Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 27 Dec 2008 21:51:23 -0300
From:      Mario Lobo <mlobo@digiart.art.br>
To:        freebsd-questions@freebsd.org
Subject:   Re: Wireless router?
Message-ID:  <200812272151.23605.mlobo@digiart.art.br>
In-Reply-To: <495686E2.8090702@telia.com>
References:  <560f92640812221349y683a7cbhce8ae0f22a8bedf0@mail.gmail.com> <495680E9.7070800@sequestered.net> <495686E2.8090702@telia.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday 27 December 2008 16:49:54 Roger Olofsson wrote:
> Corey Chandler skrev:
> > Roger Olofsson wrote:
> >> Corey Chandler skrev:
> >>> Nerius Landys wrote:
> >>>> Thank you all for your suggestions.  This will be a project for me
> >>>> over the holidays.  I decided to go the standalone wireless router
> >>>> approach.
> >>>
> >>> Good man!
> >>>
> >>>> I will need to figure out how to configure my standalone
> >>>> wireless router to "pass everything through" to the internal LAN that
> >>>> I already have.
> >>>
> >>> It's called "Bridge mode" on most APs-- it does exactly what you
> >>> describe.  Just make sure things like "DHCP server" are turned off or
> >>> you'll see some... odd breakages.
> >>>
> >>>> Also I don't know too much about security, like how
> >>>> to prevent eavesdroppers from connecting to my internal network.  One
> >>>> of you mentioned access lists, and I assume that means I tell the
> >>>> wireless router which MAC addresses it accepts, and nothing else.
> >>>
> >>> Ugh.  MAC addresses are trivial to spoof-- I usually don't bother
> >>> with using them for security, although I do use 'em to ensure that
> >>> particular machines always inherit particular addresses.
> >>>
> >>>> Is there any other way to provide security?  Like a password-protected
> >>>> network?  What are the buzzwords for these security schemes?  Which
> >>>> security scheme do you recommend for preventing random people within
> >>>> proximity from connecting to my internal netowrk?
> >>>
> >>> Absolutely.  Google for WPA or WPA2; WEP has been broken and is
> >>> trivial to bruteforce, so I'd not bother with that.
> >>>
> >>> Once you get the unit in, feel free to email me off list for
> >>> configuration questions; it sounds like a fun project!
> >>>
> >>> -- CJC
> >>> _______________________________________________
> >>> freebsd-questions@freebsd.org mailing list
> >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> >>> To unsubscribe, send any mail to
> >>> "freebsd-questions-unsubscribe@freebsd.org"
> >>>
> >>>
> >>> -----------------------------------------------------------------------
> >>>-
> >>>
> >>>
> >>> No virus found in this incoming message.
> >>> Checked by AVG - http://www.avg.com Version: 8.0.176 / Virus
> >>> Database: 270.10.0/1861 - Release Date: 2008-12-22 11:23
> >>
> >> Hello Corey,
> >>
> >> I don't use 'bridge mode'. I set a normal LAN ip for the wifi router -
> >> as well as ips to the FreeBSD gateway and dns. This is for the LAN
> >> part of the router - then another internal LAN ip for the wifi part.
> >>
> >> To examplify.
> >>
> >> Wifi router LAN part - ip 192.168.0.20, gateway 192.168.0.1, dns
> >> 192.168.0.10 and 192.168.0.11.
> >>
> >> Wifi wifi part - network 10.0.0.1 - 10.0.0.10.
> >
> > The problem with doing that is a lot of systems start throwing weird
> > errors in a double NAT environment.   I'd probably avoid that step and
> > restrict wireless to its own VLAN if I were to go that route...
> > _______________________________________________
> > freebsd-questions@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> > "freebsd-questions-unsubscribe@freebsd.org"
> >
> >
> > ------------------------------------------------------------------------
> >
> >
> > No virus found in this incoming message.
> > Checked by AVG - http://www.avg.com
> > Version: 8.0.176 / Virus Database: 270.10.0/1865 - Release Date:
> > 2008-12-26 13:01
>
> Hello Corey,
>
> There is no double NAT involved.
>
> /Roger
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"

That's correct. I have a D-link WBR-1310 here at home. Don't know if it's a 
bad or hip piece. I only know it was inside my budget and it does its job 
perfectly. 

Like I said on my first post to this thread, The WAN port is not used, hence 
no NAT inside the unit. Configured its LAN port ip with one of my LAN, 
plugged it to the switch, enabled WAP2 and assign a free LAN ip to any 
wireless device I want to allow on our home (plus the WAP key, of 
course).Voila, access point.

IF DHCP is wanted, I can use the unit's own but since its only one laptop I 
assigned a static IP to it.

The only NAT happens on the freebsd machine.

Don't know about the reputation of the Linksys WRT54GL. The only one I've 
tried I borrowed from a friend and worked very nicely also.
-- 
Mario Lobo
http://www.mallavoodoo.com.br
FreeBSD since version 2.2.8 [not Pro-Audio.... YET!!] (99,7% winedows FREE)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200812272151.23605.mlobo>