Mike Bresnahan wrote: > I'm not sure why you would want to put the AP in the DMZ of your firewall. > Mine is behind the firewall. To be perfectly accurate, my AP and firewall > are in the same unit (Linksys firewall/AP/switch), but all wireless (and > non-wireless) clients are behind the firewall. This still allows me to put > one machine in the DMZ if needed (e.g. playing some networked games). Is > this setup not possible with stand-alone APs? you might have a look at the IP addresses of boxes on your inside, wireless and that "DMZ" port. My bet is that they're all on the same network, eg 192.168.0.x if your Linksys is handing out IP's via DHCP. DMZ ports on these all-in-one boxes just mean everything is open to that port. If the box you plug into the DMZ port gets hacked, they now have access to your other machines if they're on the same network. Some of these all-in-one wonders have a nice feature to enable/disable bridging the wireless network to the inside network (sometimes call LAN). This is handy if you don't want to allow access to the other "inside" machines from the wireless clients. Technically, my wireless AP is also behind the firewall. The IP segment it is on (the DMZ network) is protected by the firewall. The advantage here is that the IP space is completely different between the DMZ and inside networks, and the firewall controls who has access to what. If I put a box in the DMZ and it gets hacked, the attacker only has access to other boxes in my DMZ, and does not have access to my inside network (unless they attack any pinholes I have open from DMZ to inside). -- scot _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list