[Fedora] Re: Wireless Access Point
Karl Larsen
k5di at zianet.com
Mon Sep 24 19:30:50 UTC 2007
Ashley M. Kirchner wrote:
> Craig White wrote:
>> generally the preferred method is to require a VPN to connect the LAN
>> through a wireless system given the security implications of wireless.
>>
> I can't enforce that on all of our clients. Some of them barely
> know how to properly turn off their computers...
>
>> that notwithstanding though, if you use a dhcp server OTHER than the
>> Linksys device, you can assign a useless gateway address to specific
>> clients which in effect would not allow them to get to any network other
>> than the network which they can directly access
> Of course, I didn't think of DHCP. Yes, the Linux server would be
> running DHCP and the WAP would get it's IP from that. I just need to
> figure out how to tell it to have connecting clients fetch an IP from
> the linux server once I turn off it's internal DHCP.
>
> This whole thing is probably more convoluted than it really needs
> to be but the gist of it is, when someone walks in with their laptop,
> we want them to be able to connect to the WAP and only able to see one
> single network drive (which is on the same Linux server) so they can
> drop files for us. The server itself is also connected to our
> internal network so our internal machines can get to it as well,
> however the WAP can't go "through" the server and see our internal
> network.
>
> However, if one of our employees were to bring in their laptop,
> they can connect to the same WAP and would be able to see everything
> "through" that server and access everything on the network (and
> internet.) So there's some configuration that I need to figure out on
> the linux server to start with. On the one hand, if an unknown client
> connects, issue a dummy IP that won't have any network routing, but
> that would still allow a local drive to be "seen" on that dummy
> network, and if a known client connects, issue a valid (internal) IP
> so they can work. Hrm. I wonder if the server itself also need to
> have a dummy IP so it can communicate with whatever dummy IP gets
> issued...
>
I think of just one sure way to do it. You need 2 routers, one that
has no WiFi service but is where the Internet arrives, say a DSL modem
and they often have a router in them.
Then you have another router like my D-Link DI-524 which has the
WiFi port.
You connect the Internet to the DI-524 to the DSL router with a
cable. On the DSL router you have a password required for access to that
port.
All the users on the WiFi system can talk to each other and it's a
good idea they have a password to get WiFi as well. This is easy on the
DI-524.
A problem is that when a user opens up the Internet port other WiFi
users can also see the Internet. I see no fix for this.
--
Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.
More information about the users
mailing list