[Leaplist] an ipcop question

Mon Dec 15 22:46:42 EST 2008

Hank Lambert wrote:
>
> Thanks, that's exactly what I am looking for.
>
> I know I have to set up mac address filtering for the ritter (on the
> blue interface), but do I also need to set mac filtering for the
> clients that will connect to the blue interface via the ritter? If so
> it won't be a problem as I will have the IPCop box give static
> addresses via dhcp.
>
> --Hank
>
>
> Phil Barnett wrote:
> > p, li { white-space: pre-wrap; }
>
> > On Thursday 11 December 2008 21:31:52 Hank Lambert wrote:
>
> >> I thought that is how the orange would work, being the DMZ, but I
> >> wasn't sure. As far as the wireless, I have a router, a WRT54G that I
> >> am flashing with Tomato firmware. Being it is a "ritter", I'm not sure
> >> that putting it on the blue interface would really matter.
> > Yes, it will work fine.
>
> > 1. Turn off DHCP in the Ritter.
>
> > 2. Give the unit (the switch side) a fixed IP address on the same
> > subnet that
>
> > the Blue DHCP is configured for.
>
> > 3. Don't plug the blue network card into the WAN port, plug it into
> > one of the
>
> > switch ports.
>
> > If you ignore the WAN port, they act like an access point with a 4
> > port switch
>
> > attached.
>
> > --
>
> > "Ninety percent of politicians give the other 10 percent a bad
> > name." -- Henry
>
> > Kissinger
>
>
> > --
> > This message has been scanned for viruses and
> > dangerous content by *MailScanner* <http://www.mailscanner.info/>,
> > and is
> > believed to be clean.
>
> > ----------------------------------------------------------------------
>
> > _______________________________________________
> > Leaplist mailing list
> > Leaplist at leap-cf.org
> > http://lists.leap-cf.org/mailman/listinfo/leaplist

Any security is a plus.   personally
1)  I encrypt the connection  (WPA)
2) allow the AP to output DHCP with an address range of xxx.xxx.xxx.250
- xxx.xxx.xxx.251
  in other words only one.  but different from my main subnet.  (address
changed for privacy)
3)  Do not broadcast an SSID
4) do mac filtering with only my mac addresses in the allowed list (3
machines).
5) I run dd-wrt because I control iptables via ssh.

So what does this mean.
they must know the AP exists.  normal windows war driving tools won't
tell you, as they can't associate.
Only one address can be assigned, I keep one connection up all the time,
and drop it if I need another box to get in.
only known mac addresses can get in.
if they do get in, what can they do.. only I know because I control the
iptables world..  

Think you can assign a static address on my wifi subnet?...

.. Fred

-- 
Lots of soaring generalities, without a single hard fact in sight. Saves
the trouble of having to do research.
Fred/WD8KNI