[ previous ] [ next ] [ threads ]
 From:  "Kevin Coleman" <kevin at gabu dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Setting up HotSpot
 Date:  Mon, 30 Aug 2004 21:26:37 -0700
I'd take out the Linksys, put your network on the LAN
interface, your DSL/cable modem on the WAN interface, and connect your
Wi-Fi AP to the DMZ interface.

Then create a firewall rule that enables the DMZ to access the WAN. By
default, LAN will be able to access the internet and DMZ will not be
able to access the LAN.


-----Original Message-----
From: Rodman Frowert [mailto:frowertr at i dash 1 dot net] 
Sent: Monday, August 30, 2004 9:16 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Setting up HotSpot

Hello.  After many hours of labor, I finally got m0n0 running today.  I
guess it pays to make sure you actually have a NIC chipset supported by

Anyway, I have a question or two about using m0n0 with a hotspot I am
installing in my business.  I have a LAN behind my Linksys Nat
with an IP/subnet range of  Only 3 computers connected
the switch.  What I am wanting to do is connect m0n0 right to the switch
my LAN (through m0n0 WAN device).  Then I want to connect my wireless AP
the m0n0 box.  The problem is, I don't know if I should use the DMZ/OPT1
interface or the LAN interface.  I won't need anything connected to the
interface on the m0n0 box so could I actually just connect the AP to the
interface and my hotspot becomes "another lan" in effect?

I then need to make sure m0n0 blocks all access to my actually "real"
lan since all I want the wireless clients to do is surf and not sniff my
network.  Would I simply need to setup a rule for the LAN interface that
would block all outgoing traffic that had a destination of

Lastly, I need m0n0 to block access to everything the wireless clients
do except pop3, http, and https.  Would I simply add a set of allow
rules to
the LAN interface again something to the idea of this:

Proto    Source    Port       Destination    Port

TCP      LAN net   *           *              80  (HTTP)
TCP      LAN net   *           *              110 (POP3)
TCP      LAN net   *           *              443 (HTTPS)

Then at the bottom of those 3 rules have one that blocks EVERYTHING

Thanks in advance for any help, guys!

Rodman Frowert

To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch