Re: [leaf-user] WAP
Hello, I just want to add my experience with DI-713P. Login into the Wireless Router and set its internal IP as 192.168.0.1 and its router as 192.168.0.254 (assume that the latter is the IP you will set for 3rd NIC in Bering). I also set the external IP of the wireless router as something fake (e.g. 10.0.0.0) and do not connect anything to the WAN-plug. You can still use DHCP from Bering. Together with other secure things (wireless WEP) in your case, as you have only 2 static IPs, so you can modify Shorewall to allow only those IPs to access your internal machines if you want and also use Shorewall to limit access to those MACs I am not sure if the P means print-server, but if it is as in my case, with this setup (allow internal machines to access the new interface), you will be able to print from all machines in your house to the printer 192.168.0.1 Hope that helps. M Lu. From: "C. Dummy" <[EMAIL PROTECTED]> To: Ray Olszewski <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED] Subject: Re: [leaf-user] WAP Date: Fri, 17 Oct 2003 17:52:24 -0400 Thaks for answer. I'll be experimenting tomorrow. So you suggesting to plug cable form third NIC to normal plug not WAN plug and than that should work like switch with 2 UTPs outs and WiFi out. That sounds right. My thinking was that wired lan is 192.168.1.201/24 and WiFi on third interface DMZ with 192.168.0.0/24. I run static IPs on my LAN so lack of DHCP is no problem. I need to make mt three interfaces image and make some changes. Thanks for help again. Andrey Ray Olszewski wrote: At 10:08 PM 10/16/2003 -0400, C. Dummy wrote: I bought D-link 714 P+. There is no option to disable firewall on this router.From FAQ: You cannot disable the firewall on the router. D-Link routers use *NAT* (Network Address Translation) which allows multiple hosts to share a single address and make many concurrent connections. All D-Link routers have a DMZ option which will open all incoming ports to a single computer on your local network. That gives me connection to one computer using firewall from Bering box. I'm not sure if double NAT is good. There would be NAT from Bering box and than NAT from Router. Unless Bering box will treat router as a single IP adress and Router will NAT wireless machines. Anybody has any ideas how to make all these connections. I have Bering (1.2) box, running 3 computers on switch. Simple two interface setup. I need WAP for 2 laptops at the pick to browse internet. From what I read I should switch to 3 interfaces setup and put WiFi router on third NIC in DMZ. That would give me double NAT. Will this work? Should I try different setup? Andrey Well ... one option that will probably work is to use the device just as a WAP and ignore the router part entirely. I'm assuming here that the 714 has both wireless and UTP ports on the internal side (I have a 713P here, and that's what it has). To do this, you connect the LEAF router to an internal UTP port on the D-Link and make sure the LEAF interface you use is on the same network as the wireless hosts. You also need to tell the wireless hosts that the LEAF router, not the D-Link, is their default gateway, whch may mean you cannot use the D-Link for DHCP assignment. It's not so much that you "disable" the firewall as that it is that you just don't connect the external interface to anything. I haven't run this WAP recently, but when I did, this sort of configuration worked for me. I also used a double-NAT variant of the sort you describe, and that worked too (but I didn't test it with anything tricky or demanding). As to whether to put the WAP on the LAN or on a DMZ arrangement ... that depends on the general security model you use with your LAN. There is no short, one-size-fits-all answer to that one. --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email sponsored by: Enterprise Linux Forum Conference & Expo The Event For Linux Datacenter Solutions & Strategies in The Enterprise Linux in the Boardroom; in the Front Office; & in the Server Room http://www.enterpriselinuxforum.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html _
Re: [leaf-user] WAP
Thaks for answer. I'll be experimenting tomorrow. So you suggesting to plug cable form third NIC to normal plug not WAN plug and than that should work like switch with 2 UTPs outs and WiFi out. That sounds right. My thinking was that wired lan is 192.168.1.201/24 and WiFi on third interface DMZ with 192.168.0.0/24. I run static IPs on my LAN so lack of DHCP is no problem. I need to make mt three interfaces image and make some changes. Thanks for help again. Andrey Ray Olszewski wrote: At 10:08 PM 10/16/2003 -0400, C. Dummy wrote: I bought D-link 714 P+. There is no option to disable firewall on this router.From FAQ: You cannot disable the firewall on the router. D-Link routers use *NAT* (Network Address Translation) which allows multiple hosts to share a single address and make many concurrent connections. All D-Link routers have a DMZ option which will open all incoming ports to a single computer on your local network. That gives me connection to one computer using firewall