On Tuesday 07 October 2003 19:57, Mariano Kamp wrote: > a couple of words about my boxes set up at home. I have one box, > rock, connected to a dsl-router on one interface, outside interface, > and the remaining > boxes on another interface, inside interface. On rock I use > shorewall/iptables for NAT and blocking all incoming tcp/ip > connections. So far so safe, I > believe. > > (Un)fortunately I also have a wlan access point plugged on to the > inside interface.
Well, I haven't done this, but it has been on my mind, so I'm just taking the opportunity to air my ideas. > Would I need a third network card to put into rock in order to > separate the wlan clients "physically" and ease setting up things > with the vpn and the firewall? This was exactly my idea: Get a third NIC for the router/firewall (I have one lying around allready), and have the WLAN Access Point on that NIC. The Access Point itself, I would configure to be very open. Anybody can connect, I don't mind. It is firewalled off from the internal network, just like the Internet, with the exception that a CUPS server is accessible. It's in a not-very-densely populated area, so if any of the neighbours would need some bandwidth...., I'll just monitor it to see if it gets out of the hand (it's like going over and ask "can I borrow a cup of bandwidth, please?" :-) Neighbours should do that for each other). Another exception I have thought about is to limit the outwards bandwidth on port 25 so that pumping large amounts of e-mail is infeasible, just in case anybody who is connecting has a virus. One concern is that if somebody has a router with a connection to the Internet and my Access Point (which isn't bad in itself, as long as my packets can go either way), then my CUPS server would be accessible to the world, not what I desired, I wanted it only to be accessible to the machines connecting directly to the Access Point. Is there simple solution to this? How does this sound? Best, Kjetil -- Kjetil Kjernsmo Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Homepage: http://www.kjetil.kjernsmo.net/ OpenPGP KeyID: 6A6A0BBC -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
