|
||||||||||
On May 1, 2005, at 10:14 PM, Peter Allgeyer wrote: > Hi Jim! > > Am Sonntag, den 01.05.2005, 12:31 -1000 schrieb Jim Thompson: >> On Apr 30, 2005, at 10:32 PM, Brian wrote: >>> I actually prefer using an access point as opposed to integrated wifi >>> drivers anyway, this allows you to focus on, umm, building a >>> firewall?? >> >> But it makes it more difficult to do things like open a firewall rule >> for any authenticated wireless STA. > > Sorry for asking, but I can't agree to your assertion. Can you please > be > more specific on this point? Suppose you were to create a system that, using 802.1x or (better) WPA, or (still better) WPA2 (aka 802.11i) on the stand-alone AP, but you want the authentication (when successful) to open a little 'path' through the firewall for that AP. On the AP, you don't know: 1) The IP address 2) where the 'router' (firewall) might be 3) what communication protocol (if any) is used between the AP(s!!) and the m0n0wall firewall. 4) several other things. For instance, the AP might not have routing information sufficient to reach the firewall. 5) etc Were you to combine the AP with the firewall, then you could (easily) closely couple the two. Further, you would know when the "AP" (now integrated) de-authenticated or disassociated the STA(tion), and could then *close* that same path through the firewall. Further, there are other uses for 802.11 cards than associating with an AP. Consider adhoc routing, (aka 'mesh') for example. At the end of the day, 802.11 and m0n0 are both just technology, and you can assemble and exploit them as you wish. If you prefer to use a standalone AP, thats cool by me. I'd like to have the option to do it 'my way' too. Manuel's reasoning for the move back to 4.11 for the mono-1.2 series is just. I, for one, will continue to forge ahead with 5.4 and 6.0. jim |