from Bering box. I'm not sure if double NAT is good. There would be NAT from Bering box and than NAT from Router. Unless Bering box will treat router as a single IP adress and Router will NAT wireless machines. Anybody has any ideas how to make all these connections. I have Bering (1.2) box, running 3 computers on switch. Simple two interface setup. I need WAP for 2 laptops at the pick to browse internet. From what I read I should switch to 3 interfaces setup and put WiFi router on third NIC in DMZ. That would give me double NAT. Will this work? Should I try different setup? Andrey Well ... one option that will probably work is to use the device just as a WAP and ignore the router part entirely. I'm assuming here that the 714 has both wireless and UTP ports on the internal side (I have a 713P here, and that's what it has). To do this, you connect the LEAF router to an internal UTP port on the D-Link and make sure the LEAF interface you use is on the same network as the wireless hosts. You also need to tell the wireless hosts that the LEAF router, not the D-Link, is their default gateway, whch may mean you cannot use the D-Link for DHCP assignment. It's not so much that you "disable" the firewall as that it is that you just don't connect the external interface to anything. I haven't run this WAP recently, but when I did, this sort of configuration worked for me. I also used a double-NAT variant of the sort you describe, and that worked too (but I didn't test it with anything tricky or demanding). As to whether to put the WAP on the LAN or on a DMZ arrangement ... that depends on the general security model you use with your LAN. There is no short, one-size-fits-all answer to that one. --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email sponsored by: Enterprise Linux Forum Conference & Expo The Event For Linux Datacenter Solutions & Strategies in The Enterprise Linux in the Boardroom; in the Front Office; & in the Server Room http://www.enterpriselinuxforum.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] WAP
At 10:08 PM 10/16/2003 -0400, C. Dummy wrote: I bought D-link 714 P+. There is no option to disable firewall on this router.From FAQ: You cannot disable the firewall on the router. D-Link routers use *NAT* (Network Address Translation) which allows multiple hosts to share a single address and make many concurrent connections. All D-Link routers have a DMZ option which will open all incoming ports to a single computer on your local network. That gives me connection to one computer using firewall from Bering box. I'm not sure if double NAT is good. There would be NAT from Bering box and than NAT from Router. Unless Bering box will treat router as a single IP adress and Router will NAT wireless machines. Anybody has any ideas how to make all these connections. I have Bering (1.2) box, running 3 computers on switch. Simple two interface setup. I need WAP for 2 laptops at the pick to browse internet. From what I read I should switch to 3 interfaces setup and put WiFi router on third NIC in DMZ. That would give me double NAT. Will this work? Should I try different setup? Andrey Well ... one option that will probably work is to use the device just as a WAP and ignore the router part entirely. I'm assuming here that the 714 has both wireless and UTP ports on the internal side (I have a 713P here, and that's what it has). To do this, you connect the LEAF router to an internal UTP port on the D-Link and make sure the LEAF interface you use is on the same network as the wireless hosts. You also need to tell the wireless hosts that the LEAF router, not the D-Link, is their default gateway, whch may mean you cannot use the D-Link for DHCP assignment. It's not so much that you "disable" the firewall as that it is that you just don't connect the external interface to anything. I haven't run this WAP recently, but when I did, this sort of configuration worked for me. I also used a double-NAT variant of the sort you describe, and that worked too (but I didn't test it with anything tricky or demanding). As to whether to put the WAP on the LAN or on a DMZ arrangement ... that depends on the general security model you use with your LAN. There is no short, one-size-fits-all answer to that one. --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] WAP
I bought D-link 714 P+. There is no option to disable firewall on this router.From FAQ: You cannot disable the firewall on the router. D-Link routers use *NAT* (Network Address Translation) which allows multiple hosts to share a single address and make many concurrent connections. All D-Link routers have a DMZ option which will open all incoming ports to a single computer on your local network. That gives me connection to one computer using firewall from Bering box. I'm not sure if double NAT is good. There would be NAT from Bering box and than NAT from Router. Unless Bering box will treat router as a single IP adress and Router will NAT wireless machines. Anybody has any ideas how to make all these connections. I have Bering (1.2) box, running 3 computers on switch. Simple two interface setup. I need