That, or put your WiFi in a DMZ behind a firewall, and have the firewall protect your private network. Making WiFi DMZ's is sort of standard practice. -sietse ________________________________ From: Anssi Hannula [mailto:anssi.hannula@xxxxxxxxx] Sent: Wed 26-Jul-06 10:16 To: R. DuFresne Cc: Sietse van Zanen; netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: Messages in log with SNAT target R. DuFresne wrote: > On Mon, 24 Jul 2006, Anssi Hannula wrote: > >>> Sietse van Zanen wrote: >>> >>>> The security risk is, and it is a MAJOR one, especially with WiFi >>>> networks is that any PC on the network could just be set up with a >>>> private IP on your private network, start sniffing for passwords etc. >>>> >>>> It's a very, very bad idea to put your public and private WiFi >>>> infratructure on the same physical network. >>>> I would say, there's even no point in firewalling this. Firewalling >>>> is seperating, you are combining. >>>> >>>> -Sietse >>> >>> >>> In this case the private network is only a very small home network. I >>> don't see there being too big a risk of anyone setting up a box with >>> private IP on the network with harm on their mind. If that would be >>> possible, wouldn't the security of the whole system be compromised so >>> much that the private/public separation doesn't matter anymore? >>> >>> The main purpose of the private IPs here is the ease of use and having >>> no public IP for a system if so wanted. > > > > Hopefully, for yer sake, you are the only home for mile and miles > around....Yet, I doubt such is the case, so you are a risk to all sadly. > So, what do you suggest, then? That I have 2 separate wireless networks, one for the internet and one for the private network? (the WLAN is of course WPA encrypted) -- Anssi Hannula
