I am face with setting up a wireless for public access.
I know how to do this as someone would approach this
with a shorewall config. But I have a special situation.
There is two buildings 1 and 2. Building 1 has the
home runs, shorewall, Isp segment. Building 2
is fed through fiber (100baseT). Building 2 is
part of the internal lan on building 1.
Building 2 has no access to fqip''s
And there is no segment for another nic
for shorewall to run this public traffic.
Two fiber runs would have made this possible
but it''s expensive to run another.
I would like to secure the public traffic
on a different network to protect the lan.
Alias interface would be insecure. I thought
about making vlans at layer2, anyone got an
idea how to do this with shorewall that I might
not be aware of?
Thanks
Mike
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Mike Lander wrote:> Alias interface would be insecure. I thought > about making vlans at layer2, anyone got an > idea how to do this with shorewall that I might > not be aware of?You could also run a VPN over the Fiber 100BaseT between the two buildings and use it exclusively for public wireless traffic. You would need a VPN gateway in building 2 connected to the WAP there. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
You could also run a VPN over the Fiber 100BaseT between the two
buildings and use it exclusively for public wireless traffic. You would
need a VPN gateway in building 2 connected to the WAP there.
-Tom
Like a dedicated nics on each end on a seperate networks,
example: existing lan 192.168.1.0/24 in building 1 and 2.
then run 192.168.100.0/24 on seperate nics over openvpn
and plug those nic''s into the lan switches on both ends of the
fiber running the 192.168.1.0 lan network?
Thanks
Mike
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Mike Lander wrote:> You could also run a VPN over the Fiber 100BaseT between the two > buildings and use it exclusively for public wireless traffic. You would > need a VPN gateway in building 2 connected to the WAP there. > > -Tom > > Like a dedicated nics on each end on a seperate networks, > example: existing lan 192.168.1.0/24 in building 1 and 2. > then run 192.168.100.0/24 on seperate nics over openvpn > and plug those nic''s into the lan switches on both ends of the > fiber running the 192.168.1.0 lan network?Yes. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV