[ previous ] [ next ] [ threads ]
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Felix Schmid <felix at belugalounge dot net>
 Cc:  m0n0wall list <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] ath driver support for monowall
 Date:  Thu, 15 Jan 2004 21:22:57 +0100
Felix Schmid wrote:
> Indeed I never thought about this!! Great idea!

Well, with cheap but still quite good wireless gear available, you 
definitely have to consider the possibility. I'd hazard a guess that 
it's faster and more reliable than using a wireless card in a 4501 with 

> Btw in what way would monowall be configured in a scenario like this?
> WLAN clients should be able to access the internet, but from my
> (wlan-connected) laptop I would also like to be able to access my home
> network (but other potential users of the AP should not). Can I restrict

You connect the AP to the optional interface on your 4501, crossover 
cable or something. Use a separate subnet on OPT1 and also turn on DHCP 
(or use the DHCP server of your AP). Add a rule to pass traffic on 
interface OPT1, protocol any, from OPT1 subnet, to *not* LAN (I assume 
you have no other optional interfaces, so that will suffice). The AP can 
be left wide open if you want anybody in range to be able to access the 
Internet. Otherwise, turn on WEP (or, even better, WPA if you can) on 
your access point.

> access to the AP? (Sorry, I am new to wlan - but I suppose that is what
> PPTP is there for?) Will the traffic between wlan clients and monowall
> be encrypted (and if so, is this done using WEP or what else; is it
> secure)?

Yes, do use PPTP VPN for the tunnel to your LAN. It will give you 
end-to-end encryption, so no other wireless users (even if they know the 
WEP/WPA key) can sniff the tunneled data. If you use WEP/WPA, people who 
don't know the key will not be able to read any data (not even Internet 
traffic that doesn't go through the VPN tunnel).