Hello All,
I disagree, using 3 interfaces is easier especially when one is
a (public?) wireless connection using DHCP. You could then have the
wireless simply bridge and have all the intelligence in the Linux
firewall. Makes configuration changes and monitoring IPs assigned
easier.
-Ben
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Max
Pyziur
Sent: Thursday, January 08, 2004 12:05 PM
To: Christopher W. Allermann
Cc: [EMAIL PROTECTED]
Subject: Re: [nycwireless] Routing question
On 7 Jan 2004, Christopher W. Allermann wrote:
> I have here a Linux box with 3 nic's in it...
>
> eth0 is connected to my DSL router
> eth1 is connected to my LAN switch (IP 192.168.1.1)
> eth2 will be connected to an AP
Why not forego eth2 and plug your (W)AP into your switch?
I have a Linux box (used as a server and router) w/ two nics; eth0 goes
to the DSL Modem (the service is Verizon), eth1 goes to an 8 port
switch; that switch then connects to two other switches a printer a WAP
(Linksys WAP11)
Since I don't use DHCP, wired machines are connected in the range
192.168.1.1 - 192.168.1.99
printers begin at 192.168.1.100
wireless devices at 192.168.1.200 (with the WAP being set to that).
Linksys has Windows based software which helps you configure the WAP;
once you have the WAP set you can change the configurations via the web.
http://192.168.1.200 gets me there and then I can (re)set the WEP, check
the logs and usage of the WAP, change other configurations on the WAP
The Linux box which acts as the LAN server and router (192.168.1.1) runs
the firewall and also an IDS (Portsentry), though the IDS can be a bit
heavy-handed. My server/router is on RedHat 6.2 (what is now an
ancient
release) and I'm using the adsl stuff from Roaring Penguin.
I think that this setup is a bit simpler than yours (don't use a 3rd
nic).
What's your reason to use a 3rd nic?
> I'm feeding everything through the Linux box so I can set up some
> strict firewall rules and IDS beyond the capabilities that the AP has.
>
> I'm stuck here pondering if I should set up eth2 as a separate subnet,
> or just as another address in the 192.168.1.0/24 subnet.
>
> Has anybody run a similar configuration? What does your configuration
> look like?
>
> --
> Chris Allermann - <[EMAIL PROTECTED]>
>
Hope that helps.
Max Pyziur
[EMAIL PROTECTED]
--
NYCwireless - http://www.nycwireless.net/
Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/
Archives: http://lists.nycwireless.net/pipermail/nycwireless/
--
NYCwireless - http://www.nycwireless.net/
Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/
Archives: http://lists.nycwireless.net/pipermail/nycwireless/
