Date: Sat, 27 Dec 2008 20:49:54 +0100 From: Roger Olofsson <240olofsson@telia.com> To: Corey Chandler <lists@sequestered.net> Cc: raggen@raggens.net, freebsd-questions@freebsd.org, Nerius Landys <nlandys@gmail.com> Subject: Re: Wireless router? Message-ID: <495686E2.8090702@telia.com> In-Reply-To: <495680E9.7070800@sequestered.net> References: <560f92640812221349y683a7cbhce8ae0f22a8bedf0@mail.gmail.com> <4950245D.5090006@telia.com> <49502764.10405@sequestered.net> <560f92640812221631l777631eaga00687a7e3dafe77@mail.gmail.com> <49503F7D.8060805@sequestered.net> <4950EAD1.6070802@telia.com> <495680E9.7070800@sequestered.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Corey Chandler skrev: > Roger Olofsson wrote: >> >> >> Corey Chandler skrev: >>> Nerius Landys wrote: >>>> Thank you all for your suggestions. This will be a project for me >>>> over the holidays. I decided to go the standalone wireless router >>>> approach. >>> Good man! >>>> I will need to figure out how to configure my standalone >>>> wireless router to "pass everything through" to the internal LAN that >>>> I already have. >>> It's called "Bridge mode" on most APs-- it does exactly what you >>> describe. Just make sure things like "DHCP server" are turned off or >>> you'll see some... odd breakages. >>>> Also I don't know too much about security, like how >>>> to prevent eavesdroppers from connecting to my internal network. One >>>> of you mentioned access lists, and I assume that means I tell the >>>> wireless router which MAC addresses it accepts, and nothing else. >>> Ugh. MAC addresses are trivial to spoof-- I usually don't bother >>> with using them for security, although I do use 'em to ensure that >>> particular machines always inherit particular addresses. >>> >>>> Is there any other way to provide security? Like a password-protected >>>> network? What are the buzzwords for these security schemes? Which >>>> security scheme do you recommend for preventing random people within >>>> proximity from connecting to my internal netowrk? >>>> >>> >>> Absolutely. Google for WPA or WPA2; WEP has been broken and is >>> trivial to bruteforce, so I'd not bother with that. >>> >>> Once you get the unit in, feel free to email me off list for >>> configuration questions; it sounds like a fun project! >>> >>> -- CJC >>> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to >>> "freebsd-questions-unsubscribe@freebsd.org" >>> >>> >>> ------------------------------------------------------------------------ >>> >>> >>> No virus found in this incoming message. >>> Checked by AVG - http://www.avg.com Version: 8.0.176 / Virus >>> Database: 270.10.0/1861 - Release Date: 2008-12-22 11:23 >>> >> >> Hello Corey, >> >> I don't use 'bridge mode'. I set a normal LAN ip for the wifi router - >> as well as ips to the FreeBSD gateway and dns. This is for the LAN >> part of the router - then another internal LAN ip for the wifi part. >> >> To examplify. >> >> Wifi router LAN part - ip 192.168.0.20, gateway 192.168.0.1, dns >> 192.168.0.10 and 192.168.0.11. >> >> Wifi wifi part - network 10.0.0.1 - 10.0.0.10. > The problem with doing that is a lot of systems start throwing weird > errors in a double NAT environment. I'd probably avoid that step and > restrict wireless to its own VLAN if I were to go that route... > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > ------------------------------------------------------------------------ > > > No virus found in this incoming message. > Checked by AVG - http://www.avg.com > Version: 8.0.176 / Virus Database: 270.10.0/1865 - Release Date: 2008-12-26 13:01 > Hello Corey, There is no double NAT involved. /Roger
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?495686E2.8090702>