WAP for 2 laptops at the pick to browse internet. From what I read I should switch to 3 interfaces setup and put WiFi router on third NIC in DMZ. That would give me double NAT. Will this work? Should I try different setup? Andrey M Lu wrote: I am not familiar to the 'scope' thing, but I am sure you do not need the router, you need only the access point if you connect your WAP to a separate NIC in the Bering router. I disable the router function in my D-Link 713P. M Lu. From: "C. Dummy" <[EMAIL PROTECTED]> To: Steve Wright <[EMAIL PROTECTED]> CC: LEAF-USER <[EMAIL PROTECTED]> Subject: Re: [leaf-user] WAP Date: Sat, 06 Sep 2003 17:00:29 -0400 better solution? But do I really need wap router in this case or _ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] WAP
Just as a note, my primary reasoning for thinking to put NAT behind NAT - and it wouldn't be an issue, BTW, since many ISP/MSP/MSSP companies, including the one I work for, provide RFC1918 address space for the WAN side and run NAT behind it on the LAN side, because it's all going out a managed Firewall - is because you could then have a hub in between the WAP and your Bering box to connect into to run Ethereal through to find out what kind of traffic is passing over your WAP link. Furthermore, it would also mean that you can actually access the WAP - something not easily done, if at all, in Bridging mode - if you needed to change the Wireless keys out for some reason, or do some sort of other configuration work on the device. I like having lots of powerful options, even if I'm unlikely to use them much. George C. Dummy wrote: My WAP might stand right on the bering box so thats no problem. Looks like third nic is the easiest resolution. I don't know much about squid proxy, and viz sshd (probably requires multiple flopppies or cd), not yet at least I just need WAP for simple browsing internet on laptop. Thanks for all the help. I'll have to read user's guide about third nic, DMZ and diffrent ip subnets on the same LAN I hope there are some examples. Thank you. Andrey Steve Wright wrote: On Sun, 2003-09-07 at 15:24, M Lu wrote: I am not familiar to the 'scope' thing, but I am sure you do not need the router, you need only the access point if you connect your WAP to a separate NIC in the Bering router. I disable the router function in my D-Link 713P. Yes, you can use a separate NIC, but then the AP must be next to the Bering Router, or run a new long cable. This is inconvenient, and is not required, unless the AP *is* right next to the Bering Box. These are scopes ; 10/8 172.16.1/24 192.168.0.0/24 You may run multiple scopes on one subnet(network cable/switch/NIC) and add rules about who may talk to who. It can be complicated at first, but it is very powerful, and much easier than heaps of iptables entries. /steve --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] WAP
My WAP might stand right on the bering box so thats no problem. Looks like third nic is the easiest resolution. I don't know much about squid proxy, and viz sshd (probably requires multiple flopppies or cd), not yet at least I just need WAP for simple browsing internet on laptop. Thanks for all the help. I'll have to read user's guide about third nic, DMZ and diffrent ip subnets on the same LAN I hope there are some examples. Thank you. Andrey Steve Wright wrote: On Sun, 2003-09-07 at 15:24, M Lu wrote: I am not familiar to the 'scope' thing, but I am sure you do not need the router, you need only the access point if you connect your WAP to a separate NIC in the Bering router. I disable the router function in my D-Link 713P. Yes, you can use a separate NIC, but then the AP must be next to the Bering Router, or run a new long cable. This is inconvenient, and is not required, unless the AP *is* right next to the Bering Box. These are scopes ; 10/8 172.16.1/24 192.168.0.0/24 You may run multiple scopes on one subnet(network cable/switch/NIC) and add rules about who may talk to who. It can be complicated at first, but it is very powerful, and much easier than heaps of iptables entries. /steve --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] WAP
Uhhh, those are subnets. I've heard of scopes only when referencing DHCP/BOOTP for the range of IP's to be serviced. If you're using NetBIOS, which you're not from the looks of it, the scope IDs are further described in RFCs 1001/1002. The scope IDs and subnets are similar concepts, but used with different protocols. Tony <<>> > > These are scopes ; > > 10/8 > 172.16.1/24 > 192.168.0.0/24 > > You may run multiple scopes on one subnet(network cable/switch/NIC) and > add rules about who may talk to who. > It can be complicated at first, but it is very powerful, and much easier > than heaps of iptables entries. > > > > /steve --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] WAP
