Is it possible to force Freewrt to tag all packages one receives via WLAN with a specific VLAN-ID (say VLAN7) and prohibit any possibility to "fake" a different VLAN-ID via WLAN (this means to force substitution of any already included VLAN-ID into the specific one (VLAN7) or alternatively to drop packages already tagged on reception)? The background to this question is, that I want to allow my neighbour to use my WLAN for reaching the internet. As a matter of course I want to protect my internal net not only against my neighbour but also to all others trying to intrude via WLAN. Especially against hackers who try to send already tagged packages to circumvent the firewall. My internal net is already separated by VLANs (via a VLAN capable switch).
Unfortunately I also want to be able to connect with my laptop via WLAN and reach some machines on the internal net. Therefore it is not an option to block all traffic from WLAN to the internal switch ports. Who said it would be an easy problem? ;-) Is there a solution which will secure the WLAN side but enables my laptop to reach machines on the internal net? Maybe the VLAN idea is completely wrong for the WLAN side? I would be grateful for any suggestions. Regards Karsten _______________________________________________ freewrt-users mailing list freewrt-users@freewrt.org https://www.freewrt.org/lists/listinfo/freewrt-users
