Router + firewall + NIDS questions

beesond001 at hawaii.rr.com beesond001 at hawaii.rr.com
Sun Aug 26 01:43:29 PDT 2001 

Warren,

	How would you do point to point without a wireless if you can't run 
wires?

	Also, would only allowing specific IP addresses and MAC addresses on the 
internal side of the LAN enhance security of the wireless connection, or 
does that not matter in light of recent events?

Ben 

>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<

On 8/25/01, 9:48:15 PM, "Warren Togami" <warren at togami.com> wrote regarding 
[luau] Re: Router + firewall + NIDS questions:


> Intruiging idea with the additional NIC's for isolation.  The iptables 
rules
> configuration will be much more complicated, but the resulting config 
will
> be very secure and powerful.

> Maybe you can avoid buying a wireless access point entirely and do Point 
to
> Point connections.  Rather than iptables disabling routing during times 
of
> the day, you could schedule cron jobs to disable the entire wireless card 
on
> the server, then reenable later in the day.  I haven't tried point to 
point
> or disabling cards, but I'm sure it is possible.

> ----- Original Message -----
> From: <beesond001 at hawaii.rr.com>
> To: "Linux & Unix Advocates & Users" <luau at list.luau.hi.net>
> Sent: Saturday, August 25, 2001 9:26 PM
> Subject: [luau] Re: Router + firewall + NIDS questions


> Warren,

> Thanks for the point out to your guide.

> What you mention below is pretty much what I am interested in doing.
> So, is this a two NIC + hub project, or can I run this as say a four NIC
> project, one for cable modem, one for VALinux, one for the Sparc, and one
> for the two wireless clients?  The reason I ask this is that I think it
> may be easier to limit access by routing/firewall rules if I need to do
> that.  For instance, I could easily firewall anything to and from eth3
> from 10pm until 5pm the following day if I need to.  This would leave
> that connection open only when the kids would be at home and doing
> homework etc.

> You may also have some comments about what I wrote to Joe Paleafei via
> separate reply.  If so, I would be interested to hear what they are.

> As I mentioned to Joe, this is a learn as I go project, so any pointers
> you or anyone else offer will be greatly appreciated.

> Thanks in advance for all your help,

> Ben



> ---
> You are currently subscribed to luau as: beesond001 at hawaii.rr.com
> To unsubscribe send a blank email to $subst('Email.Unsub')

More information about the LUAU mailing list