assign a useless gateway address to specific
clients which in effect would not allow them to get to any network other
than the network which they can directly access
Of course, I didn't think of DHCP. Yes, the Linux server would be running DHCP and the WAP would get it's IP from that. I just need to figure out how to tell it to have connecting clients fetch an IP from the linux server once I turn off it's internal DHCP.

This whole thing is probably more convoluted than it really needs to be but the gist of it is, when someone walks in with their laptop, we want them to be able to connect to the WAP and only able to see one single network drive (which is on the same Linux server) so they can drop files for us. The server itself is also connected to our internal network so our internal machines can get to it as well, however the WAP can't go "through" the server and see our internal network.

However, if one of our employees were to bring in their laptop, they can connect to the same WAP and would be able to see everything "through" that server and access everything on the network (and internet.) So there's some configuration that I need to figure out on the linux server to start with. On the one hand, if an unknown client connects, issue a dummy IP that won't have any network routing, but that would still allow a local drive to be "seen" on that dummy network, and if a known client connects, issue a valid (internal) IP so they can work. Hrm. I wonder if the server itself also need to have a dummy IP so it can communicate with whatever dummy IP gets issued...

I think of just one sure way to do it. You need 2 routers, one that has no WiFi service but is where the Internet arrives, say a DSL modem and they often have a router in them.

Then you have another router like my D-Link DI-524 which has the WiFi port.

You connect the Internet to the DI-524 to the DSL router with a cable. On the DSL router you have a password required for access to that port.

All the users on the WiFi system can talk to each other and it's a good idea they have a password to get WiFi as well. This is easy on the DI-524.

A problem is that when a user opens up the Internet port other WiFi users can also see the Internet. I see no fix for this.


	Karl F. Larsen, AKA K5DI
	Linux User
	#450462   http://counter.li.org.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]