|
||||||||
Hello. After many hours of labor, I finally got m0n0 running today. I guess it pays to make sure you actually have a NIC chipset supported by FreeBSD... Anyway, I have a question or two about using m0n0 with a hotspot I am installing in my business. I have a LAN behind my Linksys Nat router/switch with an IP/subnet range of 192.168.1.0/24. Only 3 computers connected to the switch. What I am wanting to do is connect m0n0 right to the switch on my LAN (through m0n0 WAN device). Then I want to connect my wireless AP to the m0n0 box. The problem is, I don't know if I should use the DMZ/OPT1 interface or the LAN interface. I won't need anything connected to the LAN interface on the m0n0 box so could I actually just connect the AP to the LAN interface and my hotspot becomes "another lan" in effect? I then need to make sure m0n0 blocks all access to my actually "real" wired lan since all I want the wireless clients to do is surf and not sniff my network. Would I simply need to setup a rule for the LAN interface that would block all outgoing traffic that had a destination of 192.168.1.0/24. Lastly, I need m0n0 to block access to everything the wireless clients can do except pop3, http, and https. Would I simply add a set of allow rules to the LAN interface again something to the idea of this: Proto Source Port Destination Port TCP LAN net * * 80 (HTTP) TCP LAN net * * 110 (POP3) TCP LAN net * * 443 (HTTPS) Then at the bottom of those 3 rules have one that blocks EVERYTHING else? Thanks in advance for any help, guys! Rodman Frowert |