#I am still undecided whether this will be my final configuration due to #security concerns, i.e. drive-by sniffing, neighbor sniffing, etc. Most #probably I will: # 1. Go back to using linux as a firewall. # 2. Treat the wireless subnet as an "untrusted segment" # 3. Only allow the wireless subnet to do external http/https # 4. Tunnel smtp/pop over ssh to the firewall and my pop/postfix server # 5. Figure out how to let the wireless segment access my mp3's on # my mp3/samba server. # 6. Find a way to prevent neighbors/drive-by spammers from # "piggybacking" onto my wirelss net (or at least make it difficult) #
After some research, and asking people around, I think this is the setup I can live with: 1. Use my existing Linux gateway; add a WiFi card to it so it can also be the gateway of the wireless nodes. 2. Use Ad-Hoc mode 3. Enable WEP encryption 4. SSH tunnel everything from the wireless nodes -- HTTP, POP/SMTP, etc. With this setup, overall application-level bandwidth will decrease by more than 50%. But I'd rather have that than find out one day that a rouge user had messed up with my setup (It's my paranoia working here.) Questions: 1. If I ssh-tunnel HTTP, I guess I need to have something in the gateway to proxy all HTTP requests. Is SQUID the answer? 2. As with G.T.'s #5 in his to-do list, I'm still at lost with how to Samba-share files from the Linux box. One article I read suggest that NetBEUI is used as opposed to TCP/IP when sharing Windows folders. Now, does anyone know if Samba can ride on NetBEUI? I'd appreciate any information. Thanks, jeff -- -- Jeff Gutierrez Pinoy Ako! May reklamo? Mapua Online! http://www.mapua.org http://www.mapua.com http://www.mapua.net Intertainer, Entertainment On Demand http://www.intertainer.tv _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
