[ previous ] [ next ] [ threads ]
 
 From:  "Marc A. Runkel" <marc at tiosky dot com>
 To:  "Chris Taylor" <chris at x dash bb dot org>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Linksys/Netgear APs?
 Date:  Mon, 9 Jan 2006 09:48:25 -0800
Chris, 

The Access Points you list are both bridges.  As such, they should have
the same subnet on their WLANs as on the LAN side.

Maybe I'm misunderstanding you.  How many ports are enabled on your
Monowall? 2 or 3.

The simplest setup would be:

WAN <-> MonoWall <-> LAN ------------------------------
                                 |                  |
                            Wired Client PCs       APs
                                                    |
                                                  Wireless
                                                   Clients

Where the LAN is 192.168.8.0/24

If you wish to segment the wireless traffic, you'll need to:

WAN <-> MonoWall <-> LAN - Wired PCs
           ^
           |
           V
          WLAN
            |
           APs
            |
           Wireless
           Clients


LAN = 192.168.8.0/24   WLAN = 192.168.2.0/24

Assign your APs IPs in the WLAN subnet, and create firewall rules that
allow LAN -> WAN, LAN->WLAN, and WLAN->WAN traffic.

Then you should be able to access your APs from the LAN, but the LAN is
protected from the WLAN.

m.

-----Original Message-----
From: Chris Taylor [mailto:chris at x dash bb dot org] 
Sent: Monday, January 09, 2006 8:50 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Linksys/Netgear APs?

Hi,

I've got a client who's having a bit of a weird problem with some access

points. He has a couple of Linksys WAP54Gs and also some Netgear WG602s.

The APs are on his OPT1/WLAN interface and captive portal users can gain

access through them without trouble. He's running 1.21 (generic-pc) with

no other issues (well, PPTP isn't working but forget that...) Traffic 
shaping is in use for LAN > WAN and WLAN > WAN. There are very few 
firewall rules in use, especially on the LAN side, where there is a 
clear LAN -> any rule taking precedence.

The issue is that he cannot access the AP's setup pages from his LAN. 
 From m0n0wall's Ping page, if you set the interface to WLAN and ping an

AP, it works fine. From any client PC on the LAN, you can't get to any 
of the APs. However, there's a printer located on the WLAN (intended for

LAN use) and this works fine. There are specific rules to allow this and

even adding similar/identical rules for the APs changes nothing.

I'm really at a loss here; I've looked over the entire config, tried 
rebooting each item etc - with no luck. The only thing that seems even 
vaguely plausible is that maybe the APs won't accept traffic from an 
address in a different subnet (WLAN is 192.168.2.x/24, LAN is 
192.168.8.x/24) but the client assures me he could get to his APs when 
he used IPCop before.

I suppose the first question is: If I have a firewall rule permitting 
any traffic from the LAN subnet (any protocol, SP, destination, EP), 
should I be able to ping things on my WLAN subnet? There are no Block 
rules whatsoever on the LAN interface so I'd have thought so.

Any help would be greatly appreciated, this is baffling me! :(

Chris Taylor

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch