Hi Karsten,
On Thu, 31 May 2007 at 17:37 +0200, Karsten Ensinger wrote:
> Is it possible to force Freewrt to tag all packages one receives
> via WLAN with a specific VLAN-ID (say VLAN7) and prohibit any
> possibility to "fake" a different VLAN-ID via WLAN (this means
> to force substitution of any already included VLAN-ID into the
> specific one (VLAN7) or alternatively to drop packages already
> tagged on reception)?
I have no idea. You have a vconfig utility in the base install on
Linksys/Asus/Netgear routers. Did you try to play with it?
> The background to this question is, that I want to allow my
> neighbour to use my WLAN for reaching the internet. As a matter
> of course I want to protect my internal net not only against
> my neighbour but also to all others trying to intrude via WLAN.
> Especially against hackers who try to send already tagged
> packages to circumvent the firewall. My internal net is already
> separated by VLANs (via a VLAN capable switch).
Hmm. What about the new multiple SSID feature in the FreeWRT
development version? You could use separate wlan access points for
that.
> Unfortunately I also want to be able to connect with my laptop
> via WLAN and reach some machines on the internal net. Therefore
> it is not an option to block all traffic from WLAN to the internal
> switch ports.
> Who said it would be an easy problem? ;-)
The multiple ssid feature in the development version is fully
untested. Furthermore we will integrate a complete new ifupdown
infrastructure in the development version really soon. So if you
like to beta test the multiple ssid feature, we could assist you.
Who said it would be an easy answer ;)
> Is there a solution which will secure the WLAN side but enables
> my laptop to reach machines on the internal net? Maybe the VLAN
> idea is completely wrong for the WLAN side?
Or at least more complicated. For these scenarios many drivers have
virtual accesspoint support. Madwifi seems the best solution for
that, so if you are using a Netgear WGT634u, you are lucky, because
this could even be configured (manually with help of the madwifi
documentation) in the stable FreeWRT 1.0 system.
> I would be grateful for any suggestions.
Have fun
Waldemar
--
don't open your wrt, free it
http://www.freewrt.org
_______________________________________________
freewrt-users mailing list
[email protected]
https://www.freewrt.org/lists/listinfo/freewrt-users
