As a note, if the intended home environment happens to have metal siding of any type, this can REALLY kill your ability to use WiFi out in your yard. On the other hand, it makes it really difficult for someone to pick up your WiFi signal from across the street, as well. Old wiring and proximity to a microwave transmission tower can also have all sorts of interesting effects.
Remember, if you want to get it set up quick and dirty, set up the DMZ, don't worry about the IPSec for now and just go with the built-in encryption, and just get her online with a strong caution that anyone can drive down the street with a laptop and pick up anything she sends across it, so don't send credit cards or other financial data over the line. Then, when you've got time, go back and research, then implement the IPSec tunnel. WEP should be enough to fend off the simply curious for the time being, though turning off the WAP when she's not going to be using it might not be a bad idea. (Trips, busy weeks at work, etc.)
George
[EMAIL PROTECTED] wrote:
I have done something similar but not using a DMZ. I simply added a second Private network for the WiFi network using a normal NIC and a Separate Wireless Access Point. Simply don't add any rules that will allow the two networks to interact into your shorewall rules and you have 2 independent, isolated internal networks both of which have internet access through your firewall. The WiFi equipment we used had the capability to encrypt it's own communications which we implemented to ensure that other laptops could not be connected to the wireless network and use our satellite connection without permission. All of our gear was from Alloy.
Andrew Gray
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sean E. Covel Sent: Tuesday, 16 Dec 2003 06:19 To: [EMAIL PROTECTED] Cc: Leaf User List Subject: Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
Julian,
On Mon, 2003-12-15 at 11:32, Julian Church wrote:
Hi Sean
On Mon, 15 Dec 2003 10:02:35 -0500, Sean E. Covel <[EMAIL PROTECTED]> wrote:
Here is what I am proposing to do:
Cable Modem -> Bering --> (Private Network) Current PC (Windows XP) | ---> DMZ --> WAP --> Laptop (Windows XP)
The question is, of course, how to secure the WIFI and Laptop. I was hoping that the Laptop could establish an IPSEC connection through the WAP to Bering.
Strange!
That's exactly what I'm planning at home, except there are two laptops, both running Mac OS X (which has an IPSEC client built in.
As far as I've determined by searching the internet, as long as your access point is set up as a transparent bridge, the IPSEC traffic will pass straight through.
cheers
Julian
Since this needs to be up-and-running quickly, and I'm doing it in my spare time, I wanted to go the path of least resistance. How soon till you implement? I was hoping to learn from someone else's mistakes ;-). Don't want to be the trailblazer on this one. It just sounds too easy. Anyone actually done it? Even with 802.11a/b/g?
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
__________ NOD32 1.579 (20031215) Information __________
This message was checked by NOD32 antivirus system. http://www.nod32.com
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html