Re: [Fedora] Re: Wireless Access Point



Ashley M. Kirchner wrote:
Craig White wrote:
generally the preferred method is to require a VPN to connect the LAN
through a wireless system given the security implications of wireless.
I can't enforce that on all of our clients. Some of them barely know how to properly turn off their computers...

that notwithstanding though, if you use a dhcp server OTHER than the
Linksys device, you can assign a useless gateway address to specific
clients which in effect would not allow them to get to any network other
than the network which they can directly access
Of course, I didn't think of DHCP. Yes, the Linux server would be running DHCP and the WAP would get it's IP from that. I just need to figure out how to tell it to have connecting clients fetch an IP from the linux server once I turn off it's internal DHCP.

This whole thing is probably more convoluted than it really needs to be but the gist of it is, when someone walks in with their laptop, we want them to be able to connect to the WAP and only able to see one single network drive (which is on the same Linux server) so they can drop files for us. The server itself is also connected to our internal network so our internal machines can get to it as well, however the WAP can't go "through" the server and see our internal network.

However, if one of our employees were to bring in their laptop, they can connect to the same WAP and would be able to see everything "through" that server and access everything on the network (and internet.) So there's some configuration that I need to figure out on the linux server to start with. On the one hand, if an unknown client connects, issue a dummy IP that won't have any network routing, but that would still allow a local drive to be "seen" on that dummy network, and if a known client connects, issue a valid (internal) IP so they can work. Hrm. I wonder if the server itself also need to have a dummy IP so it can communicate with whatever dummy IP gets issued...

I think of just one sure way to do it. You need 2 routers, one that has no WiFi service but is where the Internet arrives, say a DSL modem and they often have a router in them.

Then you have another router like my D-Link DI-524 which has the WiFi port.

You connect the Internet to the DI-524 to the DSL router with a cable. On the DSL router you have a password required for access to that port.

All the users on the WiFi system can talk to each other and it's a good idea they have a password to get WiFi as well. This is easy on the DI-524.

A problem is that when a user opens up the Internet port other WiFi users can also see the Internet. I see no fix for this.



--

Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list



Relevant Pages

  • RE: DDoS to microsoft sites
    ... sense that these are network aware. ... The primary difference between the two clients is that the first port scan I ... > - netbios (brute force attack on Administrator account) ... > connected to the Internet. ...
    (Incidents)
  • Re: How to add static routes to ISA Server
    ... I think that the route add should be: ... you want it to represent the whole network and also the subnet should be ... If you want to make your VPN clients like internal users, ... internal network" and "Internet access") so your VPN clients will be ...
    (microsoft.public.isa)
  • Re: Error 0x80072030 returned from call to GetBOConnector()
    ... I do not use PPoE clients on my servers. ... >the internet but the clients do not. ... I was just going to run the wizard again ... >> Generally you have one nic for the internal network. ...
    (microsoft.public.windows.server.sbs)
  • Re: [Fedora] Re: Wireless Access Point
    ... I can't enforce that on all of our clients. ... clients which in effect would not allow them to get to any network other ... I just need to figure out how to tell it to have connecting clients fetch an IP from the linux server once I turn off it's internal DHCP. ... However, if one of our employees were to bring in their laptop, they can connect to the same WAP and would be able to see everything "through" that server and access everything on the network (and internet.) So there's some configuration that I need to figure out on the linux server to start with. ...
    (Fedora)
  • Re: Linux as NAT and password access
    ... I have a linux server with iptables so my clients ... > my cliente have access to the internet. ... it saved on the clients and then you'll have the same situation like before. ... you could use a managed switch or create netfilter-rules using ...
    (comp.os.linux.misc)