Simon Hobson wrote: > Tom Eastep wrote: > >> Or, you can turn of NAT in your wireless router. But if you do, you need >> to update your routing on the firewall. > > Do you think : > > Turn off NAT in wireless router & put it's WAN IP on a different > subnet to the 'loc' subnet. > > would be better/easier to manage ? > > Ie, the connection from WAN port of wireless router would be to > eth5:0 and use (say) 192.168.3.0/24). > Loc could then be eth5:192.168.168.0/24 (or however that's correctly > written), and Loc2 could then be eth5:192.168.2.0/23 (/23 encompasses > both the Loc2 subnet, and the extra one just created). > > Loc and Loc2 are then separate zones I believe. >
Simon, Your approach would certainly help isolate the wireless network from the local network. I don't know if that is one of Jeremy's goals or not. He could be relying WPA2 authentication in which case it is probably safe to allow wireless clients to connect to local hosts. Note that in his current setup that uses NAT, it is generally not possible for local hosts to connect to a host in the wireless network. -Tom -- Tom Eastep \ The ultimate result of shielding men from the Shoreline, \ effects of folly is to fill the world with fools. Washington, USA \ -Herbert Spencer http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
