Get a WAP with router, then - Linksys has it - am using one - a WAP with a 4-port Ethernet switch that acts as a router/firewall to my DSL connection.
--o000o-- Prof. Rommel Palma Feria, MSc Director, University Computer Center University of the Philippines - Diliman Quezon City 1101 Philippines Voice: +63 2 9268837 Fax: +63 2 9204803 Email: [EMAIL PROTECTED] [EMAIL PROTECTED] ----------------------------------------- Original Message: From: Gerald Timothy Quimpo <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Sent: Sun Jan 19 15:13:24 EST 2003 Subject: Re: [plug] [OT] Linksys WAP11 wireless access point On Friday 17 January 2003 08:53 am, Jimmy Lim wrote: > > http://www.linksys.com/support/support.asp?spid=61 > according to the FAQ of the link, it says that it can't act as a > firewall, because it only bridge from wired Ethernet to wireless > clients, but correct me if i'm wrong, AFAIK, this can be done in Linux > with BRIDGE support and other unix like FreeBSD using BRIDGE & DUMMYNET > with ipfw or OpenBSD's pf with BRIDGE support. i have not read that part of the FAQ. however, my $.02 follows. the WAP is only an access point. it can also act as a bridge. there is only one ethernet jack there. you connect it using that jack to your lan switch or hub. it is not, a firewall. the networking code burned into it just does not have many features (you can set SSIDs and WEP keys, you can make it a bridge, you can tell it what its IP number is, i think that's about all you can do with it). if you want a firewall, you would put a router (hardware, like SMC Barricade or Cisco, or software like Linux, FreeBSD or OpenBSD) in front of everything. that router is connected to your broadband or dialup connection. the router would then either be a firewall in itself, or you would have a firewall between the router and your LAN switch or hub. if you wanted more security, you'd have your WAP11 connected straight to the firewall and wireless users would have to establish VPN sessions with the firewall. any non-VPN sessions would not pass beyond the firewall. WEP is good, but it's known to be breakable and there are tools to crack it. rely on WEP only if there's nothing valuable on your network. oh, one thing about WEP and the WAP11 (and also the SMC barricade version that has an access point in it too, i forget the version, this may also apply to lots of other access points). there is an option to specify a WEP passphrase. from the passphrase, a set of WEP keys is generated. unfortunately, the way the keys are generated is compatible with windows (tested with W2K, W98 and WME, i think, compatibility is probably a function of the fact that we use the linksys' setup software to set up the client WEP keys :) but is not compatible with linux' iwconfig: iwconfig eth0 key s:<passphrase> [whichKeyToUse] when i used WEP, i had to type the wep key in there as hex digits instead of using the passphrase. tiger -- Gerald Timothy Quimpo tiger*quimpo*org gquimpo*sni-inc.com tiger*sni*ph Public Key: "gpg --keyserver pgp.mit.edu --recv-keys 672F4C78" This is a court of law, young man, not a court of justice. Oliver Wendell Holmes. _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED] ------------------------------------------------------------------------------------------- This message was sent using DeskNow Lite - Free collaboration platform http://www.desknow.com _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
