Coupla things, 2nd one is off topic:
1. A couple of years ago I bought the name KCLUG.NET, intending to set up mail accounts or make it available for the cluster idea, but soon found myself with limited resources. The domain name expires at the end of May, and in the past when I've relinquished a quality domain name, I watched it snapped up by a reseller who made it available for 3 digits or more. So, I have this quality domain name which I will transfer for free to a good home; it expires in 3 months, so it's not much, but it's a start for anyone with time to spare.
2. I write software so I dunno networking, requesting help from the user group. I was invited to manage a very small network whose owner wants to make it available for web-browsing to anyone roaming the neighborhood via wireless. However, as best I know this gives access to the other computers on the network, and I'm curious to know if there is a way to expose a single computer to the world as a wireless server, without giving access to the rest of the network.
Wireless Belkin Router/AP, but willing to buy other equipment if necessary.
Thanks,
-Jared
On Tuesday 07 February 2006 11:53, Jared wrote:
- A couple of years ago I bought the name KCLUG.NET,
intending to set up mail accounts or make it available for the cluster idea, but soon found myself with limited resources. The domain name expires at the end of May, and in the past when I've relinquished a quality domain name, I watched it snapped up by a reseller who made it available for 3 digits or more. So, I have this quality domain name which I will transfer for free to a good home; it expires in 3 months, so it's not much, but it's a start for anyone with time to spare.
I'll take it.
- I write software so I dunno networking, requesting
help from the user group. I was invited to manage a very small network whose owner wants to make it available for web-browsing to anyone roaming the neighborhood via wireless. However, as best I know this gives access to the other computers on the network, and I'm curious to know if there is a way to expose a single computer to the world as a wireless server, without giving access to the rest of the network.
Internet to 5-port switch Switch to Wireless AP and a NAT/Firewall device NAT/Firewall to private network
- I write software so I dunno networking, requesting
help from the user group. I was invited to manage a very small network whose owner wants to make it available for web-browsing to anyone roaming the neighborhood via wireless. However, as best I know this gives access to the other computers on the network, and I'm curious to know if there is a way to expose a single computer to the world as a wireless server, without giving access to the rest of the network.
Internet to 5-port switch Switch to Wireless AP and a NAT/Firewall device NAT/Firewall to private network
as I see it the question is, is there a way to expose the one server, while still providing wireless for your other devices, using a single access point, and the answer is no. He's going to need a second access point. One AP for the public wireless and one for his unrestricted private.
--- David Nicol wrote:
- I write software so I dunno networking,
requesting
help from the user group. I was invited to
manage a very
small network whose owner wants to make it
available
for web-browsing to anyone roaming the
neighborhood via
wireless. However, as best I know this gives
access to
the other computers on the network, and I'm
curious to
know if there is a way to expose a single
computer to
the world as a wireless server, without giving
access to
the rest of the network.
Internet to 5-port switch Switch to Wireless AP and a NAT/Firewall device NAT/Firewall to private network
as I see it the question is, is there a way to expose the one server, while still providing wireless for your other devices, using a single access point, and the answer is no. He's going to need a second access point. One AP for the public wireless and one for his unrestricted private.
I disagree. The way I see it he could build a tri-homed firewall. Three NICs , One NIC is a wireless on a private IP range, one NIC is assigned a different IP range, and the third connects to the Internet. I don't know enough about switches to analyze the first answer, but it seemed reasonable, basically the same as my solution - except the switch is the tri-homed device. My solution has the added benefit of offering some protection to the wireless device and also prevents maliscious persons from using the wireless to launch attacks. The downside is, if the tri-homed device is compromised all is exposed. Another solution here would be to have a gateway firewall machine, put the wireless on the DMZ side of this firewall add a DMZ firewall protecting the internal network from both the wireless and the Internet.
solution #2:
Internet | +----------+ | Firewall | +----------+ | | +----------+ +------| Wireless | | +----------+ | +----------+ | Firewall | +----------+ | | +----------+ | LAN | +----------+
solution #1:
Internet | +----------+ | Firewall | |----------| | FW | FW | +----------+ | | | | +----------+ | +------| Wireless | | +----------+ | +----------+ | LAN | +----------+
Granted this configuration is an advanced firewall, and the previous set up requires two different firewalls. In all cases the first firewall is a gateway firewall and the others are choke firewalls. However it is doable without a second access point. The first solution can be done with a single iptables configuration.
Brian JD
On 2/7/06, Jack quiet_celt@yahoo.com wrote:
--- David Nicol wrote:
as I see it the question is, is there a way to expose the one server, while still providing wireless for your other devices, using a single access point, and the answer is no. He's going to need a second access point. One AP for the public wireless and one for his unrestricted private.
I disagree.
no you don't. Your pictures, with one wireless node, are not providing a trusted wireless, that has access to the LAN section, in addition to the untrusted wireless.
I said that if you want a trusted wireless and an untrusted wireless both, you need to WAPs. Your diagrams agree with that.
-
David Nicol -
Jack -
Jared -
Jason Clinton