Shareware for Setting Up AP?

Configuration and operational information about stumbled AP's

Shareware for Setting Up AP?

Postby Guest » Thu Sep 20, 2001 10:13 am

I am looking to allow guests to use my AP but have some questions on how to set this up securely. Are there any programs that can do the following?
- protect my network and computer from guests browsing
- reverse IDS (checking packets for attacks or hacks launched from my computer)
- log who uses my network
- give me priority access to bandwidth
- allow management of network access by time...

Any help would be greatly appreciated.


Securing an AP network

Postby Guest » Mon Nov 05, 2001 3:01 pm

A friend of mine wants to do this- allow his buddies who come visit and have 802.11b equipped laptop/handheld's to browse the web.

My suggestion was as follows:

INTERNET---FIREWALL---LAN---OpenBSD---Crossover Cable---AP

Basically, take an OpenBSD ( ) PC with two ethernet interfaces (or one ethernet and a a WLAN card).

The segment accessible via wireless would be a RFC1918 addressed subnet akin to, and the only service listening on that interface would be IPSEC and a SQUID proxy for web access.

For your own secure access over the wireless network, use IPSEC to encrypt the packets. For your friends, let them browse the web using the proxy server.

I'd do this...

Postby Guest » Mon Nov 05, 2001 7:03 pm

Internet - Firewall - AP - Firewall - Intranet

That second firewall protects your intranet from your AP and all the other stuff you can do at that firewall or within your intranet.

Tron Of Borg

Postby Guest » Mon Nov 05, 2001 7:57 pm

I'm lazy, so what I'd do is the BSD/*nix solution with a VPN. its pretty much easy.

Internet - BSD/*nix firewall and VPN - AP.
Wired network/ authroized wireless
(inside intranet)

Way easy. Just have one box do DHCP, firewall, VPN, and all that fun stuff.


Postby Guest » Tue Nov 13, 2001 3:43 pm

I use FreeBSD with a PCCard Reader in an old P-120, and with 2 nics it acts as my router/firewall/gateway for my cable modem also.

Its sweet, I've already loaded it up so it will recognize my own MAC addys and assign them special IPs. Unrecognized wireless MACs will get an IP from my DHCP pool (10.1.3.x for the wireless) and I use IPFW and dummynet to limit each IP in that block to 384kbps down and 56kbps up :)

Eventually I'll get around to writing scripts to notify me when the DHCP hands out an IP addy to an un-recognized MAC.

I also plan on (someday) loading up Squid as a forced caching proxy which will re-direct any HTTP request to a PHP page where an unknown user will be greeted and asked to fill out some basic info and register their MAC with me as a guest.

What you *could* do is just about endless :)

Postby Guest » Thu Dec 13, 2001 9:55 am

Would FreeBSD or OpenBSD be better that RedHat 7.0/7.1/7.2? I just got my PC-Card Reader (ISA SCM 16bit) Tried it first with Win 2k Server ( 2 nics, 1 Orinoco gold) I got the wired lan working with dhcp, but my laptop is getting an ip but not able to ping outside of the lan. I've setup lans with RH 7.0, but finals are here, and not mucking with the network setup. I'll probably try RH during the Xmas break, but wondering if *BSD would be a better choice.

BSD is better.

Postby Guest » Thu Dec 13, 2001 4:24 pm

Use OpenBSD. It's lean and mean.

Return to AP Information

Who is online

Users browsing this forum: No registered users and 1 guest