[Fedora] Re: Wireless Access Point

Karl Larsen k5di at zianet.com
Mon Sep 24 19:30:50 UTC 2007 

Ashley M. Kirchner wrote:
> Craig White wrote:
>> generally the preferred method is to require a VPN to connect the LAN
>> through a wireless system given the security implications of wireless.
>>   
>    I can't enforce that on all of our clients.  Some of them barely 
> know how to properly turn off their computers...
>
>> that notwithstanding though, if you use a dhcp server OTHER than the
>> Linksys device, you can assign a useless gateway address to specific
>> clients which in effect would not allow them to get to any network other
>> than the network which they can directly access
>    Of course, I didn't think of DHCP.  Yes, the Linux server would be 
> running DHCP and the WAP would get it's IP from that.  I just need to 
> figure out how to tell it to have connecting clients fetch an IP from 
> the linux server once I turn off it's internal DHCP.
>
>    This whole thing is probably more convoluted than it really needs 
> to be but the gist of it is, when someone walks in with their laptop, 
> we want them to be able to connect to the WAP and only able to see one 
> single network drive (which is on the same Linux server) so they can 
> drop files for us.  The server itself is also connected to our 
> internal network so our internal machines can get to it as well, 
> however the WAP can't go "through" the server and see our internal 
> network.
>
>    However, if one of our employees were to bring in their laptop, 
> they can connect to the same WAP and would be able to see everything 
> "through" that server and access everything on the network (and 
> internet.)  So there's some configuration that I need to figure out on 
> the linux server to start with.  On the one hand, if an unknown client 
> connects, issue a dummy IP that won't have any network routing, but 
> that would still allow a local drive to be "seen" on that dummy 
> network, and if a known client connects, issue a valid (internal) IP 
> so they can work.  Hrm.  I wonder if the server itself also need to 
> have a dummy IP so it can communicate with whatever dummy IP gets 
> issued...
>
    I think of just one sure way to do it. You need 2 routers, one that 
has no WiFi service but is where the Internet arrives, say a DSL modem 
and they often have a router in them.

    Then you have another router like my D-Link DI-524 which has the 
WiFi port.

    You connect the Internet to the DI-524 to the DSL router with a 
cable. On the DSL router you have a password required for access to that 
port.

    All the users on the WiFi system can talk to each other and it's a 
good idea they have a password to get WiFi as well. This is easy on the 
DI-524.

    A problem is that when a user opens up the Internet port other WiFi 
users can also see the Internet. I see no fix for this.



-- 

	Karl F. Larsen, AKA K5DI
	Linux User
	#450462   http://counter.li.org.

More information about the users mailing list