----- Original Message ----- From: "John Landahl" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, June 26, 2002 3:13 AM Subject: Re: [BAWUG] How to ? Will this work
> On Tuesday 25 June 2002 05:03 pm, Enrique LaRoche wrote: > > > > DSL (PPOE) <-Linksysrouter (192.168.123.230) <-Switch 8-port<linkysrouterB > > (192.168.1.254)<-linksys WAP-11 Wireles clients > > All the other lan clients are connected to the 8 port switch. > > > > Whadya think. Can the wireless clients access the wired lan? Via TCP-IP > > Looks to me like its fairly secure. > > I'm no routing or network security expert, but this doesn't look secure to me. > With the wireless Linksys hooked directly to the same switch and no firewall > blocking the way, theoretically a wireless client could guess the IP subnet > of the wired clients (wouldn't be hard), add a static route to their machine > and voila -- access to your internal network. > > You'd be much safer with a router/firewall in front of your LAN, preferrably > putting the wireless subnet in a DMZ. The easiest way to do this is to get > an old 486/Pentium with two (or preferrably three) NICs and use FreeSCO > (http://www.freesco.org/) or LEAF/Bering (http://leaf.sourceforge.net/). > > - John > -- > general wireless list, a bawug thing <http://www.bawug.org/> > [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless > I use have used the FreeSCO solution for over 2 years. It is very stable on a 586AMD with 32mb RAM - no hard disk - only a floppy w/ 3 - ISA 3com NICs. The only hard difficulty in set-up was that the IRQ of the NIC determines the naming sequence beginning with the lowest IRQ number equal to eth0. You need to hard set the NICs to the IRQ & Base Address. Do not use Plug & Play mode on the NICs! I keep the wireless stuff on a separate subnet which is not bridged or routable to my wired clients. 3rd NIC goes out to the cable modem. Both private NICs are routable to the outside. -Paul -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
