Hey, Augie:
Actually, I'm looking to do these with a wireless router that I already
have. Unfortunately, all of the consumer wireless routers I've seen
(including the one I have) only firewall access from outside the router
in, not the other way around. So, if I plug my router into the rest of
my network, the router can control the access from its ethernet
connection (since most of these are designed to be plugged into a
cable/dsl modem, and assume that traffic from the internet cannot be
trusted), but it can't control the traffic _from_ the wireless side
_to_ the rest of my network. So, potentially, someone could crack my
wireless network, and get into the rest of my network, and the wireless
router couldn't do anything about it.
That's why I thought of plugging my w/r into one of the unused ethernet
ports on my linux box. If I could filter the traffic I allow through
that port, I could increase the security of my network. So, in the
worst possible case, if someone cracked the WEP on my wireless router,
the best they could do is perhaps get some free http access. This would
also prevent spammers from using my access point as a free net
connection. Remember, just because you're paranoid, doesn't mean they
aren't out to get you :)
Here's a simple diagram of how I envision my network:
Internet
--------
|
|
V
-----------
Cable Modem
-----------
|
|
V
----------------
Current Firewall
----------------
|
|
V
------------
Home Network
------------
|
|
V
-----------
(Linux Box)
-----------
|
|
[filtered traffic, only allowing http access]
|
|
V
---------------
Wireless Router
---------------
|
|
V
----------------
Wireless Clients
----------------
Sorry I wasn't clearer on my original post ...
Mark
On Dec 27, 2003, at 10:49 AM, augie wrote:
>
>
> Mark Linford wrote:
>> During this winter break, a project I'd like to work on is attaching
>> a wireless router to my home network. However, for security reasons,
>> I'd like to limit the access I allow through the wireless router.
>> Since I already have a linux box with two network interfaces, it
>> seems the best choice would be to connect my w/r to the unused port
>> on my linux box, and use iptables to limit access to the rest of my
>> network (say, allow a few services such as SSH, www and imap access,
>> but deny everything else).
>
> I'm confused. Do you want to build your own wireless router, or are you
> just looking to do these things with a wireless router that you already
> have?
>
> A wireless router (or any router) should be able to do all the things
> you mentioned.
>
> augie.