Felix Schmid wrote:
> Indeed I never thought about this!! Great idea!
Well, with cheap but still quite good wireless gear available, you
definitely have to consider the possibility. I'd hazard a guess that
it's faster and more reliable than using a wireless card in a 4501 with
> Btw in what way would monowall be configured in a scenario like this?
> WLAN clients should be able to access the internet, but from my
> (wlan-connected) laptop I would also like to be able to access my home
> network (but other potential users of the AP should not). Can I restrict
You connect the AP to the optional interface on your 4501, crossover
cable or something. Use a separate subnet on OPT1 and also turn on DHCP
(or use the DHCP server of your AP). Add a rule to pass traffic on
interface OPT1, protocol any, from OPT1 subnet, to *not* LAN (I assume
you have no other optional interfaces, so that will suffice). The AP can
be left wide open if you want anybody in range to be able to access the
Internet. Otherwise, turn on WEP (or, even better, WPA if you can) on
your access point.
> access to the AP? (Sorry, I am new to wlan - but I suppose that is what
> PPTP is there for?) Will the traffic between wlan clients and monowall
> be encrypted (and if so, is this done using WEP or what else; is it
Yes, do use PPTP VPN for the tunnel to your LAN. It will give you
end-to-end encryption, so no other wireless users (even if they know the
WEP/WPA key) can sniff the tunneled data. If you use WEP/WPA, people who
don't know the key will not be able to read any data (not even Internet
traffic that doesn't go through the VPN tunnel).