On Fri, 25 Jun 2004 12:43:09 -0700, "Steve Quezadas"
<(E-Mail Removed)> wrote:
>I want to create an access point on my network that ONLY gives internet
>access available onthe network, but not access to the network itself. What's
>the best way to do it? I would imagine one of two:
>
>A) Put a router between the network and teh access point that blocks all
>traffic to local network 192.168.1.x except for the local gateway
>192.168.1.1
Hair splitting: An "access point" is a wireless bridge which knows
nothing about IP addresses and therefore cannot route, block by IP, or
otherwise pretend to play router. Methinks you meant "wireless
router".
>B) Buy a linksys WRT54G, and install the "Linux on the WRT54G" distribution
>on there and block it within that AP.
>
>Is there another "better" way that I am missing?
There's always a "better" way on usenet. Some ideas:
1. For hot spots with internal lans, I use multiple routeable static
IP addresses. One static IP is for the wireless access point. The
other is for the internal LAN with its own router. Wireless access to
the internal LAN requires a seperate wireless router or bridge.
2. If you're stuck with a single IP address, you setup the wireless
and internal LAN with different Class C IP blocks. For example, the
wireless router DHCP delivers IP's in 192.168.1.xxx and the internal
LAN runs on 192.168.2.xxx. You don't really need a 2nd router to
connect these two seperate LAN's as you could setup a static route to
the wireless router at 192.168.1.1 from 192.168.2.xxx on every client
machine and point the default route to 192.168.1.1. However, this
creative routeing has proven to be a rather painful exercise in
maintenance, so I add a 2nd router to connect 192.168.1.xxx with
192.168.2.xxx. The static route method isn't terribly secure as a
clueful wireless user could easily break into the internal LAN.
3. Use a multiport Linux based router. I've been using Freesco:
http://www.freesco.org
http://www.freescosoft.com (add-ons and modules)
for multiport routers for quite a while. Works nice. Most of my
boxes are 486DX2/66 clunkers running off Compact Flash cards as a disk
drive (with an IDE to CD adapter). The current incantation will
support up to 10ea ethernet cards. While it is possible to add a PCI
wireless card, the location of the router and the ideal location of
the radio are almost always incompatible. Therefore, I build my boxes
with 3 or 4 ethernet cards, and plug in a wireless bridge radio into
one of the ethernet ports. For easy firewall rules management:
http://www.freescosoft.com/home/html..._---_tiger.htm
Note: No USB support in the kernel.
4. Multiport SBC (single bored computah) with wireless. See:
http://www.soekris.com/how_to_buy.htm
The 4511, 4521, and 4801 boards have multiple ethernet ports (and
multiple radios), CF card for disks, USB, kitchen sink, etc. Of
course, it runs Linux.
--
Jeff Liebermann
(E-Mail Removed)
150 Felker St #D 831-336-2558
Santa Cruz CA 95060 AE6KS
Similar Threads
Linear Mode