On Sun, 2003-09-07 at 15:24, M Lu wrote: > I am not familiar to the 'scope' thing, but I am sure you do not need the > router, you need only the access point if you connect your WAP to a separate > NIC in the Bering router. I disable the router function in my D-Link 713P. Yes, you can use a separate NIC, but then the AP must be next to the Bering Router, or run a new long cable. This is inconvenient, and is not required, unless the AP *is* right next to the Bering Box. These are scopes ; 10/8 172.16.1/24 192.168.0.0/24 You may run multiple scopes on one subnet(network cable/switch/NIC) and add rules about who may talk to who. It can be complicated at first, but it is very powerful, and much easier than heaps of iptables entries. /steve --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] WAP
I am not familiar to the 'scope' thing, but I am sure you do not need the router, you need only the access point if you connect your WAP to a separate NIC in the Bering router. I disable the router function in my D-Link 713P. M Lu. From: "C. Dummy" <[EMAIL PROTECTED]> To: Steve Wright <[EMAIL PROTECTED]> CC: LEAF-USER <[EMAIL PROTECTED]> Subject: Re: [leaf-user] WAP Date: Sat, 06 Sep 2003 17:00:29 -0400 better solution? But do I really need wap router in this case or _ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] WAP
On Sun, 2003-09-07 at 09:00, C. Dummy wrote: > So running third nic and dmz with wap on that would be little bit > better solution? But do I really need wap router in this case or just > Bering box and wap would be enough? > Do you run WAP scope 192.168.10.0/24 from uplink on your switch or just > from regular rj45 for network? That is one school of thought. It is no different, as far as the kernel is concerned. Not better, just different, and easier to understand from the hardware point of view. Modern networking techniques make this approach obsolete, however. If you buy a complete Wireless Access Point, and configure it as a bridge, and attach an IP address that is outside the scope of your internal LAN, then there is no way any communication will take place from the wireless scope to the internal LAN scope. The WAP just does not have the know-how to bridge an IP that is no on its' scope. Then, configure only the services you need to listen on the WAP scope. Example ; Your Internal Wired LAN is - 192.168.0.0 netmask 255.255.255.0 Your WAP (bridging mode) IPaddress = 192.168.10.1 netmask 255.255.255.0 Now configure your squid proxy to listen on 192.168.10.254 Add a dhcpd entry to allocate addresses on the 192.168.10.0/24 subnet >From your wireless LAN, there will ONLY be one working address on the LAN, and that will be the squid proxy, for which you will need a password to use. Carefully enable other secured services as required, viz sshd. Your Internal LAN is now separate from your WAP LAN, yet they use the same cabling, and you haven't needed to write one single iptables entry. The above example should just 'work', but there will likely be issues since it was off the top of my head. This is "iproute2" networking, or otherwise called "policy routing". Later on, if you are so inclined, you can fiddle with this some more, by adding rules and multiple routing tables on the basis of "Routing Policy". Rarely do you need to return to iptables to set Networking Policy. Networking is fun again.. 8-)) HTH, Steve --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] WAP
So running third nic and dmz with wap on that would be little bit better solution? But do I really need wap router in this case or just Bering box and wap would be enough? Do you run WAP scope 192.168.10.0/24 from uplink on your switch or just from regular rj45 for network? Andrey Steve Wright wrote: On Sun, 2003-09-07 at 01:08, C. Dummy wrote: Hi . I just came back to mailing list after a while. I'm running Bering 1.2 with dsl modem and than switch with 4 computers on static internal ip's. I'd like to add wireless access point. What is the best way to do that? Depends what you want to do with it. As George says, wireless is not remotely secure, so you should only run secured protocols, or irrelevant protocols over it. You must not plug a WAP directly into your internal firewalled LAN without taking substantial precautions. I have my WAP on a different network scope than my internal LAN, so *nothing* is visible to wireless clients unless I enable a service specifically. ie ; LAN scope 192.168.0.0/24 WAP scope 192.168.10.0/24 Now you may add IPs on the WAP scope to whatever services you want available to the WAP. Other hosts and services are invisible. This is far easier than firewalling everything. Both scopes run simultaneously on the same network cabling. HTH, Steve --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] WAP
On Sun, 2003-09-07 at 01:08, C. Dummy wrote: > Hi . > I just came back to mailing list after a while. I'm running Bering 1.2 > with dsl modem and than switch with 4 computers on static internal ip's. > I'd like to add wireless access point. What is the best way to do that? Depends what you want to do with it. As George says, wireless is not remotely secure, so you should only run secured protocols, or irrelevant protocols over it. You must not plug a WAP directly into your internal firewalled LAN without taking substantial precautions. I have my WAP on a different network scope than my internal LAN, so *nothing* is visible to wireless clients unless I enable a service specifically. ie ; LAN scope 192.168.0.0/24 WAP scope 192.168.10.0/24 Now you may add IPs on the WAP scope to whatever services you want available to the WAP. Other hosts and services are invisible. This is far easier than firewalling everything. Both scopes run simultaneously on the same network cabling. HTH, Steve --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] WAP
