From owner-freebsd-questions@FreeBSD.ORG Sat Dec 27 19:50:02 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CD7F3106564A for ; Sat, 27 Dec 2008 19:50:02 +0000 (UTC) (envelope-from 240olofsson@telia.com) Received: from av12-2-sn2.hy.skanova.net (av12-2-sn2.hy.skanova.net [81.228.8.186]) by mx1.freebsd.org (Postfix) with ESMTP id 600E18FC23 for ; Sat, 27 Dec 2008 19:50:02 +0000 (UTC) (envelope-from 240olofsson@telia.com) Received: by av12-2-sn2.hy.skanova.net (Postfix, from userid 502) id F3E05399C2; Sat, 27 Dec 2008 20:50:00 +0100 (CET) Received: from smtp4-1-sn2.hy.skanova.net (smtp4-1-sn2.hy.skanova.net [81.228.8.92]) by av12-2-sn2.hy.skanova.net (Postfix) with ESMTP id 930F6399BC; Sat, 27 Dec 2008 20:50:00 +0100 (CET) Received: from [192.168.1.31] (90-227-65-237-no41.tbcn.telia.com [90.227.65.237]) by smtp4-1-sn2.hy.skanova.net (Postfix) with ESMTP id D392337E46; Sat, 27 Dec 2008 20:49:59 +0100 (CET) Message-ID: <495686E2.8090702@telia.com> Date: Sat, 27 Dec 2008 20:49:54 +0100 From: Roger Olofsson <240olofsson@telia.com> User-Agent: Thunderbird 2.0.0.18 (Windows/20081105) MIME-Version: 1.0 To: Corey Chandler References: <560f92640812221349y683a7cbhce8ae0f22a8bedf0@mail.gmail.com> <4950245D.5090006@telia.com> <49502764.10405@sequestered.net> <560f92640812221631l777631eaga00687a7e3dafe77@mail.gmail.com> <49503F7D.8060805@sequestered.net> <4950EAD1.6070802@telia.com> <495680E9.7070800@sequestered.net> In-Reply-To: <495680E9.7070800@sequestered.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: raggen@raggens.net, freebsd-questions@freebsd.org, Nerius Landys Subject: Re: Wireless router? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: raggen@raggens.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Dec 2008 19:50:03 -0000 Corey Chandler skrev: > Roger Olofsson wrote: >> >> >> Corey Chandler skrev: >>> Nerius Landys wrote: >>>> Thank you all for your suggestions. This will be a project for me >>>> over the holidays. I decided to go the standalone wireless router >>>> approach. >>> Good man! >>>> I will need to figure out how to configure my standalone >>>> wireless router to "pass everything through" to the internal LAN that >>>> I already have. >>> It's called "Bridge mode" on most APs-- it does exactly what you >>> describe. Just make sure things like "DHCP server" are turned off or >>> you'll see some... odd breakages. >>>> Also I don't know too much about security, like how >>>> to prevent eavesdroppers from connecting to my internal network. One >>>> of you mentioned access lists, and I assume that means I tell the >>>> wireless router which MAC addresses it accepts, and nothing else. >>> Ugh. MAC addresses are trivial to spoof-- I usually don't bother >>> with using them for security, although I do use 'em to ensure that >>> particular machines always inherit particular addresses. >>> >>>> Is there any other way to provide security? Like a password-protected >>>> network? What are the buzzwords for these security schemes? Which >>>> security scheme do you recommend for preventing random people within >>>> proximity from connecting to my internal netowrk? >>>> >>> >>> Absolutely. Google for WPA or WPA2; WEP has been broken and is >>> trivial to bruteforce, so I'd not bother with that. >>> >>> Once you get the unit in, feel free to email me off list for >>> configuration questions; it sounds like a fun project! >>> >>> -- CJC >>> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to >>> "freebsd-questions-unsubscribe@freebsd.org" >>> >>> >>> ------------------------------------------------------------------------ >>> >>> >>> No virus found in this incoming message. >>> Checked by AVG - http://www.avg.com Version: 8.0.176 / Virus >>> Database: 270.10.0/1861 - Release Date: 2008-12-22 11:23 >>> >> >> Hello Corey, >> >> I don't use 'bridge mode'. I set a normal LAN ip for the wifi router - >> as well as ips to the FreeBSD gateway and dns. This is for the LAN >> part of the router - then another internal LAN ip for the wifi part. >> >> To examplify. >> >> Wifi router LAN part - ip 192.168.0.20, gateway 192.168.0.1, dns >> 192.168.0.10 and 192.168.0.11. >> >> Wifi wifi part - network 10.0.0.1 - 10.0.0.10. > The problem with doing that is a lot of systems start throwing weird > errors in a double NAT environment. I'd probably avoid that step and > restrict wireless to its own VLAN if I were to go that route... > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > ------------------------------------------------------------------------ > > > No virus found in this incoming message. > Checked by AVG - http://www.avg.com > Version: 8.0.176 / Virus Database: 270.10.0/1865 - Release Date: 2008-12-26 13:01 > Hello Corey, There is no double NAT involved. /Roger