On Thu, 8 Jan 2004, Ben N. Serebin wrote: > Hello All, > > I disagree, using 3 interfaces is easier especially when one is > a (public?) wireless connection using DHCP. You could then have the > wireless simply bridge and have all the intelligence in the Linux > firewall. Makes configuration changes and monitoring IPs assigned > easier.
I agree that DHCP is easier than individually assigning IPs to devices on your LAN. My point about simplicity was using two nics instead of three. Sorry it that wasn't clear. > -Ben > And earlier on Wed, 7 Jan 2004, Ben N. Serebin wrote: > Hello Chris, > > Technically it does not matter if all your routing and firewall > rules are setup correct. But for sake of simplicity, I recommend that > you make eth1 and eth2 different subnets and do not setup routing > between the 2. Make all traffic from eth2 route out to the internet. > This will make your LAN inaccessible from the wireless subnet. So, if > you're on wireless and want to access your eth1, SSH or VPN in. Would this make wireless devices inaccessible to wired devices on your LAN? By example, if you have a (WinXP) notebook with a wireless card and want to exchange data with either a wired WinTel box or with a wired Linux one (via Samba), would this be possible given your proposal? > I only wish more users had secure setups like this. Don't forget > our SSID of "www.nycwireless.net". > > Good luck, > -Ben Thanks! Max Pyziur -- NYCwireless - http://www.nycwireless.net/ Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ Archives: http://lists.nycwireless.net/pipermail/nycwireless/
