[ previous ] [ next ] [ threads ]
 
 From:  Chris Taylor <chris at x dash bb dot org>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Linksys/Netgear APs?
 Date:  Mon, 09 Jan 2006 17:50:31 +0000
My setup is as your second diagram, firewall rules and all...

Using 3 ports on m0n0wall (WAN/LAN/WLAN). As I stated, aside from 
accessing the APs directly, it ALL works fine.

Chris

Marc A. Runkel wrote:
> Chris, 
> 
> The Access Points you list are both bridges.  As such, they should have
> the same subnet on their WLANs as on the LAN side.
> 
> Maybe I'm misunderstanding you.  How many ports are enabled on your
> Monowall? 2 or 3.
> 
> The simplest setup would be:
> 
> WAN <-> MonoWall <-> LAN ------------------------------
>                                  |                  |
>                             Wired Client PCs       APs
>                                                     |
>                                                   Wireless
>                                                    Clients
> 
> Where the LAN is 192.168.8.0/24
> 
> If you wish to segment the wireless traffic, you'll need to:
> 
> WAN <-> MonoWall <-> LAN - Wired PCs
>            ^
>            |
>            V
>           WLAN
>             |
>            APs
>             |
>            Wireless
>            Clients
> 
> 
> LAN = 192.168.8.0/24   WLAN = 192.168.2.0/24
> 
> Assign your APs IPs in the WLAN subnet, and create firewall rules that
> allow LAN -> WAN, LAN->WLAN, and WLAN->WAN traffic.
> 
> Then you should be able to access your APs from the LAN, but the LAN is
> protected from the WLAN.
> 
> m.
> 
> -----Original Message-----
> From: Chris Taylor [mailto:chris at x dash bb dot org] 
> Sent: Monday, January 09, 2006 8:50 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] Linksys/Netgear APs?
> 
> Hi,
> 
> I've got a client who's having a bit of a weird problem with some access
> 
> points. He has a couple of Linksys WAP54Gs and also some Netgear WG602s.
> 
> The APs are on his OPT1/WLAN interface and captive portal users can gain
> 
> access through them without trouble. He's running 1.21 (generic-pc) with
> 
> no other issues (well, PPTP isn't working but forget that...) Traffic 
> shaping is in use for LAN > WAN and WLAN > WAN. There are very few 
> firewall rules in use, especially on the LAN side, where there is a 
> clear LAN -> any rule taking precedence.
> 
> The issue is that he cannot access the AP's setup pages from his LAN. 
>  From m0n0wall's Ping page, if you set the interface to WLAN and ping an
> 
> AP, it works fine. From any client PC on the LAN, you can't get to any 
> of the APs. However, there's a printer located on the WLAN (intended for
> 
> LAN use) and this works fine. There are specific rules to allow this and
> 
> even adding similar/identical rules for the APs changes nothing.
> 
> I'm really at a loss here; I've looked over the entire config, tried 
> rebooting each item etc - with no luck. The only thing that seems even 
> vaguely plausible is that maybe the APs won't accept traffic from an 
> address in a different subnet (WLAN is 192.168.2.x/24, LAN is 
> 192.168.8.x/24) but the client assures me he could get to his APs when 
> he used IPCop before.
> 
> I suppose the first question is: If I have a firewall rule permitting 
> any traffic from the LAN subnet (any protocol, SP, destination, EP), 
> should I be able to ping things on my WLAN subnet? There are no Block 
> rules whatsoever on the LAN interface so I'd have thought so.
> 
> Any help would be greatly appreciated, this is baffling me! :(
> 
> Chris Taylor
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 
>