[TriLUG] All in one wireless access point/router question

Jeremy Portzer jeremyp at pobox.com
Mon Jan 6 01:00:21 EST 2003


On Mon, 2003-01-06 at 00:24, Tanner Lovelace wrote:
> Here's a question for both Jason and Jeremy.  Where is the wireless
> network in relation to the wan and internal lan?  Is it on the internal
> lan, or is it possible to put it on a DMZ network that is between the 
> two (i.e. can access the wan, but not the internal lan unless you 
> specify it that way?  If so, then that would be really cool.
> 

As Jason replied, the standard setup is to include the wireless network
as part of the internal LAN.  However, it does have some separate
configuration fields like MAC address filters that are specific to the
wireless portion of the internal network.  This way you can MAC-filter
wireless access to the WAP, but still allow full access to any MAC
address on the wired switch, which I have done.  

There is a "DMZ Host" option on my Linksys box:  "This feature sets a
local user to be exposed to the Internet. Any user on the Internet can
access in/out data from the DMZ host."  This option is in addition to
the usual port forwarding controls.

The DMZ host is specified by internal IP address, so obviously you'd
want to enable MAC filters and mandatory WEP for the wireless network. 
Otherwise someone could try to spoof that IP address and gain access as
the DMZ host.

Looking through the configuration pages some more, there appears to be
full control over static and dynamic routing performed by the router. 
So you could probably set up a DMZ "manually" by playing with this
function, using static IP addresses in the LAN (since the DHCP server
would probably mess things up), and IP and MAC address filters on the
WAP to keep things where they belong.  But the router only sees two
interfaces -- WAN and LAN -- so this setup would always be a bit of a
hack.

One annoying thing about the Linksys router:  the firmware upgrade
utility doesn't seem to work from Mozilla (some Javascript checks for
Netscape or IE, and becomes non-functional in other browsers).  Maybe
this is fixed in a newer firmware.  Hmm, maybe I can use Konquerer which
IIRC has a feature to spoof the user-agent header...

--Jeremy






More information about the TriLUG mailing list