Re: help w/ network design

---

• From: "nsa.usa@xxxxxxxxx" <nsa.usa@xxxxxxxxx>
• Date: Thu, 26 Jul 2007 01:46:51 -0700

---

On Jul 26, 5:40 am, Ender <ender.wiggin.and...@xxxxxxxxx> wrote:

Hi,

I'm trying to design a really secure network which has both wireless
and ethernet and I was wondering if there is a common standard type
of network setup I should use.

I was thinking about something like this ...

Internet --> Firewall/Router(1) --> Access Point --> Firewall/Router(2)
--> Computers

The questions I'm wondering about are ...

1) Is it common to put 2 firewalls in a network? I did that to put
things like the access point and maybe some web servers in between,
kinda like *I think* a DMZ sort of setup

2) Is this correct to place the Access Point between these two
firewalls? My thinking here is that since I want all the data on my
ethernet to be secure, then the access point should not be on the
inside and users should come through the same front door as anyone else
(along w/ the normal authentication and authorization on the wifi).

Thanks

Firewall2 would only protect between the two segments of wireless and
ethernet, you still have the problem between each ethernet user or
each wireless user, so basically firewall2 is not much protection at
all. I would remove firewall2 and just have a switch in its place.
Between each user (on ethernet or wireless), they should each have
their own firewall (either in software or hardware). If each user is
eg. users in a lan in an office, then just configure software firewall
on each computer. If each user is to be totally untrusted (i.e. they
are clients and you have no control over what they are doing) then
each user should have a router (that you have control over) or you can
use a managed-switch in place of firewall2 that restricts access
between users, the accesspoint should in this case be of a type that
can also do this restriction.

Cheers,
Tobias

.

---

• Prev by Date: How to stream from a file using ffserver ,ffmpeg and mplayer
• Next by Date: Re: What is NAT?
• Previous by thread: How to stream from a file using ffserver ,ffmpeg and mplayer
• Next by thread: Re: help w/ network design
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Wireless Network Sharing Possibilities? ... Do you have a network card working in the 98 machine? ... That way the PC will use it's regular ethernet connection ... bridge for that one computer to the wireless network. ... (alt.internet.wireless) Re: Wireless router? ... Linksys WRT54GL isn't a half bad unit. ... There are many advantages of using a full-blown computer for (wireless) ... class = network ... subclass = ethernet ... (freebsd-questions) Re: finding connected ethernet device ... I have a laptop with an ethernet and a wireless interface. ... Thus, the script gets executed whenever I'm connecting to any network, ... (comp.os.linux.misc) Re: Two interfaces on the same network ... > ethernet, eth1 is wireless) running on uClinux. ... need to assign IP to one of the interfaces. ... > to work in the same network as I described in the previous message. ... (freebsd-net) Re: Metric or priority problem with ethernet and wireless connection ... In our company we have wireless network and ethernet wired connection. ... (microsoft.public.windowsxp.network_web)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Newsgroups  > comp.os.linux.networking  > 2007-07