Hi everyone,
Let me start by praising the people behind PF. This is by far the
best solution in its class and I've enjoyed the performance and peace
of mind PF has brought me, both at my colo facility and my home
networks! Well done!
I'm writing today in hopes that someone might be able to lend some
thoughts on the best way to deal with a particular situation...
I live in a remote area where typical broadband access is not
available and I happen to be one of the lucky ones with a perfect
line-of-sight to my local WISP's access point (5 miles away), giving
me a beautiful 8Mb up/down with <10ms latency! This connection comes
in to a FreeBSD machine which acts as a PF firewall/router for my
local network. My neighbor isn't as lucky as me but has a line-of-
sight to my house so I've extended my wireless network to their house
with a simple repeater setup. Because they are on my LAN, however,
they also have access to everything else in my local network (samba,
SSH, http) which is not so good. We use the wireless network in the
house, so we need wireless access as well.
I'd like to come up with a relatively secure way of designating my
LAN as one zone and my neighbor(s) as a separate zone. The obvious
solution of two discreet LAN interfaces (w/ separate subnets) on the
router comes to mind but this is somewhat impractical because I'd
have to maintain/operate a 2nd access point for them (to do the local
wireless bridge from my house to their house).
Does anyone have any thoughts on a more streamlined approach where I
could negate having multiple wireless networks? I'd love to hear
everyone's thoughts...
Thank you,
Daniel
- Configuration advice needed ECEG / Daniel Duerr
-
