using a wireless card w/ linux router / firewall

Tim Writer tim-s/rLXaiAEBtBDgjK7y7TUQ at public.gmane.org
Thu Sep 15 04:30:57 UTC 2005 

James Knott <james.knott-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org> writes:

> Chris Friedt wrote:
> > Hello Everyone, 
> > 
> > I've had a great linux system for the last few years (aside from my
> > desktop) that acts as a router and firewall for my home network.
> > Recently I've been tempted to install a wireless card in so that any of
> > my friends with laptops could just come in, and i wouldn't have to fish
> > around for extra cables if they needed to get connected.
> > 
> > I'm guessing that my current dhcp service only needs to be reconfigured
> > to listen on the new interface. I'm most likely only going to have 1 or
> > 2 ip addresses available that don't authenticate based on MAC address as
> > well, and if necessary have 1 or 2 for myself when i eventually get a
> > laptop or mobile of some kind.
> > 
> > What I'm concerned with are the security aspects of the protocol - are
> > there kernel features already built-in for WPA-PSK, AES, and other
> > standards? I know that WEP has been long-cracked, so I am most likely
> > not going to use that for encryption / authentication.
> > 
> > Also, can anyone recommend a good PCI 802.11 card that can withstand
> > being on 24 / 7 for an extended period of time? Does anyone else have a
> > similar set-up in their homes / offices?
> 
> You might want to try what I have here.  I've connected one of those
> cheap WiFi routers, to a 3rd NIC in my firewall.  IPtables can be
> configured to allow full access to the internet, while blocking all but
> VPN or SSH access to your local systems.  The router also provides it's
> own DHCP server.  I also have WEP enabled, though WPA is available.

That's fine but does open you up to the potential for abuse of your Internet
connection. If you're concerned, you might consider running nocat
(http://www.nocat.net) on your firewall to restrict Internet access to
authenticated users.

-- 
tim writer <tim-s/rLXaiAEBtBDgjK7y7TUQ at public.gmane.org>                                  starnix inc.
647.722.5301                                      toronto, ontario, canada
http://www.starnix.com              professional linux services & products
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list