From owner-freebsd-questions@FreeBSD.ORG Tue Dec 23 13:31:54 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 38CC01065676 for ; Tue, 23 Dec 2008 13:31:54 +0000 (UTC) (envelope-from 240olofsson@telia.com) Received: from av8-2-sn3.vrr.skanova.net (av8-2-sn3.vrr.skanova.net [81.228.9.184]) by mx1.freebsd.org (Postfix) with ESMTP id C22938FC1E for ; Tue, 23 Dec 2008 13:31:53 +0000 (UTC) (envelope-from 240olofsson@telia.com) Received: by av8-2-sn3.vrr.skanova.net (Postfix, from userid 502) id 713A137F7D; Tue, 23 Dec 2008 14:31:52 +0100 (CET) Received: from smtp3-1-sn3.vrr.skanova.net (smtp3-1-sn3.vrr.skanova.net [81.228.9.101]) by av8-2-sn3.vrr.skanova.net (Postfix) with ESMTP id 436E537EF6; Tue, 23 Dec 2008 14:31:52 +0100 (CET) Received: from [192.168.1.31] (90-227-65-237-no41.tbcn.telia.com [90.227.65.237]) by smtp3-1-sn3.vrr.skanova.net (Postfix) with ESMTP id D55BA37E44; Tue, 23 Dec 2008 14:31:51 +0100 (CET) Message-ID: <4950E83F.3070308@telia.com> Date: Tue, 23 Dec 2008 14:31:43 +0100 From: Roger Olofsson <240olofsson@telia.com> User-Agent: Thunderbird 2.0.0.18 (Windows/20081105) MIME-Version: 1.0 To: Nerius Landys References: <560f92640812221349y683a7cbhce8ae0f22a8bedf0@mail.gmail.com> <4950245D.5090006@telia.com> <49502764.10405@sequestered.net> <560f92640812221631l777631eaga00687a7e3dafe77@mail.gmail.com> In-Reply-To: <560f92640812221631l777631eaga00687a7e3dafe77@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Wireless router? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: raggen@raggens.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2008 13:31:54 -0000 Nerius Landys skrev: > Thank you all for your suggestions. This will be a project for me > over the holidays. I decided to go the standalone wireless router > approach. I will need to figure out how to configure my standalone > wireless router to "pass everything through" to the internal LAN that > I already have. Also I don't know too much about security, like how > to prevent eavesdroppers from connecting to my internal network. One > of you mentioned access lists, and I assume that means I tell the > wireless router which MAC addresses it accepts, and nothing else. Is > there any other way to provide security? Like a password-protected > network? What are the buzzwords for these security schemes? Which > security scheme do you recommend for preventing random people within > proximity from connecting to my internal netowrk? > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > ------------------------------------------------------------------------ > > > No virus found in this incoming message. > Checked by AVG - http://www.avg.com > Version: 8.0.176 / Virus Database: 270.10.0/1861 - Release Date: 2008-12-22 11:23 > Hello again Nerius, You have understood the MAC filtering correctly. You should also encrypt the wifi traffic by using at least WPA encryption. For most wifi routers this is a checkbox and a key or a passphrase that you enter. All clients that wants access and have their MAC address in the access list will have to enter the passphrase/key on the first connect. This means that you control the MAC address list - all new wifi devices that wants to connect to your wifi LAN needs to get added to the MAC access list - manually by you. You also control the encryption passphrase - all wifi clients that wants to connect to your wifi LAN need to know the encryption passphrase. If you use WPA for encryption you will have a higher degree of security than using the old and hackable WEP. Of course both the MAC list and the encryption key/passphrase are stored in the wifi router - so if you don't set a proper password for admin access to this one - all is lost. You should disable wireless access for admin (remote management) to it - only allow cabled access and use a good strong password. Buzzwords? I dunno - I hope people on the mailing list help me out here... Is there a better/simpler way of doing this? Greetings /Roger For a good laugh ... Enjoy Jason Dixons presentations from the BSDcon on http://www.youtube.com/watch?v=g7tvI6JCXD0&feature=channel_page or http://www.youtube.com/watch?v=mMmbjJI5su0&feature=channel_page