A more simple way is to use a linksys BEFW11S4. See my site http://www.hartwellroad.net/about.html . The BEFW11S4 or any other DSL/cable type router will let you do NAT. This way you can setup local networks that can't be seen outside the BEF.
My neighbors all have their own networks and connect to my house for the internet. No one from the outside can connect to their LANs because they are behind the BEF which is using bogus local IP addresses. Stefan http://www.hartwellroad.net/ ----- Original Message ----- From: "Greg Troutman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, November 01, 2002 12:49 AM Subject: Re: [BAWUG] WLAN Privacy Issues > Eric Foy wrote: > > Gentlemen: > > > > I have three LANs at three physical locations, which I have bridged > > together using Lynksys WAP11s. This configuration gives me high > > speed internet access through a single uplink at one of the > > locations. I have the APs running in bridge mode with 128-bit WEP > > enabled. I now have the following question: How can I structure my > > network to have several "virtual LANs" which would allow all users > > access to the internet portal, but denying users of one "virtual LAN" > > any knowledge of the existance of nodes (computers) in another > > "virtual LAN". Is this possible? The only thing I can think of is > > setting up different workgroups (this is all Winbloze stuff) or NT > > domains, but I don't know any of the security issues about those > > features. Something about subnet masks also comes to mind, but those > > things are still somewhat of a mystery to me. Any advice here would > > be GREATLY appreciated. > > Make the WAP11 bridges their own backbone network (eg. 192.168.10.0/24) > and run a crossover cable from each WAP11's ethernet to an ethernet > port of a PC with two LAN cards. The other LAN card in the PC is > connected to the hub/switch of the local vlan at this location and the > PC is setup to route or 'ip forward'... We'll call those PC's 'routers' > from now on... You set up the vlan side of each router as a unique > network inside your domain (eg. 192.168.20.0/24, 192.168.30.0/24, > etc...) The vlan side IP address of each router is setup as the default > gateway for the machines on it's vlan and the backbone side IP address > of the router with the internet connection on it's vlan is the default > gateway for all the other routers... > > This will isolate these networks from most 'normal' users... If you need > a higher level of security just add port level controls of the ip > forwarding done by each of the 'routers' to prevent unauthorized probing > of the other networks (eg. only allowing ip forwarding on ports 21, 80 > and 443 lets most small-scale sites work fine and dramatically reduces > any intra-office hanky panky, though the ftp part will likely cause you > grief one way or another)... > > > -- > general wireless list, a bawug thing <http://www.bawug.org/> > [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
