|
||||||||||
Felix Schmid wrote: > Indeed I never thought about this!! Great idea! Well, with cheap but still quite good wireless gear available, you definitely have to consider the possibility. I'd hazard a guess that it's faster and more reliable than using a wireless card in a 4501 with m0n0wall. > Btw in what way would monowall be configured in a scenario like this? > WLAN clients should be able to access the internet, but from my > (wlan-connected) laptop I would also like to be able to access my home > network (but other potential users of the AP should not). Can I restrict You connect the AP to the optional interface on your 4501, crossover cable or something. Use a separate subnet on OPT1 and also turn on DHCP (or use the DHCP server of your AP). Add a rule to pass traffic on interface OPT1, protocol any, from OPT1 subnet, to *not* LAN (I assume you have no other optional interfaces, so that will suffice). The AP can be left wide open if you want anybody in range to be able to access the Internet. Otherwise, turn on WEP (or, even better, WPA if you can) on your access point. > access to the AP? (Sorry, I am new to wlan - but I suppose that is what > PPTP is there for?) Will the traffic between wlan clients and monowall > be encrypted (and if so, is this done using WEP or what else; is it > secure)? Yes, do use PPTP VPN for the tunnel to your LAN. It will give you end-to-end encryption, so no other wireless users (even if they know the WEP/WPA key) can sniff the tunneled data. If you use WEP/WPA, people who don't know the key will not be able to read any data (not even Internet traffic that doesn't go through the VPN tunnel). HTH, Manuel |