On 8/6/2004 11:07 AM ... Earth time Mike Burger configured a series of 1's and 0's as follows:
[snip]On 8/6/2004 6:45 AM ... Earth time Mike Burger configured a series of 1's and 0's as follows:
On Thu, 5 Aug 2004, Harry Putnam wrote:
> I've given some thought to doing just this (VPN for all wirelessAll you need is a WAP (I'm using a Linksys unit, myself) and a PCMCIA wireless NIC that is compatible with Linux. I'm using an Orinoco Gold card, but it's an "older" one, before chipsets were changed. Check the hardware compatibility list for recommendations, first, and get one from the list.
Here's My Setup:
Internet | DSL Modem | Netgear FVS318 Firewall/VPN | | | | [M1] [M2] [M3] | | Netgear WG302 Wireless AP . . . . +-----+-----+-----+ | | | | [M4] [L1] [L2] | | Netgear ME101 Wireless Bridge | HUB | +----+----+ | | | [M5]
M1,M2 Redhat 9 M3,M4,M5 Win 2000 L1,L2 Laptop XP
> connections).
>
> In my case, all three wireless connected systems are Windows (2x Win2k, 1x
> XP).
>
> My firewall system is running FC1 and iptables. My internal server is
> currently running RHL9, soon to be upgraded to FC2.
>
> If you wouldn't mind sharing, with me (and the list, if you wish), your
> configurations (VPN, firewall, etc), maybe a how-to, I'd be very interested
> in learning and implementing.
>
The VPN is not for the wireless. It's for Home/Business across the 'net and I'm really not even using it at the moment. My HOME network security (call it what you will) is accomplished by:
1. Using a Firewall appliance, not my Linux box. 2. Changing AP defaults (SSID,Network,admin pw, etc) 2. Not broadcasting the SSID 3. Access control by MAC address 4. WEP 128 bit encryption
Is this secure? Mostly. Is it foolproof? No. Is it flexible? Yes, for my needs.
My neighbors won't likely be connecting (unintentionally or intentionally) to my AP for Internet access. First, they can't see it without something special. Second, they'd need to crack the the encryption and then they'd need to do some sort of MAC masquerading. All extremely unlikely. Somebody with that much knowledge will likely have bigger fish to fry. Anyway, that's what I think.
In terms of going out, I make all Internet access go through squid/squidGuard/Privoxy. It mostly just keeps my kids in line while on line :) For e-mail I run fetchmail->qmail->spammassassin/clamav->procmail and disallow (or will soon) web mail (at least for my kids.)
I may be naive. If you think so tell me.
Cheers,
Bill Bill
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
