[Leaplist] an ipcop question
Hank Lambert
hank at hanklambert.com
Tue Dec 16 08:17:49 EST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I use WPA, mac filtering, and have the SSID disabled. What I don't do
is have the ritter provide the IP address for the wireless clients, I
have IPCop hand out the addresses, but have it assign a static address
applied to a specific mac address. I know that having the wireless
clients on a different subnet is more secure, now I have more to think
about ;)
How do you control IP tables on the ritter? Is that a feature of dd-wrt?
- --Hank
Fred Moore wrote:
> Hank Lambert wrote:
>> Thanks, that's exactly what I am looking for.
>>
>> I know I have to set up mac address filtering for the ritter (on the
>> blue interface), but do I also need to set mac filtering for the
>> clients that will connect to the blue interface via the ritter? If so
>> it won't be a problem as I will have the IPCop box give static
>> addresses via dhcp.
>>
>> --Hank
>>
>>
>> Phil Barnett wrote:
>>> p, li { white-space: pre-wrap; }
>>> On Thursday 11 December 2008 21:31:52 Hank Lambert wrote:
>>>> I thought that is how the orange would work, being the DMZ, but I
>>>> wasn't sure. As far as the wireless, I have a router, a WRT54G that I
>>>> am flashing with Tomato firmware. Being it is a "ritter", I'm not sure
>>>> that putting it on the blue interface would really matter.
>>> Yes, it will work fine.
>>> 1. Turn off DHCP in the Ritter.
>>> 2. Give the unit (the switch side) a fixed IP address on the same
>>> subnet that
>>> the Blue DHCP is configured for.
>>> 3. Don't plug the blue network card into the WAN port, plug it into
>>> one of the
>>> switch ports.
>>> If you ignore the WAN port, they act like an access point with a 4
>>> port switch
>>> attached.
>>> --
>>> "Ninety percent of politicians give the other 10 percent a bad
>>> name." -- Henry
>>> Kissinger
>>
>>> --
>>> This message has been scanned for viruses and
>>> dangerous content by *MailScanner* <http://www.mailscanner.info/>,
>>> and is
>>> believed to be clean.
>>> ----------------------------------------------------------------------
>>> _______________________________________________
>>> Leaplist mailing list
>>> Leaplist at leap-cf.org
>>> http://lists.leap-cf.org/mailman/listinfo/leaplist
>
> Any security is a plus. personally
> 1) I encrypt the connection (WPA)
> 2) allow the AP to output DHCP with an address range of xxx.xxx.xxx.250
> - xxx.xxx.xxx.251
> in other words only one. but different from my main subnet. (address
> changed for privacy)
> 3) Do not broadcast an SSID
> 4) do mac filtering with only my mac addresses in the allowed list (3
> machines).
> 5) I run dd-wrt because I control iptables via ssh.
>
> So what does this mean.
> they must know the AP exists. normal windows war driving tools won't
> tell you, as they can't associate.
> Only one address can be assigned, I keep one connection up all the time,
> and drop it if I need another box to get in.
> only known mac addresses can get in.
> if they do get in, what can they do.. only I know because I control the
> iptables world..
>
> Think you can assign a static address on my wifi subnet?...
>
> .. Fred
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJR6p9BEC44ZbTPXERAuyaAJ4roMLinb//irPbl/ZeOET7N3aFjQCfY+a/
9b/eSC8NtvsdyIZAjzVdz8k=
=hw+r
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Leaplist
mailing list