In our small network I have finally gotten the wired (mostly Win) boxes set
up so that all the firewall and scanning of email and file downloads works
through one OS box on the front end. My question is this: how do I protect
the rest of the network (and hopefully the wireless users) in the same way?
We have a couple of available DSL routers with AP capability we can use but
the wireless users can (and do!) screw up the rest of the network as they
bypass the proxies but still have access to the rest of the internal
network. What’s the most straight-forward way to fold those wireless users
into the system?
>
> I find your question very confusing. I think a network diagram would be
> helpful to understand what the problem is.
Actually, trying to provide the diagram resolved the question: you can’t get
there from here. The wireless port in the routers bridge directly to the
internal port that connects the router to the DSL modem so there is no way
to intercept the data stream from the wireless users. With the ethernet
connected boxes, all it takes is two ethernet cards in the server box and
the whole internal network is isolated by the server. Looks like the best
I can do is to use the server to put a firewall between wireless users and
the rest of the network.
Hi
Use a wireless bridge set in AP mode (eg Linksys WET54G) connected to
your server facing the internet. That would be 3 ethernet cards, one
for the DSL, one for the wired network and one for the bridge.
–
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.1 x86 Kernel 2.6.27.7-4-default
up 1 day 7:37, 2 users, load average: 0.28, 0.17, 0.16
GPU GeForce 6600 TE/6200 TE - Driver Version: 177.82
> Hi
> Use a wireless bridge set in AP mode (eg Linksys WET54G) connected to
> your server facing the internet. That would be 3 ethernet cards, one
> for the DSL, one for the wired network and one for the bridge.
Moot point - wireless bridge is internal to the router/dsl modem. No way to
get at it.
I did figure out one Rube Goldberg way - use a second router/AP downstream
from the DSL connection and server. That way the AP device is behind the
server firewall. I had this working at one point just monkeying around but
most router/AP devices have real problems getting DHCP assignments for the
wireless users from external servers which means some game playing.
Best overall solution would be to get new(er) machines running Linux that
could handle the essential Win apps in VMs but around small churches
getting money for that is akin to getting blood from a turnip.
> Use a wireless bridge set in AP mode (eg Linksys WET54G) connected to
> your server facing the internet. That would be 3 ethernet cards, one
> for the DSL, one for the wired network and one for the bridge.
No, believe it or not it all works out if the Linksys router gets it’s IP
from the DSL connected router (or is set to a fixed IP) then assigns
wireless users IPs that don’t conflict with the ones dished out by the DSL
device. That’s why I call it a Rube Goldberg. Say the DSL connect router
gets some address outside the 192.168.xxx.nnn/24 range and its’ DHCP is
configured to pass out 102.168.0.zzz addresses where zzz is, say, 002 ->
100 (the router uses 001). Assigned the Linksys a hard coded
192.168.100.101 and the DHCP server in it to pass out 192.168.0.www where
www is 102 -> 253. Turn off NAT in the Linksys and the whole mess becomes
one big 192.168.0.0/24 net. There are some issues - the wireless users can
saturate the gateway, for example - but it will work. There has to be a
better way, though.