--On Wednesday, July 27, 2005 4:46 PM -0700 DJA <[EMAIL PROTECTED]>
wrote:
> JD Runyan wrote:
>> DJA wrote:
>>
>>> o How do I physically connect the two routers together, and which
>>> one should be connected to the cable modem? That is, assuming I
>>> leave my existing LAN as is, should the WLAN be attached to one
>>> of the LAN router's ports, or to its DMZ port?
>>
>>
>> I would attach the open one to the cable modem, and the private one to a
>> LAN port on the Open one.
>
> The "private" one is my (wired) LAN, which is not publicly accessible.
> Maybe I didn't make that clear. The existing router is of the the wired
> type, and has extensive firewalling features. I want this between
> *everything* and the 'Net, if possible. The WLAN router does not have
> much, if any firewalling capability. Which is a moot point anyway, as I
> don't want it "open" either.
>
>
>>> o Do both routers have to be on different subnets? Right now, the LAN
>>> network is at 192.168.7.0. Can the WLAN exist on that network, or
>>> should it be at something like 192.168.8.0? Or...?
>>
>> I would use different address ranges, and you would want to ensure that
>> each network is running on different channels.
>
> There are no channels to deal with. I will have only one WLAN (I have
> none now), which I would like to integrate into my existing wired LAN.
>
>
>>> o Do I need to set up custom routing tables on one or both routers?
>>> If possible, I would like to be able to get from the WLAN to the
>>> LAN, provided it can be secured. But as long as I can SSH from the
>>> WLAN to the LAN (and vice versa), that's acceptable also.
>>
>> You shouldn't have to do anything with routing tables. The default
>> behaviour of the routers will work just fine.
>
> That may be true if I knew how to set up the topology first, and the
> routing next (i.e. If the WLAN router is connected to the LAN router,
> then is the LAN router the WLAN's gateway?).
>
> Again, just to be clear, right now I don't want any part of my network
> public. While there are qualification as far as the WLAN goes (i.e. it's
> using un-containable radio waves), I want to force anyone connecting to
> my WLAN router to have to authenticate in order to access either the LAN
> or the Internet.
>
> --
> Best Regards,
> ~DJA.
I use a system like this:
Internet
|
|
+-------+ \
| Ipcop | /
+-------+ \
| | | +------------+
| | +------|Wireless AP |
| | +------------+
| +---- My DMZ
+------ My LAN
The Internet connects to the "Red" interface of the Ipcop Box
The Wireless AP's LAN port connects to the "Blue" interface of the Ipcop
Box.
The LAN connects to the "Green" interface of the Ipcop Box
The DMZ connects to the "Orange" interface of the Ipcop Box
The WAN port of the Wireless AP is unconnected.
Ipcop provides ipsec security for the wireless connections, which I use
instead of WEP. It sets up a VPN between wireless devices (laptops) and
the LAN for access to other machines, printing, etc. The secure traffic is
also NATted to the Internet for web access and routed to the DMZ to access
mail servers, etc. http://www.ipcop.org .
Karl Cunningham
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
