Please do post your how-to as soon as it is finished. I'd be interested in it anyways, and I do understand on not having any time. :)
--Jeremy On Friday 20 August 2004 12:00 pm, Michael Thompson wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I agree the 3 NIC setup would be optimal. If you use an OpenBSD > firewall, you could use authpf on your wireless network to require that > users log in with a ssh session before the firewall will open the > outgoing ports for *that* ip only. I currently use that setup at home, > now an attacker would have to crack my openbsd box to get out to the > net. Even if the WEP is cracked, the wardriver will be trapped in the > wireless 'DMZ'. Of course, they can still sniff your wireless traffic, > so this is still not a replacement for standard wireless security > policies... > > I've been trying to document my setup for a while now, but haven't had > the time. I hope to upgrade my OBSD firewall to v3.5 this weekend, if I > do, I'll try to document as I go and build a small 'how-to' and post to > the list. > > Just $.02 :) > > - --mike > > Andrew Perrin wrote: > | Welcome! My own thought is that I would use a plain WAP for the wireless > | itself -- makes life easier to separate that out -- and then an iptables > | box to route in and out. If you will also have wired connections to the > | server, I would recommend using three ethernet cards in the routing box: > | one to the outside world, one to the WAP, and one to wired clients. That > | way anything coming in on the wired card can be issued an address, while > | requests coming in from the WAP can be treated with more suspicion. > | > | ap > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (Darwin) > > iD8DBQFBJiANuxlRkoWKZoMRAv0TAJ9cNbw4WeyuwLdocvKdmBYIM8v9xgCgnz87 > Pa4WtQohnSKr3eso6si84UI= > =fnbK > -----END PGP SIGNATURE----- -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
