Simon Hobson <[email protected]> writes: > [email protected] wrote: > >> I plan to make a home network; one can see my plan here: >> >> https://dl.dropboxusercontent.com/u/56020882/HomeNetwork_01.png
>> I shall use shorewall as firewall. This should be a firewall with 4 >> interfaces. >> >> >> My question is: should I use for wireless LAN ( wlan0) dmz zone also, as >> for web server ( eth2)? > > I'd be more inclined to make it it's own zone OR to make it part of > the loc zone. There really isn't any right or wrong answer - as a lot > depends on your requirements and attitude to risk. > If you put it in it's own zone, then you can have fairly fine grained > control of how much access to the loc zone any wireless device has. > But you also need to consider the restrictions it may impose - many > "IOT" things expect the end user to have a "flat" network where all > devices have access to each other and can be found by simple broadcast > packets. Some of these may be difficult, or even impossible, to use > when connected to a different network to the computer you want to use > it from (whether that's accessing a WiFi device from wired computer, > or a wired device from a WiFi computer/tablet/phone. > > I'd also point out that a Pi is far from ideal for this sort of task - On second thought, I agree with you. > I believe there are other devices out there with better networking and > similar price levels - but it's not an area I'm familiar with. Then, I change plan for my home network. It remain as is, that is: My ISP |-- Cable modem .....|-- Bubba 2, the headless power pc box with WAN ( eth0 -- to my ISP), .........LAN ( eth1 -- to my home LAN wired network ) and .........USB WiFi dongle as Access Point ( wlan0 -- to my home wireless LAN: WLAN) The new in this configuration is the WLAN part. I'm trying configure the wlan0 as AP with hostapd. I reached my goal almost. I just can't to see my SSID on my mobile phone when I started the hostapd. May be caused this by a firewall? I have no setup yet for wlan0 at all. I plan to make it it's own zone. -- Regards from Pal ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
