Hello Chris,
Technically it does not matter if all your routing and firewall
rules are setup correct. But for sake of simplicity, I recommend that
you make eth1 and eth2 different subnets and do not setup routing
between the 2. Make all traffic from eth2 route out to the internet.
This will make your LAN inaccessible from the wireless subnet. So, if
you're on wireless and want to access your eth1, SSH or VPN in.
I only wish more users had secure setups like this. Don't forget
our SSID of "www.nycwireless.net".
Good luck,
-Ben
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Christopher W. Allermann
Sent: Wednesday, January 07, 2004 10:49 PM
To: nycwireless AT lists.nycwireless.net
Subject: [nycwireless] Routing question
I have here a Linux box with 3 nic's in it...
eth0 is connected to my DSL router
eth1 is connected to my LAN switch (IP 192.168.1.1)
eth2 will be connected to an AP
I'm feeding everything through the Linux box so I can set up some strict
firewall rules and IDS beyond the capabilities that the AP has.
I'm stuck here pondering if I should set up eth2 as a separate subnet,
or just as another address in the 192.168.1.0/24 subnet.
Has anybody run a similar configuration? What does your configuration
look like?
--
Chris Allermann - <[EMAIL PROTECTED]>
--
NYCwireless - http://www.nycwireless.net/
Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/
Archives: http://lists.nycwireless.net/pipermail/nycwireless/
--
NYCwireless - http://www.nycwireless.net/
Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/
Archives: http://lists.nycwireless.net/pipermail/nycwireless/
