[ previous ] [ next ] [ threads ]
 
 From:  Sven Brill <madde at gmx dot net>
 To:  Michael Lenaghan <michaell at dazzit dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Wireless access point on ethernet card
 Date:  Mon, 10 Sep 2007 20:50:14 -0400
Michael Lenaghan wrote:
>
> My intention was to plug a wireless access point--a Linksys WAP54Gv3
> to be precise--into one of the cards. For the time being I want to
> bridge my LAN with my wireless LAN and let traffic flow freely between
> them. (Later on I may want to separate the two networks; that's why
> the hardware is set up the way it is.) 

Good idea. I have this setup at home, and I block everything on the 
wireless network except OpenVPN, so I don't even have to bother with WEP 
or WPA (my old linksys WAP11 actually slows down dramatically if I turn 
on WEP).
> In particular, I would like to
> assign IP addresses from the DHCP server on my LAN; along with the
> address will come other network config info, including my LAN's DNS
> server address and WINS server address and such.
>
> First, is it correct or incorrect to give both cards an address on the
> same subnet?
>   
neither, I believe it can be done, but it is really, really bad network 
design and might come back to bite you. You should avoid this if at all 
possible. Give the wireless segment its own subnet.

> Second, if it is correct will two cards on the same subnet
> automatically bridge, or would I still have to specifically bridge
> them?
>   
They would not bridge automatically.,
> (I'm assuming that I specifically want to bridge *somehow* in order to
> get the DHCP and WINS packets moving across the cards.)
>   
no, you can set up a WINS server in the DHCP options that the clients on 
the wireless side will use, you just have to allow the traffic. See the 
options under DHCP server, you have a tab for each interface. on both 
interfaces (LAN and OPT1) give it the WINS server on the LAN and allow 
the traffic. Remember that, by default, NO traffic is allowed from OPT1, 
so you have to allow it specifically.

Hope it helps.

Sven