Wireless router?

Roger Olofsson 240olofsson at telia.com
Tue Dec 23 13:42:52 UTC 2008 


Corey Chandler skrev:
> Nerius Landys wrote:
>> Thank you all for your suggestions.  This will be a project for me
>> over the holidays.  I decided to go the standalone wireless router
>> approach.  
> Good man!
>> I will need to figure out how to configure my standalone
>> wireless router to "pass everything through" to the internal LAN that
>> I already have.  
> It's called "Bridge mode" on most APs-- it does exactly what you 
> describe.  Just make sure things like "DHCP server" are turned off or 
> you'll see some... odd breakages.
>> Also I don't know too much about security, like how
>> to prevent eavesdroppers from connecting to my internal network.  One
>> of you mentioned access lists, and I assume that means I tell the
>> wireless router which MAC addresses it accepts, and nothing else.  
> Ugh.  MAC addresses are trivial to spoof-- I usually don't bother with 
> using them for security, although I do use 'em to ensure that particular 
> machines always inherit particular addresses.
> 
>> Is there any other way to provide security?  Like a password-protected
>> network?  What are the buzzwords for these security schemes?  Which
>> security scheme do you recommend for preventing random people within
>> proximity from connecting to my internal netowrk?
>>   
> 
> Absolutely.  Google for WPA or WPA2; WEP has been broken and is trivial 
> to bruteforce, so I'd not bother with that.
> 
> Once you get the unit in, feel free to email me off list for 
> configuration questions; it sounds like a fun project!
> 
> -- CJC
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
> 
> 
> ------------------------------------------------------------------------
> 
> 
> No virus found in this incoming message.
> Checked by AVG - http://www.avg.com 
> Version: 8.0.176 / Virus Database: 270.10.0/1861 - Release Date: 2008-12-22 11:23
> 

Hello Corey,

I don't use 'bridge mode'. I set a normal LAN ip for the wifi router - 
as well as ips to the FreeBSD gateway and dns. This is for the LAN part 
of the router - then another internal LAN ip for the wifi part.

To examplify.

Wifi router LAN part - ip 192.168.0.20, gateway 192.168.0.1, dns 
192.168.0.10 and 192.168.0.11.

Wifi wifi part - network 10.0.0.1 - 10.0.0.10.

MAC addresses are indeed trivial to spoof - but if combined with a wifi 
encryption key/passphrase it adds to security.

Greetings

/Roger

More information about the freebsd-questions mailing list