[ previous ] [ next ] [ threads ]
 
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  "'Andy Holyer'" <andyh at hhbb dot co dot uk>, "'m0n0wall'" <m0n0wall at lists dot m0n0 dot ch>
 Cc:  "'Nicolas Bussieres'" <nicolasb at altaspectra dot com>
 Subject:  RE: [m0n0wall] Advice please: Configuration for wireless-acessible Monowall
 Date:  Thu, 26 Aug 2004 09:34:06 -0400
I would even say to allow access to port 443 and 80 only from your
management LAN subnet. (i.e. restrict the IP addresses allowed to access 443
and 80) Using HTTPS would encrypt from Server to Client - thus allowing some
basic security...

_________________________________
James W. McKeand
 

-----Original Message-----
From: Nicolas Bussieres [mailto:nicolasb at altaspectra dot com] 
Sent: Thursday, August 26, 2004 9:19 AM
To: Andy Holyer; 'm0n0wall'
Subject: RE: [m0n0wall] Advice please: Configuration for wireless-acessible
Monowall

well , why dont you just accept port 443(hhtps) or 80(http) on wan side of
te firewall(wireless interface) . im doing this for a few special client on
our wireless network and it works very well . this will allow remote access
.


-----Message d'origine-----
De : Andy Holyer [mailto:andyh at hhbb dot co dot uk] Envoye : jeudi, aout 26, 2004
09:06 A : 'm0n0wall'
Objet : [m0n0wall] Advice please: Configuration for wireless-acessible
Monowall


I've been lurking here for a few weeks, but I haven't seen exactly what I
need come up. My boss is now shouting, so I don't really have time for much
experimentation. Here's what I want to have:

We supply Internet to remote locations beyond the reach of wired DSL, using
Soekris and Wrap routers and rooftop antennas. We have experimented with
using Monowall, but suffer from the problem that the web interface is
blocked to the wireless connection. Since the boxes are widely spread over
the countryside (and sometimes in inaccessible places, such as up poles) we
need to be able to remotely administer them.

I've seen some mention of setting up an IPSEC pipe to the box and then
fetching web pages from that. That has some appeal - I already use openVPN
to allow our monitor pages to be seen from home or when out in the field.

I've been administering unix boxes for nearly 20 years but I've only been
playing with routing etc. for the last couple of months, and IPSec is new to
me, too. To complicate matters many of our boxes are on the private
interfaces of their peers who relay the signal to them, sometimes 6 or seven
layers, so you can't route to them directly. You have to log onto the box in
front of them in the network, and then open a client to get to them.

Any advice on how I should proceed (examples or pointers to tutorials would
be good too) would be warmly welcomed.

Our main servers run FreeBSD 5.x, by the way.

Thanks in Advance,
---
Andy Holyer, Technical stuff
Hedgehog Broadband, 11 Marlborough Place Brighton BN1 1UB
08451 260895 x 241


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch



---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch