Re: [leaf-user] WAP

Sun, 07 Sep 2003 07:23:08 -0700

Just as a note, my primary reasoning for thinking to put NAT behind NAT - and it wouldn't be an issue, BTW, since many ISP/MSP/MSSP companies, including the one I work for, provide RFC1918 address space for the WAN side and run NAT behind it on the LAN side, because it's all going out a managed Firewall - is because you could then have a hub in between the WAP and your Bering box to connect into to run Ethereal through to find out what kind of traffic is passing over your WAP link. Furthermore, it would also mean that you can actually access the WAP - something not easily done, if at all, in Bridging mode - if you needed to change the Wireless keys out for some reason, or do some sort of other configuration work on the device.

I like having lots of powerful options, even if I'm unlikely to use them much.

George

C. Dummy wrote:
My WAP might stand right on the bering box so thats no problem. Looks like third nic is the easiest resolution. I don't know much about squid proxy,
and viz sshd (probably requires multiple flopppies or cd), not yet at least I just need WAP for simple browsing internet on laptop. Thanks for all the help. I'll have to read user's guide about third nic, DMZ and diffrent ip subnets on the same LAN I hope there are some examples. Thank you.
Andrey
Steve Wright wrote:

On Sun, 2003-09-07 at 15:24, M Lu wrote:


I am not familiar to the 'scope' thing, but I am sure you do not need the router, you need only the access point if you connect your WAP to a separate NIC in the Bering router. I disable the router function in my D-Link 713P.



Yes, you can use a separate NIC, but then the AP must be next to the
Bering Router, or run a new long cable.  This is inconvenient, and is
not required, unless the AP *is* right next to the Bering Box.

These are scopes ;

10/8
172.16.1/24
192.168.0.0/24

You may run multiple scopes on one subnet(network cable/switch/NIC) and
add rules about who may talk to who.
It can be complicated at first, but it is very powerful, and much easier
than heaps of iptables entries.



/steve










-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to