[ previous ] [ next ] [ threads ]
 
 From:  "Rodman Frowert" <frowertr at i dash 1 dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Setting up HotSpot
 Date:  Mon, 30 Aug 2004 23:15:51 -0500
Hello.  After many hours of labor, I finally got m0n0 running today.  I
guess it pays to make sure you actually have a NIC chipset supported by
FreeBSD...

Anyway, I have a question or two about using m0n0 with a hotspot I am
installing in my business.  I have a LAN behind my Linksys Nat router/switch
with an IP/subnet range of 192.168.1.0/24.  Only 3 computers connected to
the switch.  What I am wanting to do is connect m0n0 right to the switch on
my LAN (through m0n0 WAN device).  Then I want to connect my wireless AP to
the m0n0 box.  The problem is, I don't know if I should use the DMZ/OPT1
interface or the LAN interface.  I won't need anything connected to the LAN
interface on the m0n0 box so could I actually just connect the AP to the LAN
interface and my hotspot becomes "another lan" in effect?

I then need to make sure m0n0 blocks all access to my actually "real" wired
lan since all I want the wireless clients to do is surf and not sniff my
network.  Would I simply need to setup a rule for the LAN interface that
would block all outgoing traffic that had a destination of 192.168.1.0/24.

Lastly, I need m0n0 to block access to everything the wireless clients can
do except pop3, http, and https.  Would I simply add a set of allow rules to
the LAN interface again something to the idea of this:

Proto    Source    Port       Destination    Port

TCP      LAN net   *           *              80  (HTTP)
TCP      LAN net   *           *              110 (POP3)
TCP      LAN net   *           *              443 (HTTPS)

Then at the bottom of those 3 rules have one that blocks EVERYTHING else?

Thanks in advance for any help, guys!

Rodman Frowert