Suggestions : Wireless Modem Access Point
alex at topic.com.au
Wed Dec 12 13:25:18 EST 2001
On Tuesday, December 11, 2001, at 10:31 , Tom Gallagher wrote:
> Heres my scenario : -
> I am going to buy some wireless LAN cards soon for my small flat (Linux
> and Win98 desktop PCs + laptop in the future) and I would like to buy a
> modem access point. I would like a small box that I can sit by my phone
> socket and then access the internet from any PC in the flat.
> I have looked at the Buffalo airstation range and also the apple
The Apple Airports (I and II) are designed for one specific market -
home users who want to browse the web.
The Airport doesn't allow inbound connections.
I have a Linux box (called "box") which provides the ADSL connection to
my house (sorry - I forgot, it's actually running "Windows 98" as far as
Telstra's concerned). This machine allows me to SSH in from anywhere,
and to use PPTP from my office. Using IPSec was going to require
getting a bleeding edge kernel, adding patches from a million different
places, and doing a whole lot more reading at the time than I was happy
I agree with other posts - if you want an Airport, you'd end up using it
as a Rolls Royce managed hub. Just enable WEP to prevent accidental
intrusion, restrict MAC addresses to stop the neighbors accidentally
getting an address on your network instead of their own, then set the
hub up as an untrusted network - even less trusted than the Internet.
I would have a setup like this: Wireless Laptop <- radio -> Wireless
Hub <- ethernet -> W-Firewall <- ethernet -> Wired Network <-
ethernet -> I-Firewall <- dialup/ADSL/cable/pidgeon -> ISP
The W-Firewall could provide services such as DHCP and link/network
layers such as PPPoE, PPTP, whatever. The idea being that you don't
actually route from the wireless network to anywhere. Everywhere else,
you deny/reject/slash-and-burn packets that originate from the wireless
Machines on the wireless network should connect using an encrypted
"network" such as PPPoE using MPPE, PPTP using MPPE, or IPSec to the
W-Firewall box, which then allows these "secure" connections to send
packets to other places.
Don't think of the 802.11 card as a "network card" so much as a
"wireless modem". You'd at least use CHAP on a dial-up PPP link, why
not put the same level of access control on your wireless link?
Keep an eye out for neighbours pointing 12cm directional antennae at
your house, or people in silver-windowed vans parking outside your house
for 12 hours at a time...
... and don't forget the Black Helicopters who are going to steal your
secrets anyway, 3072 bit encryption or not.
More information about the wireless