On Friday 17 January 2003 08:53 am, Jimmy Lim wrote:
> > http://www.linksys.com/support/support.asp?spid=61
> according to the FAQ of the link, it says that it can't act as a
> firewall, because it only bridge from wired Ethernet to wireless
> clients, but correct me if i'm wrong, AFAIK, this can be done in Linux
> with BRIDGE support and other unix like FreeBSD using BRIDGE & DUMMYNET
> with ipfw or OpenBSD's pf with BRIDGE support.
i have not read that part of the FAQ. however, my $.02 follows.
the WAP is only an access point. it can also act as a bridge.
there is only one ethernet jack there. you connect it using that
jack to your lan switch or hub.
it is not, a firewall. the networking code burned into it just does not
have many features (you can set SSIDs and WEP keys, you can make
it a bridge, you can tell it what its IP number is, i think that's about all
you can do with it). if you want a firewall, you would put a router
(hardware, like SMC Barricade or Cisco, or software like Linux,
FreeBSD or OpenBSD) in front of everything. that router is
connected to your broadband or dialup connection. the router
would then either be a firewall in itself, or you would have
a firewall between the router and your LAN switch or hub.
if you wanted more security, you'd have your WAP11 connected
straight to the firewall and wireless users would have to establish
VPN sessions with the firewall. any non-VPN sessions would not
pass beyond the firewall. WEP is good, but it's known to be
breakable and there are tools to crack it. rely on WEP only
if there's nothing valuable on your network.
oh, one thing about WEP and the WAP11 (and also the SMC barricade
version that has an access point in it too, i forget the version, this
may also apply to lots of other access points). there is an option to
specify a WEP passphrase. from the passphrase, a set of WEP
keys is generated.
unfortunately, the way the keys are generated is compatible with windows
(tested with W2K, W98 and WME, i think, compatibility is probably a
function of the fact that we use the linksys' setup software to set up
the client WEP keys :) but is not compatible with linux' iwconfig:
iwconfig eth0 key s:<passphrase> [whichKeyToUse]
when i used WEP, i had to type the wep key in there as hex digits
instead of using the passphrase.
tiger
--
Gerald Timothy Quimpo tiger*quimpo*org gquimpo*sni-inc.com tiger*sni*ph
Public Key: "gpg --keyserver pgp.mit.edu --recv-keys 672F4C78"
This is a court of law, young man, not a court of justice.
Oliver Wendell Holmes.
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
