[nycwireless] Design Suggestions for Public and Private APs

Sat, 02 Nov 2002 15:03:50 -0800 

Hello Everyone,

       Someone asked this so, I thought I would share this to the group
since it's valuable info.

** Tips **

- Using 1 AP for public and private networks is not advisable UNLESS you're
using encryption of some sort for your private network connections (VPN or
SSH, etc).
- If you have 2 APs, use one with WEP (encrypt your mail still) and the
other open (public AP).
- If you have a separate router/firewall for your network, set the private
AP to bridge the connection (passes the IP addresses from the
router/firewall to wireless clients) and the public AP to NAT and act as a
DHCP Server (chose an IP address range from another network segment. The
public AP would be on 192.168.2.x, while the private AP's segment would be
on 192.168.1.x.
- VPNs, if you have XP Pro (Win2k Server or NT Server) you can create your
own VPN server. Or you could buy a hardware VPN solution (e.g. Linksys
BEFVP41 VPN Router) and create VPN connections via this method. Then there's
the Linux option in which you could do anything, but I won't consider that
easy for individuals not familiar with it. I'm sure there are solutions for
creating a VPN server for Win 2000, 98, and OS X, you just have to look.

-Ben

----- Original Message -----
To: "'Ben Serebin'" <[EMAIL PROTECTED]>
Sent: Saturday, November 02, 2002 3:24 PM
Subject: RE: [NYCwireless-announce] Follow-up of October NYCwireless
Meeting...


>
> Ben,
> You mentioned at the last meeting that using a Linksys Wireless DSL
> Router for everything is not advisable for a public access point with
> private computers.  I totally agree, but what would you suggest as the
> most economical way of doing this.  Obviously you need some form of
> network segmentation (i.e. firewall, NAT, etc.) and there are many ways
> to do it.  However, what would be the cheapest way?  I know of one
> instance where someone is considering opening up their Access point, but
> they are concerned that someone will break into their computers directly
> plugged into the Linksys (BEFW11S4 v2)
>
> Best,
>
> PS: Thanks for another great meeting.
>

--
NYCwireless - http://www.nycwireless.net/
Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/
Archives: http://lists.nycwireless.net/pipermail/nycwireless/

Reply via email to