[Fedora] Re: Wireless Access Point

Ashley M. Kirchner ashley at pcraft.com
Mon Sep 24 18:30:53 UTC 2007 

Craig White wrote:
> generally the preferred method is to require a VPN to connect the LAN
> through a wireless system given the security implications of wireless.
>   
    I can't enforce that on all of our clients.  Some of them barely 
know how to properly turn off their computers...

> that notwithstanding though, if you use a dhcp server OTHER than the
> Linksys device, you can assign a useless gateway address to specific
> clients which in effect would not allow them to get to any network other
> than the network which they can directly access
    Of course, I didn't think of DHCP.  Yes, the Linux server would be 
running DHCP and the WAP would get it's IP from that.  I just need to 
figure out how to tell it to have connecting clients fetch an IP from 
the linux server once I turn off it's internal DHCP.

    This whole thing is probably more convoluted than it really needs to 
be but the gist of it is, when someone walks in with their laptop, we 
want them to be able to connect to the WAP and only able to see one 
single network drive (which is on the same Linux server) so they can 
drop files for us.  The server itself is also connected to our internal 
network so our internal machines can get to it as well, however the WAP 
can't go "through" the server and see our internal network.

    However, if one of our employees were to bring in their laptop, they 
can connect to the same WAP and would be able to see everything 
"through" that server and access everything on the network (and 
internet.)  So there's some configuration that I need to figure out on 
the linux server to start with.  On the one hand, if an unknown client 
connects, issue a dummy IP that won't have any network routing, but that 
would still allow a local drive to be "seen" on that dummy network, and 
if a known client connects, issue a valid (internal) IP so they can 
work.  Hrm.  I wonder if the server itself also need to have a dummy IP 
so it can communicate with whatever dummy IP gets issued...

-- 
W | It's not a bug - it's an undocumented feature.
  +--------------------------------------------------------------------
  Ashley M. Kirchner <mailto:ashley at pcraft.com>   .   303.442.6410 x130
  IT Director / SysAdmin / Websmith             .     800.441.3873 x130
  Photo Craft Imaging                       .     3550 Arapahoe Ave. #6
  http://www.pcraft.com ..... .  .    .       Boulder, CO 80303, U.S.A.

More information about the users mailing list