[KLUG Members] WAPs that don't suck
Dan DeSloover
zifferent at yahoo.com
Wed Sep 28 13:57:03 EDT 2005
I'm sorry if this sounds stupid, but pretty much anything you can shove Linux onto can run a
netfiltering bridge.
You have the best of both worlds.
You have a killer firewall, and it's transparent from a network standpoint. So DHCP and pretty
much any other traffic you deem as necessary passes through.
--- Adam Tauno Williams <awilliam at whitemice.org> wrote:
> I'm looking for WAP recommendations - and I want simple WAPs, with no goofy WAN
> port and the like, just one simple ethernet work.
>
> I've put up a RADIUS server so I can do EAP authentication and TKIP (new
> cryptographic keys get generated every so many packets, verses the old static
> WEP keys). Authentication from XP SP2 works fine, and without any iptables and
> http redirection crap. But finding a WAP that really works well with this seems
> to be the rub. I have a D-Link DI-524 and everything works so long as I have
> the LAN plugged into the little internal switch... but I want to (actually I'm
> contractually obligated to) put a firewall between the wireless segment and the
> LAN which requires the WAP have a default route so it can contact the RADIUS
> server on the internal network. BUT the only way you can specify a default
> route is on the WAN port, which then allows the WAP to access the RADIUS server
> BUT clients then can't acquire a DHCP address because the WAP doesn't forward
> broadcast traffic to the WAP port. Sigh.
>
> RADIUS<---192.168.1.x--->Firewall<----10.221.7.x--->WAP
> DHCP<-----192.168.1.x--->Firewall<----10.221.7.x--->WAP
>
> --
> Adam Tauno Williams - http://www.whitemice.org
>
> _______________________________________________
> Members mailing list
> Members at kalamazoolinux.org
>
>
Thanks,
Dan DeSloover
zifferent at yahoo.com
More information about the Members
mailing list