[ previous ] [ next ] [ threads ]
 From:  "Chris Bagnall" <m0n0wall at minotaur dot cc>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] feature request: dhcp before pptp
 Date:  Mon, 2 Aug 2004 20:24:49 +0100
> I'm debating doing this exact process on my WLAN so that I 
> don't have to worry about WEP anymore.  I'll allow access via 
> PPTP or through a captive portal.  PPTP, so that I can 
> configure my PC to automatically login.  Captive portal for 
> any time we have a temporary PC connected (Visitor bringing a 
> laptop) and don't want to bother with PPTP.

> Can anyone see any downsides to this configuration?

I have a Squid box set up within the LAN for precisely this purpose. A
visitor can get net access only via a proxy, not out to the net directly.  I
think this is wise, since it:

1) limits the visitor to browsing *web* sites, not generally downloading all
sorts of rubbish using <insert choice of P2P app here>

2) prevents any virus the user may/may not have from spreading out onto the
net, since they're limited to HTTP traffic on specific ports.

I'd go a step further and firewall off your PC's wireless LAN link, but
*not* firewall off your VPN tunnel. That should prevent you from being
infected by dodgy clients on the WLAN, but still allow you to access
whatever you need to access when logged in via PPTP.


C.M. Bagnall, Partner, Minotaur
Tel: 07010 710715   Mobile: 07811 332969
ICQ: 13350579   MSN: minotauruk at hotmail dot com   AIM: MinotaurUK   Y!:
This email is made from 100% recycled electrons.