240olofsson at telia.com
Tue Dec 23 13:31:54 UTC 2008
Nerius Landys skrev:
> Thank you all for your suggestions. This will be a project for me
> over the holidays. I decided to go the standalone wireless router
> approach. I will need to figure out how to configure my standalone
> wireless router to "pass everything through" to the internal LAN that
> I already have. Also I don't know too much about security, like how
> to prevent eavesdroppers from connecting to my internal network. One
> of you mentioned access lists, and I assume that means I tell the
> wireless router which MAC addresses it accepts, and nothing else. Is
> there any other way to provide security? Like a password-protected
> network? What are the buzzwords for these security schemes? Which
> security scheme do you recommend for preventing random people within
> proximity from connecting to my internal netowrk?
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
> No virus found in this incoming message.
> Checked by AVG - http://www.avg.com
> Version: 8.0.176 / Virus Database: 270.10.0/1861 - Release Date: 2008-12-22 11:23
Hello again Nerius,
You have understood the MAC filtering correctly. You should also encrypt
the wifi traffic by using at least WPA encryption. For most wifi routers
this is a checkbox and a key or a passphrase that you enter. All clients
that wants access and have their MAC address in the access list will
have to enter the passphrase/key on the first connect.
This means that you control the MAC address list - all new wifi devices
that wants to connect to your wifi LAN needs to get added to the MAC
access list - manually by you. You also control the encryption
passphrase - all wifi clients that wants to connect to your wifi LAN
need to know the encryption passphrase. If you use WPA for encryption
you will have a higher degree of security than using the old and
Of course both the MAC list and the encryption key/passphrase are stored
in the wifi router - so if you don't set a proper password for admin
access to this one - all is lost. You should disable wireless access for
admin (remote management) to it - only allow cabled access and use a
good strong password.
Buzzwords? I dunno - I hope people on the mailing list help me out
here... Is there a better/simpler way of doing this?
For a good laugh ... Enjoy Jason Dixons presentations from the BSDcon on
More information about the freebsd-questions