Thanks for fast response. Third nic you mean in Bering box and use that as the only connection to wap router? But in this case we are getting NAT masquerading from Bering and than after that from WAP router that's 2 times NAT masquerading doesn't this couse problems accessing internet? Andrey George Metz wrote: I would strongly recommend that if you do this, you either: 1. Get a router-in-a-box with a WAP on it, instead of just a WAP. 2. Put the WAP on a DMZ from a third NIC. 3. Both of the above - can't be too careful. Wireless, even running WEP encryption, can be a serious security flaw in any network. Anyone in your neighborhood is going to be able to access it one way or another, either by directional antenna or by taking a laptop and sitting outside your house. Apartments are even worse. If you're going to be using wireless basically as a method to sit outside on a nice day and use a laptop to browse the net, then putting the WAP on a DMZ with rules in shorewall to prevent it from accessing the wired LAN is probably a good idea. For extra security, sticking it behind a Router/WAP combo that's actually doing NAT masquerading from the DMZ isn't a bad idea either, as long as the shorewall rules are in place as well. For a good deal, check Best Buy if you have one in your area. I managed to get the Microsoft MN-500 Wireless router/4 port switch combo for $30 because someone had opened it and returned it - it was fully functional. (Oddly enough though, in routing mode, you can't play Asheron's Call - one of Microsoft's games - from more than one client at a time. I'm assuming this would be an issue as a router for any online games that use multiple UDP connections. Bering 1.2 and Shorewall handle it out of the box, as it were.) George Metz C. Dummy wrote: Hi . I just came back to mailing list after a while. I'm running Bering 1.2 with dsl modem and than switch with 4 computers on static internal ip's. I'd like to add wireless access point. What is the best way to do that? Plug in wap to switch which is behind Bering? Can they exist together Bering switch and WAP? Or Bering switch and wireless router? Most of the WAP's comes with router, should I buy one with router built in or without? Is this the way to go running WAP from the switch? I want my wire connections to be as a main structure I'll use WAP only from time to time. Sorry if all this sounds stupid but I have never had any experience with wireless connections? Andrey --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] WAP
I would strongly recommend that if you do this, you either: 1. Get a router-in-a-box with a WAP on it, instead of just a WAP. 2. Put the WAP on a DMZ from a third NIC. 3. Both of the above - can't be too careful. Wireless, even running WEP encryption, can be a serious security flaw in any network. Anyone in your neighborhood is going to be able to access it one way or another, either by directional antenna or by taking a laptop and sitting outside your house. Apartments are even worse. If you're going to be using wireless basically as a method to sit outside on a nice day and use a laptop to browse the net, then putting the WAP on a DMZ with rules in shorewall to prevent it from accessing the wired LAN is probably a good idea. For extra security, sticking it behind a Router/WAP combo that's actually doing NAT masquerading from the DMZ isn't a bad idea either, as long as the shorewall rules are in place as well. For a good deal, check Best Buy if you have one in your area. I managed to get the Microsoft MN-500 Wireless router/4 port switch combo for $30 because someone had opened it and returned it - it was fully functional. (Oddly enough though, in routing mode, you can't play Asheron's Call - one of Microsoft's games - from more than one client at a time. I'm assuming this would be an issue as a router for any online games that use multiple UDP connections. Bering 1.2 and Shorewall handle it out of the box, as it were.) George Metz C. Dummy wrote: Hi . I just came back to mailing list after a while. I'm running Bering 1.2 with dsl modem and than switch with 4 computers on static internal ip's. I'd like to add wireless access point. What is the best way to do that? Plug in wap to switch which is behind Bering? Can they exist together Bering switch and WAP? Or Bering switch and wireless router? Most of the WAP's comes with router, should I buy one with router built in or without? Is this the way to go running WAP from the switch? I want my wire connections to be as a main structure I'll use WAP only from time to time. Sorry if all this sounds stupid but I have never had any experience with wireless connections? Andrey --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
