combo wireless and wired home network
Bill McCormick
wpmccormick at sbcglobal.net
Fri Aug 6 17:00:11 UTC 2004
On 8/6/2004 11:07 AM ... Earth time
Mike Burger configured a series of 1's and 0's as follows:
>>On 8/6/2004 6:45 AM ... Earth time
>>Mike Burger configured a series of 1's and 0's as follows:
>>
>>>On Thu, 5 Aug 2004, Harry Putnam wrote:
>>>
>>>
>>>
[snip]
>>>All you need is a WAP (I'm using a Linksys unit, myself) and a PCMCIA
>>>wireless NIC that is compatible with Linux. I'm using an Orinoco Gold
>>>card, but it's an "older" one, before chipsets were changed. Check the
>>>hardware compatibility list for recommendations, first, and get one from
>>>the list.
>>>
>>
>>Here's My Setup:
>>
>> Internet
>> |
>> DSL Modem
>> |
>> Netgear FVS318 Firewall/VPN
>> | | | |
>> [M1] [M2] [M3] |
>> |
>> Netgear WG302 Wireless AP
>> .
>> .
>> .
>> .
>> +-----+-----+-----+
>> | | | |
>> [M4] [L1] [L2] |
>> |
>> Netgear ME101 Wireless Bridge
>> |
>> HUB
>> |
>> +----+----+
>> | | |
>> [M5]
>>
>>M1,M2 Redhat 9
>>M3,M4,M5 Win 2000
>>L1,L2 Laptop XP
>>
> I've given some thought to doing just this (VPN for all wireless
> connections).
>
> In my case, all three wireless connected systems are Windows (2x
Win2k, 1x
> XP).
>
> My firewall system is running FC1 and iptables. My internal server is
> currently running RHL9, soon to be upgraded to FC2.
>
> If you wouldn't mind sharing, with me (and the list, if you wish), your
> configurations (VPN, firewall, etc), maybe a how-to, I'd be very
interested
> in learning and implementing.
>
The VPN is not for the wireless. It's for Home/Business across the 'net
and I'm really not even using it at the moment. My HOME network security
(call it what you will) is accomplished by:
1. Using a Firewall appliance, not my Linux box.
2. Changing AP defaults (SSID,Network,admin pw, etc)
2. Not broadcasting the SSID
3. Access control by MAC address
4. WEP 128 bit encryption
Is this secure? Mostly. Is it foolproof? No. Is it flexible? Yes, for my
needs.
My neighbors won't likely be connecting (unintentionally or
intentionally) to my AP for Internet access. First, they can't see it
without something special. Second, they'd need to crack the the
encryption and then they'd need to do some sort of MAC masquerading. All
extremely unlikely. Somebody with that much knowledge will likely have
bigger fish to fry. Anyway, that's what I think.
In terms of going out, I make all Internet access go through
squid/squidGuard/Privoxy. It mostly just keeps my kids in line while on
line :) For e-mail I run
fetchmail->qmail->spammassassin/clamav->procmail and disallow (or will
soon) web mail (at least for my kids.)
I may be naive. If you think so tell me.
Cheers,
Bill
Bill
More information about the redhat-list
mailing list