[TCLUG] Semi-OT: Wireless Access Point?

Mon Apr 19 16:33:41 CDT 2004

On Mon, Apr 19, 2004 at 01:17:28PM -0500, Chad Walstrom wrote:
> Take this into consideration.  You do not want access to your local
> machines to be limited by your upstream connection.  I am running into
> this at home because I currently do not have a firewall/private lan set
> up.  Each of my machines is grabbing an IP address from the ISP, and all
> traffic is being routed by the ISP's router.  This is partially because
> I have a really stupid HUB, and not a smart switch.
> 
> The simplest thing you can do to leverage what you currently have is
> to use your Cisco 675 to do NAT and Firewall.  Buy a switch and
> Wireless AP and attach your AP in bridging mode, which should let
> your Cisco assign DHCP addresses to any device on the network.

Already doing that - internally I'm running a 10.x.x.x, the Cisco
provides DHCP, and as long as I use the actual machine name, instead
of my domain name, I never go out over the internet.  Learned that
trick for my wife for her webmail a couple of years ago.

> Make sure you set up WEP and Mac filtering in the very least (though
> neither are very secure).

I know that I need to turn on the not terribly good security on my WAP
- I'll be looking into exact options after I get one.

> If you want a Linux firewall, you can do more fancy security measures by
> having a capture-portal based authentication.  WEP and Mac filtering are
> pretty useless for authorizing individuals to your network, and you
> can't do such advanced routing with the Cisco 675.  The cool thing about
> capture-portals is that you can apply it to the full subnet if you want.
> It doesn't matter if the user is on wireless or wired connections.

I'm middling likely to end up with a 'no unencrypted traffic accepted'
setup by the time I'm done.  I'm going to have to tighten up some
Windows security anyway - I may just turn it off completely, and teach
my wife some new tricks.

But none of this address my 'anyone have any local vendor or hardware
recommendations?' question.

-- 
Scott Raun
sraun at fireopal.org

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list