[ previous ] [ next ] [ threads ]
 
 From:  Alex Neuman van der Hans <alex at nkpanama dot com>
 To:  David Rando <david at davidrando dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Configuracion wireless en monowall
 Date:  Mon, 22 May 2006 12:06:48 -0500
I've set up a few. Definitely your best shot would be to use m0n0 for 
your firewall/routing needs, along with a bit of traffic shaping. I'd 
block outgoing port 25 to prevent abuse (and let your clients know that 
they should use a VPN or some other port). By using the "ap isolation" 
feature your clients wouldn't be able to see each other.

If your m0n0's lan connection is set to, for example, 192.168.20.1, you 
could set your AP to 192.168.20.2 and disable DHCP on it, and hook up 
one of the lan ports on the wrt to the m0n0's lan port. Some people 
might argue that it would be even better to set it to something else, 
like 10.0.0.1, and only switch your PC's address to 10.0.0.2 to log onto 
it and make changes. Depends on how paranoid you are.

Hotels are good candidates for implementing the captive portal function, 
as well.

David Rando wrote:
> Sorry guys if i spoke in spanish, i did because i thought it wouldn't 
> bother
> anyone ;-) (and to reply the people who talked in spanish too).
>
> I have to mount a big wifi network in a hotel, and that question came 
> to my
> mind. As I see, the AP insolation is a good solution for that (and the 
> best
> for me because i'm mounting linksys AP WRT54GL btw).
>
> I'll try the VLAN thingy too. I don't know what i does, but if it's a
> solution it's worth to do, not always have the chance to mount good aps.
>
> Thanks guys for your replys.
>
> 2006/5/22, Alex Neuman van der Hans <alex at nkpanama dot com>:
>>
>> Oh, and by the way, you may want to post your messages in both languages
>> if your English skills are not too good. That way people can try to help
>> and/or translate responses for you.
>>




>>
>> Saludos / Cheers,
>>
>> Alex
>>
>> Alex Neuman van der Hans wrote:
>> > Alex Neuman van der Hans wrote:

>> >> misma red.
>> >>
>> >> Por ejemplo, puedes impedir que hagan broadcasts de 192.168.1.1 a

>> >> dentro de la misma red y del mismo alambre).
>> >>
>> >> De no saber el IP puedes usar el "angry ip scanner" (googlealo y lo
>> >> puedes bajar) para saber, entre otras cosas, el nombre del recurso


>> > For the benefit of the other 60% of the US (those who can't process
>> > spanish), this is basically a discussion about isolating specific
>> > users from the rest of the network, which can probably be done through
>> > VLANs (not that I have any idea how to do it). Somebody asked if
>> > blocking netbios broadcasts would work, and I replied that you can
>> > prevent broadcasts *across* networks, not *within* a network.
>> >
>> > There *is* an option, if you want to isolate your wifi clients, to do
>> > such a thing. It's called "AP Isolation" or something, and it's
>> > available in most linksys wifi routers/AP's. Dunno if it's available
>> > in others, though.
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
>