[Techtalk] Designing a Wireless Network
Kai MacTane
kmactane at gothpunk.com
Tue Oct 16 03:38:32 UTC 2007
Aiya, Elwing. Elen sila lumenn'omentielvo!
Elwing wrote:
>
> See if your WAP supports "bridged" mode. It will basically no longer
> be a router, and will pass all traffic between the network segments.
> This has a few implications:
> 1) you need a DHCP server on the network to serve the wireless
> devices (if necessary)
Galadriel does DHCP, so that's no problem.
> 2) random sniffers/onlookers will have access to your wired network -
> which may or may not be desirable
> [snip]
> I personally use bridged mode on my WAP and assume that anyone on my
> internal network is malicious, so everything's protected. YMMV
> according to your needs.
That wouldn't really work for me, due to the presence of the Windows
machines. I need things to be nice and safe for them. However, given
Rudy Zijlstra's assertions, below, it might not be a problem. Can you
verify what he says?
Rudy Zijlstra wrote:
> Reading this, i get the idea the wireless AP is giving out IP addresses.
Yes, the WAP has its own built-in firmware NAT/ipmasq firewall and DHCP
server.
For those who care, the WAP is a D-Link DI-624. Galadriel currently
gives out IPs in the 192.168.1.* range, and the D-Link (named "Tol
Eressea") gives out IPs in 192.168.2.*. Sorry, I should have included
those details.
> If you can set the AP in bridged mode, then Galadriel would simply hand
> out IP addresses to them from the already existing pool of addresses.
That would be nifty.
> WPA-PSK would still be handled by the AP. Those two are separate
> functions and no need to have them conflict. WPA-PSK(2) is a security
> protocol on 802.11 level. DHCP is independent.
Okay, so the problems Elwing mentions are actually moot? A scanner or
sniffer doesn't get an 802.11 connection, because it has no WPA key, and
so it's unable to scan or sniff my Ethernet packets? (I'm mostly a
layer-3-and-higher guy.)
As it turns out, the string "bridg" doesn't occur anywhere in my WAP's
manual, so I suspect it doesn't support bridged mode. But *if* bridging
with WPA-PSK will stop scanners or sniffers, then it sounds like it'd
solve my problem, and I'd see if I can just buy a new WAP.
--Kai MacTane
----------------------------------------------------------------------
"I'm terrified, intoxicated, starry-eyed and bollock naked,
Child-bearing, adult-rated, and thoroughly re-educated..."
--Carter USM,
"Re-Educating Rita"
More information about the Techtalk
mailing list