[ previous ] [ next ] [ threads ]
 
 From:  Ryan Crisman <rcrisman at tentec dot com>
 To:  Rendra Basuki <rbasuki at gdincorporation dot com>
 Cc:  David Burgess <apt dot get at gmail dot com>, golddragoninc at gmail dot com, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] M0n0wall and ubiquity Unifi
 Date:  Sat, 14 May 2011 19:31:48 -0400
Also are you using the guest policy on the UniFi?

Client isolation is really simple. Wireless access points work by bridging
the
wireless port to the wired switch ports and router port. Everything
happens at the MAC address level and does not involve IP addresses,
NETBIOS over TCP/IP (also known as MS Networking). Just MAC
addresses.

The wireless bridge builds a bridging table consisting of a table of
"heard" (or sniffed) MAC addresses that appear on various ports.
There are really just 3 available ports[1]. Wireless, ethernet
switch, and router port. If the destination MAC address of a port is
shows up in the MAC address table as sitting on a specific port, only
that port gets the traffic. Broadcasts, which have no destination MAC
address are sent to all ports.

Well, it's simple enough to build a logical rule (or filter) for these
MAC addresses and ports that says:
"If the packet originates on the wireless port, it can only send
and receive packets that are destined or originate from the router
port or ethernet switch port."
Not a very complex rule, but one which totally prevents wireless
client to client traffic. Not even broadcasts will go from wireless
client to client.

[1] Actually, that's not true as each port on the 4 port ethernet
switch is considered a seperate port. However, let's make life simple
and pretent the switch section is just one port.

Ryan Crisman
MIS/IT/Webmaster Manager
Ten-Tec, Inc.
1185 Dolly Parton Parkway
Sevierville TN, 37862


On Sat, May 14, 2011 at 4:54 AM, Rendra Basuki
<rbasuki at gdincorporation dot com>wrote:

> Internal IP address for what.....
>
>
>
> I have well over 60 of these access points deployed among all my clients
> (Mostly Hotels) all use m0n0wall for the firewall
>
>
> Ryan Crisman
> MIS/IT/Webmaster Manager
> Ten-Tec, Inc.
> 1185 Dolly Parton Parkway
> Sevierville TN, 37862
>
> --> Internal IP Addresses are the addresses for our web server, m0n0wall
> server, etc (the LAN IP). I cannot access these IP Addresses. I wonder if
> there is something to do with the IP Mask being 255.255.0.0.
>
> I set the DHCP Server from m0n0wall, and the mask is 255.255.0.0. I can
> access Internet OK, but the web server and the m0n0wall server cannot be
> accessed using internal IP (LAN).
>
> Thank
>
> Rendra
>
>
>
> On Fri, May 13, 2011 at 2:05 AM, David Burgess <apt dot get at gmail dot com> wrote:
>
> On Thu, May 12, 2011 at 11:50 PM, GD Incorporation
> <golddragoninc at gmail dot com> wrote:
>
> > I have a rather annoying experience. I recently purchased a ceiling
> access
> > point Ubiquity Unifi. One thing I realize is that when I connect to the
> > ubiquity, I can access internet find, but for some reasons I do not know,
> I
> > cannot access internal IP Addresses.
>
> Do you have client isolation turned on?
>
> db
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>