From owner-freebsd-questions@FreeBSD.ORG Sat Dec 27 19:24:42 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 317C0106564A for ; Sat, 27 Dec 2008 19:24:42 +0000 (UTC) (envelope-from lists@sequestered.net) Received: from alcatraz.sequestered.net (alcatraz.sequestered.net [24.199.11.2]) by mx1.freebsd.org (Postfix) with ESMTP id 09B128FC08 for ; Sat, 27 Dec 2008 19:24:42 +0000 (UTC) (envelope-from lists@sequestered.net) Received: from singularity.sequestered.net (unknown [192.168.1.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: jay@sequestered.net) by alcatraz.sequestered.net (Postfix) with ESMTPSA id A523B68033; Sat, 27 Dec 2008 11:24:28 -0800 (PST) Message-ID: <495680E9.7070800@sequestered.net> Date: Sat, 27 Dec 2008 11:24:25 -0800 From: Corey Chandler User-Agent: Thunderbird 2.0.0.18 (Macintosh/20081105) MIME-Version: 1.0 To: raggen@raggens.net References: <560f92640812221349y683a7cbhce8ae0f22a8bedf0@mail.gmail.com> <4950245D.5090006@telia.com> <49502764.10405@sequestered.net> <560f92640812221631l777631eaga00687a7e3dafe77@mail.gmail.com> <49503F7D.8060805@sequestered.net> <4950EAD1.6070802@telia.com> In-Reply-To: <4950EAD1.6070802@telia.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-SEQUESTERED-NET-MailScanner-Watermark: 1231010669.18492@P7QVDrgRws5gC4lAMu/h6A X-SEQUESTERED-NET-MailScanner-Information: Please contact Sequestered.net support for more information X-MailScanner-ID: A523B68033.625CB X-SEQUESTERED-NET-MailScanner: Found to be clean X-SEQUESTERED-NET-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=0, required 6, autolearn=not spam) X-SEQUESTERED-NET-MailScanner-From: lists@sequestered.net X-Spam-Status: No Cc: freebsd-questions@freebsd.org, Nerius Landys Subject: Re: Wireless router? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Dec 2008 19:24:42 -0000 Roger Olofsson wrote: > > > Corey Chandler skrev: >> Nerius Landys wrote: >>> Thank you all for your suggestions. This will be a project for me >>> over the holidays. I decided to go the standalone wireless router >>> approach. >> Good man! >>> I will need to figure out how to configure my standalone >>> wireless router to "pass everything through" to the internal LAN that >>> I already have. >> It's called "Bridge mode" on most APs-- it does exactly what you >> describe. Just make sure things like "DHCP server" are turned off or >> you'll see some... odd breakages. >>> Also I don't know too much about security, like how >>> to prevent eavesdroppers from connecting to my internal network. One >>> of you mentioned access lists, and I assume that means I tell the >>> wireless router which MAC addresses it accepts, and nothing else. >> Ugh. MAC addresses are trivial to spoof-- I usually don't bother >> with using them for security, although I do use 'em to ensure that >> particular machines always inherit particular addresses. >> >>> Is there any other way to provide security? Like a password-protected >>> network? What are the buzzwords for these security schemes? Which >>> security scheme do you recommend for preventing random people within >>> proximity from connecting to my internal netowrk? >>> >> >> Absolutely. Google for WPA or WPA2; WEP has been broken and is >> trivial to bruteforce, so I'd not bother with that. >> >> Once you get the unit in, feel free to email me off list for >> configuration questions; it sounds like a fun project! >> >> -- CJC >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" >> >> >> ------------------------------------------------------------------------ >> >> >> No virus found in this incoming message. >> Checked by AVG - http://www.avg.com Version: 8.0.176 / Virus >> Database: 270.10.0/1861 - Release Date: 2008-12-22 11:23 >> > > Hello Corey, > > I don't use 'bridge mode'. I set a normal LAN ip for the wifi router - > as well as ips to the FreeBSD gateway and dns. This is for the LAN > part of the router - then another internal LAN ip for the wifi part. > > To examplify. > > Wifi router LAN part - ip 192.168.0.20, gateway 192.168.0.1, dns > 192.168.0.10 and 192.168.0.11. > > Wifi wifi part - network 10.0.0.1 - 10.0.0.10. The problem with doing that is a lot of systems start throwing weird errors in a double NAT environment. I'd probably avoid that step and restrict wireless to its own VLAN if I were to go that route...