[ previous ] [ next ] [ threads ]
 
 From:  "Chris Bagnall" <m0n0wall at minotaur dot cc>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Setting up HotSpot
 Date:  Thu, 2 Sep 2004 15:44:06 +0100 
> Just for kicks, I do have one additional question.  Lets say 
> I wanted to add a RADIUS server to the mix and only use the 
> hotspot for our employees and NOT public access.  Instead of 
> adding another OPT interface in the m0n0 box, couldn't I 
> simply connect the RADIUS server to the same switch the AP's 
> are on and simply give it an ip address in my 10.10.10.x/24 
> range I am using for my hotspot?

Yes, this would work fine, provided your APs have the capability to talk
directly to a RAIDUS server.

If they do not, you could always use m0n0wall's inbuilt PPTP server on the
OPT1 interface, thus forcing all users to create VPNs before they're
actually able to do anything.  You can of course then use your RADIUS server
to authenticate PPTP sessions.

In fact, this might be a nice hybrid combination between public and
employee-only access.  The hotspot might allow public access to a very
limited set of ports (as described in a previous post), possibly with quite
a strict traffic limit on it to prevent the public from using too much of
your bandwidth. You could then allow employees to connect to the same
hotspot and tunnel into the "private" network from the hotspot.

> The root of the question I am getting to is does one really 
> need a different OPT device for each different server (i.e. 
> mail, dns, ftp, web, etc...) or would the one be sufficient?

One is perfectly sufficient unless you have a clear need to run services on
separate subnets.

> I know this question also depends on traffic to the server as 
> I wouldn't want a heavily used web server on the same 
> interface that is serving my wireless clients as bandwidth 
> problems may become an issue.

In all honesty the wireless APs are only going to give you around 22-25mbps
maximum. I presume the NIC in the m0n0 box is a 100mbps card, so you've got
plenty of room to play with before this becomes an issue.

Regards,

Chris
-- 
C.M. Bagnall, Partner, Minotaur
Tel: (07010) 710715   Mobile: (07811) 332969
ICQ: 13350579   AIM: MinotaurUK   MSN: minotauruk at hotmail dot com   Y!:
Minotaur_Chris
This email is made from 100% recycled electrons