KCLUG.NET available

Kelsay, Brian - Kansas City, MO brian.kelsay at kcc.usda.gov
Fri Feb 10 08:08:04 CST 2006 

 If it is open to all, make static IP assignments for the MAC addresses
of the cards that are the network owner's.  If he needs internal LAN
access to a server, either put it in the DMZ or in local (Green) LAN and
make DMZ pinholes for those MACs/IPs to get to the server IP.  That
prevents outside/free users from getting to the local server and
network.

I'd also either make sure nocatauth is on IPCop or put it on there
yourself.  As I said before, it gives the Acceptable Use Policy for
outside users.  The first Internet hit they try will bounce them to the
AUP.

If you want to filter Internet access, use Dan's Guardian.  There is
info on the IPCop page about adding it.

Good Luck

-----Original Message-----
From: kclug-bounces at kclug.org [mailto:kclug-bounces at kclug.org] On Behalf
Of Jared
Sent: Friday, February 10, 2006 5:28 AM


IPCOP it is. I neglected to mention that the wireless
AP would be open access for all, including internal use.
The picture below is roughly what I'll be doing.

I happen to have a spare 586 sitting around waiting
for a Linux image, and IPCOP does both firewall and
routing. Basically, for free, and that's the selling
point.

Thanks to all for the help!

p.s. The KCLUG.NET address went very quickly.

-Jared

>>> small network whose owner wants to make it available
>>> for web-browsing to anyone roaming the neighborhood via
>>> wireless. However, as best I know this gives access to
>>> the other computers on the network, and I'm curious to
>>> know if there is a way to expose a single computer to
>>> the world as a wireless server, without giving access to
>>> the rest of the network.
>>
>>Internet to 5-port switch
>>Switch  to Wireless AP and a NAT/Firewall device
>>NAT/Firewall to private network
> 
> solution #1:
> 
>  Internet 
>      |
> +----------+
> | Firewall |
> |----------|
> | FW | FW  |
> +----------+
>    |    |
>    |    |      +----------+
>    |    +------| Wireless |
>    |           +----------+
>    |
> +----------+
> |   LAN    |
> +----------+

More information about the Kclug mailing list