[ previous ] [ next ] [ threads ]
 
 From:  "Kevin Coleman" <kevin at gabu dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Setting up HotSpot
 Date:  Mon, 30 Aug 2004 21:26:37 -0700 
I'd take out the Linksys, put your 192.169.1.0/24 network on the LAN
interface, your DSL/cable modem on the WAN interface, and connect your
Wi-Fi AP to the DMZ interface.

Then create a firewall rule that enables the DMZ to access the WAN. By
default, LAN will be able to access the internet and DMZ will not be
able to access the LAN.

(K)

-----Original Message-----
From: Rodman Frowert [mailto:frowertr at i dash 1 dot net] 
Sent: Monday, August 30, 2004 9:16 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Setting up HotSpot

Hello.  After many hours of labor, I finally got m0n0 running today.  I
guess it pays to make sure you actually have a NIC chipset supported by
FreeBSD...

Anyway, I have a question or two about using m0n0 with a hotspot I am
installing in my business.  I have a LAN behind my Linksys Nat
router/switch
with an IP/subnet range of 192.168.1.0/24.  Only 3 computers connected
to
the switch.  What I am wanting to do is connect m0n0 right to the switch
on
my LAN (through m0n0 WAN device).  Then I want to connect my wireless AP
to
the m0n0 box.  The problem is, I don't know if I should use the DMZ/OPT1
interface or the LAN interface.  I won't need anything connected to the
LAN
interface on the m0n0 box so could I actually just connect the AP to the
LAN
interface and my hotspot becomes "another lan" in effect?

I then need to make sure m0n0 blocks all access to my actually "real"
wired
lan since all I want the wireless clients to do is surf and not sniff my
network.  Would I simply need to setup a rule for the LAN interface that
would block all outgoing traffic that had a destination of
192.168.1.0/24.

Lastly, I need m0n0 to block access to everything the wireless clients
can
do except pop3, http, and https.  Would I simply add a set of allow
rules to
the LAN interface again something to the idea of this:

Proto    Source    Port       Destination    Port

TCP      LAN net   *           *              80  (HTTP)
TCP      LAN net   *           *              110 (POP3)
TCP      LAN net   *           *              443 (HTTPS)

Then at the bottom of those 3 rules have one that blocks EVERYTHING
else?

Thanks in advance for any help, guys!

Rodman Frowert


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch