Date: Sat, 27 Dec 2008 11:24:25 -0800 From: Corey Chandler <lists@sequestered.net> To: raggen@raggens.net Cc: freebsd-questions@freebsd.org, Nerius Landys <nlandys@gmail.com> Subject: Re: Wireless router? Message-ID: <495680E9.7070800@sequestered.net> In-Reply-To: <4950EAD1.6070802@telia.com> References: <560f92640812221349y683a7cbhce8ae0f22a8bedf0@mail.gmail.com> <4950245D.5090006@telia.com> <49502764.10405@sequestered.net> <560f92640812221631l777631eaga00687a7e3dafe77@mail.gmail.com> <49503F7D.8060805@sequestered.net> <4950EAD1.6070802@telia.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Roger Olofsson wrote: > > > Corey Chandler skrev: >> Nerius Landys wrote: >>> Thank you all for your suggestions. This will be a project for me >>> over the holidays. I decided to go the standalone wireless router >>> approach. >> Good man! >>> I will need to figure out how to configure my standalone >>> wireless router to "pass everything through" to the internal LAN that >>> I already have. >> It's called "Bridge mode" on most APs-- it does exactly what you >> describe. Just make sure things like "DHCP server" are turned off or >> you'll see some... odd breakages. >>> Also I don't know too much about security, like how >>> to prevent eavesdroppers from connecting to my internal network. One >>> of you mentioned access lists, and I assume that means I tell the >>> wireless router which MAC addresses it accepts, and nothing else. >> Ugh. MAC addresses are trivial to spoof-- I usually don't bother >> with using them for security, although I do use 'em to ensure that >> particular machines always inherit particular addresses. >> >>> Is there any other way to provide security? Like a password-protected >>> network? What are the buzzwords for these security schemes? Which >>> security scheme do you recommend for preventing random people within >>> proximity from connecting to my internal netowrk? >>> >> >> Absolutely. Google for WPA or WPA2; WEP has been broken and is >> trivial to bruteforce, so I'd not bother with that. >> >> Once you get the unit in, feel free to email me off list for >> configuration questions; it sounds like a fun project! >> >> -- CJC >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" >> >> >> ------------------------------------------------------------------------ >> >> >> No virus found in this incoming message. >> Checked by AVG - http://www.avg.com Version: 8.0.176 / Virus >> Database: 270.10.0/1861 - Release Date: 2008-12-22 11:23 >> > > Hello Corey, > > I don't use 'bridge mode'. I set a normal LAN ip for the wifi router - > as well as ips to the FreeBSD gateway and dns. This is for the LAN > part of the router - then another internal LAN ip for the wifi part. > > To examplify. > > Wifi router LAN part - ip 192.168.0.20, gateway 192.168.0.1, dns > 192.168.0.10 and 192.168.0.11. > > Wifi wifi part - network 10.0.0.1 - 10.0.0.10. The problem with doing that is a lot of systems start throwing weird errors in a double NAT environment. I'd probably avoid that step and restrict wireless to its own VLAN if I were to go that route...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?495680E9.7070800>