Wireless - Help me "secure" it

[MoFunk]

Brief run down on the set up. DSL Modem ------> Red interface on smoothwall pc. 3 PC lan on green interface and 1 webserver in orange. See it here http://thewoodfamily.us/lan/lan.htm. So I am trying to get the wireless access point (dsl router) to live on the orange to protect my green lan, but that is not working so I need some advice. I will need to place this AP on the green network but want to lock it down as best I can. Here is what I came up with......

All the pc's in my house have a static ip, the wireless nodes will get an ip from the smoothwall dhcp with a range of 192.168.0.100-105. I can then put on software firewall's to the pc's on my lan and set it to only allow traffic from the 192.168.0.1-3 range. This would basically lock out the 100-105 nodes. Is this the best I can hope for? Is there another way I can do this? I only want the wireless nodes to have web access and that is it! No file sharing at all. I was hoping the get this to where the wireless systems would not even be able to see the other systems on the lan.

Any advice or tips are very welcomed! Thanks in advance.

 

[JackMDS]

Re-edit your link. You need to get rid of the dot at the end.

 

[soni]

Why cant you place the AP to live on the orange interface (O), do you need an extra hub?

You should be able to place the AP on the O and let Smootwall (S) give dyn. IP to that range , but you will need a hub/switch or some way to place the AP and the Web Server (WS) on the same nic in S.

I dont know S, but any decent FireWall/DNS should be able to differenciate between multiple nics, and give dyn. IP based on their position.

Then you setup all the wireless nodes to have no access though S except port 80 out of the network.
They will be able to spot the WS but I guess that will be aceptable. Otherwise an extra firewall on WS will be in order.

If possible, remember to setup wireless security (WEP/WPA) and filter MAC addresses. (Like Confused said in DC)

 

[MoFunk]

Originally posted by: soni
Why cant you place the AP to live on the orange interface (O), do you need an extra hub?

You should be able to place the AP on the O and let Smootwall (S) give dyn. IP to that range , but you will need a hub/switch or some way to place the AP and the Web Server (WS) on the same nic in S.

I dont know S, but any decent FireWall/DNS should be able to differenciate between multiple nics, and give dyn. IP based on their position.

Then you setup all the wireless nodes to have no access though S except port 80 out of the network.
They will be able to spot the WS but I guess that will be aceptable. Otherwise an extra firewall on WS will be in order.

If possible, remember to setup wireless security (WEP/WPA) and filter MAC addresses. (Like Confused said in DC)

I have a netgear DSL router there. It is passing the WS through fine. I think that the issue that I am having is the fact it is a DSL router ( I may be wrong). The orange of the SW does not do DNS or DHCP so I have to set up the gateway of the WS as 10.10.10.10 (this is the ip of the orange) and then tell it the dns of SBC. I then go to the DSL router and gave it the ip of 10.10.10.1 and set up the dhcp and the dns but what happens is the router gives the wireless nodes the correct ip range but then wants to use 10.10.10.1 as the GW and I get no web. I am kinda lost at this point so figured that I could just use the dsl router as an access point and bypass all the dhcp that it hands out. I kinda wished that the SW would do dns and dhcp on the orange but I guess that is not the purpose of their design.

 

[Coolkid]

Ask on the Smoothwall forums, they should be able to help you out

 

[MoFunk]

I did, so far they are saying that everything looks good and that's about as far as I have got with that. Hmmm.....

 

[soni]

Have your tried to give the DSL an Ip of 10.10.10.x (where x is NOT 1) , so you can use 10.10.10.1 as your gateway anyway ?

 

[MoFunk]

Got it worked out.....I needed a hub between the SW and the NG. So the orange of the SW goes to the hub, then from the hub I plug in the WS and the netgear, but I have to plug into the internet port of the netgear. I have a diagram here Link

 

[dmcowen674]

Originally posted by: MoFunk
Got it worked out.....I needed a hub between the SW and the NG. So the orange of the SW goes to the hub, then from the hub I plug in the WS and the netgear, but I have to plug into the internet port of the netgear. I have a diagram here Link

I would use a Switch (like a cheap $20 5 port D-link DSS 5+ unit) though not a Hub so you don't get collisions between your Web server and PDA/Laptop wireless traffic.

 

[MoFunk]

Dave, great minds must think alike. Just ordered one from new egg. $20 shipped for a 5 port linkskey http://www.newegg.com/app/ViewProduct.asp?submit=manufactory&catalog=30&manufactory=1331&DEPA=5&sortby=14&order=1

Only used the hub because that is all I had at the moment.