[ previous ] [ next ] [ threads ]
 From:  "Nicolas Bussieres" <nicolasb at altaspectra dot com>
 To:  "Andy Holyer" <andyh at hhbb dot co dot uk>, "'m0n0wall'" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Advice please: Configuration for wireless-acessible Monowall
 Date:  Thu, 26 Aug 2004 09:19:08 -0400
well , why dont you just accept port 443(hhtps) or 80(http) on wan side of
te firewall(wireless interface) . im doing this for a few special client on
our wireless network and it works very well . this will allow remote access

-----Message d'origine-----
De : Andy Holyer [mailto:andyh at hhbb dot co dot uk]
Envoye : jeudi, aout 26, 2004 09:06
A : 'm0n0wall'
Objet : [m0n0wall] Advice please: Configuration for wireless-acessible

I've been lurking here for a few weeks, but I haven't seen exactly what
I need come up. My boss is now shouting, so I don't really have time
for much experimentation. Here's what I want to have:

We supply Internet to remote locations beyond the reach of wired DSL,
using Soekris and Wrap routers and rooftop antennas. We have
experimented with using Monowall, but suffer from the problem that the
web interface is blocked to the wireless connection. Since the boxes
are widely spread over the countryside (and sometimes in inaccessible
places, such as up poles) we need to be able to remotely administer

I've seen some mention of setting up an IPSEC pipe to the box and then
fetching web pages from that. That has some appeal - I already use
openVPN to allow our monitor pages to be seen from home or when out in
the field.

I've been administering unix boxes for nearly 20 years but I've only
been playing with routing etc. for the last couple of months, and IPSec
is new to me, too. To complicate matters many of our boxes are on the
private interfaces of their peers who relay the signal to them,
sometimes 6 or seven layers, so you can't route to them directly. You
have to log onto the box in front of them in the network, and then open
a client to get to them.

Any advice on how I should proceed (examples or pointers to tutorials
would be good too) would be warmly welcomed.

Our main servers run FreeBSD 5.x, by the way.

Thanks in Advance,
Andy Holyer, Technical stuff
Hedgehog Broadband, 11 Marlborough Place Brighton BN1 1UB
08451 260895 x 241

To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch