Hello Max and all, Your Question... > Would this make wireless devices inaccessible to wired devices on your LAN?
My Answer: Yes, that's the point. You want the LAN to be secure from the WIRELESS segment. If you seek to use wireless to connect to the LAN segment, VPN or SSH in via the internet interface (hence, it's very secure since it's treated like internet users). Or, add another interface and AP and have a closed wireless network. It all depends on the budget and the security desired. :-) -Ben -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Max Pyziur Sent: Thursday, January 08, 2004 12:56 PM To: [EMAIL PROTECTED] Subject: RE: [nycwireless] Routing question On Thu, 8 Jan 2004, Ben N. Serebin wrote: > Hello All, > > I disagree, using 3 interfaces is easier especially when one is a > (public?) wireless connection using DHCP. You could then have the > wireless simply bridge and have all the intelligence in the Linux > firewall. Makes configuration changes and monitoring IPs assigned > easier. I agree that DHCP is easier than individually assigning IPs to devices on your LAN. My point about simplicity was using two nics instead of three. Sorry it that wasn't clear. > -Ben > And earlier on Wed, 7 Jan 2004, Ben N. Serebin wrote: > Hello Chris, > > Technically it does not matter if all your routing and firewall > rules are setup correct. But for sake of simplicity, I recommend that > you make eth1 and eth2 different subnets and do not setup routing > between the 2. Make all traffic from eth2 route out to the internet. > This will make your LAN inaccessible from the wireless subnet. So, if > you're on wireless and want to access your eth1, SSH or VPN in. Would this make wireless devices inaccessible to wired devices on your LAN? By example, if you have a (WinXP) notebook with a wireless card and want to exchange data with either a wired WinTel box or with a wired Linux one (via Samba), would this be possible given your proposal? > I only wish more users had secure setups like this. Don't forget > our SSID of "www.nycwireless.net". > > Good luck, > -Ben Thanks! Max Pyziur -- NYCwireless - http://www.nycwireless.net/ Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ Archives: http://lists.nycwireless.net/pipermail/nycwireless/ -- NYCwireless - http://www.nycwireless.net/ Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ Archives: http://lists.nycwireless.net/pipermail/nycwireless/
