combo wireless and wired home network

Bill McCormick wpmccormick at sbcglobal.net
Fri Aug 6 17:00:11 UTC 2004 

On 8/6/2004 11:07 AM ... Earth time
Mike Burger configured a series of 1's and 0's as follows:

>>On 8/6/2004 6:45 AM ... Earth time
>>Mike Burger configured a series of 1's and 0's as follows:
>>
>>>On Thu, 5 Aug 2004, Harry Putnam wrote:
>>>
>>>
>>>
[snip]
>>>All you need is a WAP (I'm using a Linksys unit, myself) and a PCMCIA 
>>>wireless NIC that is compatible with Linux.  I'm using an Orinoco Gold 
>>>card, but it's an "older" one, before chipsets were changed.  Check the 
>>>hardware compatibility list for recommendations, first, and get one from 
>>>the list.
>>>
>>
>>Here's My Setup:
>>
>>                 Internet
>>                     |
>>                 DSL Modem
>>                     |
>>         Netgear FVS318 Firewall/VPN
>>           |      |       |       |
>>         [M1]   [M2]    [M3]      |
>>                                  |
>>           Netgear WG302 Wireless AP
>>                                  .
>>                                  .
>>                                  .
>>                                  .
>>                         +-----+-----+-----+
>>                         |     |     |     |
>>                       [M4]  [L1]  [L2]    |
>>                                           |
>>               Netgear ME101 Wireless Bridge
>>                                    |
>>                                   HUB
>>                                    |
>>                               +----+----+
>>                               |    |    |
>>                             [M5]
>>
>>M1,M2 Redhat 9
>>M3,M4,M5 Win 2000
>>L1,L2 Laptop XP
>>
 > I've given some thought to doing just this (VPN for all wireless
 > connections).
 >
 > In my case, all three wireless connected systems are Windows (2x 
Win2k, 1x
 > XP).
 >
 > My firewall system is running FC1 and iptables.  My internal server is
 > currently running RHL9, soon to be upgraded to FC2.
 >
 > If you wouldn't mind sharing, with me (and the list, if you wish), your
 > configurations (VPN, firewall, etc), maybe a how-to, I'd be very 
interested
 > in learning and implementing.
 >

The VPN is not for the wireless. It's for Home/Business across the 'net 
and I'm really not even using it at the moment. My HOME network security 
(call it what you will) is accomplished by:

1. Using a Firewall appliance, not my Linux box.
2. Changing AP defaults (SSID,Network,admin pw, etc)
2. Not broadcasting the SSID
3. Access control by MAC address
4. WEP 128 bit encryption

Is this secure? Mostly. Is it foolproof? No. Is it flexible? Yes, for my 
needs.

My neighbors won't likely be connecting (unintentionally or 
intentionally) to my AP for Internet access. First, they can't see it 
without something special. Second, they'd need to crack the the 
encryption and then they'd need to do some sort of MAC masquerading. All 
extremely unlikely. Somebody with that much knowledge will likely have 
bigger fish to fry. Anyway, that's what I think.

In terms of going out, I make all Internet access go through 
squid/squidGuard/Privoxy. It mostly just keeps my kids in line while on 
line :) For e-mail I run 
fetchmail->qmail->spammassassin/clamav->procmail and disallow (or will 
soon) web mail (at least for my kids.)

I may be naive. If you think so tell me.



Cheers,


Bill
Bill

More information about the redhat-list mailing list