Ashley M. Kirchner wrote:
Craig White wrote:
generally the preferred method is to require a VPN to connect the LAN
through a wireless system given the security implications of wireless.
I can't enforce that on all of our clients. Some of them barely
know how to properly turn off their computers...
that notwithstanding though, if you use a dhcp server OTHER than the
Linksys device, you can assign a useless gateway address to specific
clients which in effect would not allow them to get to any network other
than the network which they can directly access
Of course, I didn't think of DHCP. Yes, the Linux server would be
running DHCP and the WAP would get it's IP from that. I just need to
figure out how to tell it to have connecting clients fetch an IP from
the linux server once I turn off it's internal DHCP.
This whole thing is probably more convoluted than it really needs
to be but the gist of it is, when someone walks in with their laptop,
we want them to be able to connect to the WAP and only able to see one
single network drive (which is on the same Linux server) so they can
drop files for us. The server itself is also connected to our
internal network so our internal machines can get to it as well,
however the WAP can't go "through" the server and see our internal
network.
However, if one of our employees were to bring in their laptop,
they can connect to the same WAP and would be able to see everything
"through" that server and access everything on the network (and
internet.) So there's some configuration that I need to figure out on
the linux server to start with. On the one hand, if an unknown client
connects, issue a dummy IP that won't have any network routing, but
that would still allow a local drive to be "seen" on that dummy
network, and if a known client connects, issue a valid (internal) IP
so they can work. Hrm. I wonder if the server itself also need to
have a dummy IP so it can communicate with whatever dummy IP gets
issued...
I think of just one sure way to do it. You need 2 routers, one that
has no WiFi service but is where the Internet arrives, say a DSL modem
and they often have a router in them.
Then you have another router like my D-Link DI-524 which has the
WiFi port.
You connect the Internet to the DI-524 to the DSL router with a
cable. On the DSL router you have a password required for access to that
port.
All the users on the WiFi system can talk to each other and it's a
good idea they have a password to get WiFi as well. This is easy on the
DI-524.
A problem is that when a user opens up the Internet port other WiFi
users can also see the Internet. I see no fix for this.
--
Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.
