The Wandering Dru wrote: > My mom is looking to go the wireless route in the near future for her > laptop. I know a lot of you that use wireless put the AP on the DMZ of > your firewall. > > My question is this, do you pinhole the firewall to allow certain > services(ie, filesharing, printing, etc.) back into the LAN or do you > just limit the AP to internet access? Or is there some other fancy way > to allow these services that I'm not aware of? I'm mostly just looking > for a security/convenience trade-off comparison. I recently setup a wireless segment. I'd definitely recommend getting just a wireless AP and stay away from the all-in-one switch/router/wireless/firewall etc. boxes. You'll have more flexibility with a "real" firewall (eg, UNIX box of some flavor). A cheap 486 with 3 nics is plenty for a home network. If you don't want the hastle of building your one firewall ruleset, something like IPCOP is an option. There's a discussion forum on dslreports.com that talks about wireless AP's which I found pretty useful. I bought a Netgear FM114P which I thought would be sufficient to replace my aging (but stable) ipchains firewall and provide wireless. It worked but just didn't have the flexibility of the Linux firewall. Not to mention it was dropping established connections on occassion and other strangeness. So I went back to a UNIX based firewall and put the Netgear in a DMZ. So long as you let the Netgear get it's "WAN" address via DHCP everything works great. I live in an old house (eg, plaster walls) and the Netgear's signal is great everywhere, which is impressive considering the Netgear lives under my basement steps. As far as access to the inside, I believe IPsec/VPN is the way to go but haven't got that working yet. SSH only for the time being. When I need to print I just jack into the inside network, althought the Netgear does have a parallel port. I'm just too lazy to move a printer over there. -- scot _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list