Q: Short run down on the set-up. DSL Modem —— Red u003e interface on Smoothwall pc. 3 PC LAN interface on green and orange in a web server. Here is the http://thewoodfamily.us/lan/lan.htm. (Http: / / thewoodfamily.us / lan / lan.htm) So I try the wireless access (DSL router to get) to live in the orange to my green network to protect, but that does not work so I need some advice. AP I must place on the green network, but want to lock as well as I can. Here is what I came up with .
All the PCs in my house have a static ip, the wireless nodes will get a ip from the dhcp Smoothwall with a range of 192.168.0.100-105. I can then software firewall on the PCs on my network and set it to only allow traffic from the 192.168.0.1-3 range. This would basically lock out of the nodes 100-105. Is this the best I can hope for? Is there another way I can do this? I just want the wireless nodes access the web and thats it! No file sharing at all. I hoped that we where the wireless system would not even be able to see other systems on the LAN.
Any advice or tips are very welcome! Thanks in Advance.
Best Answer: Depending on which router you have it may be different this is for a linksys router
Note: 192.168.1.1 is the usual router's LAN IP.
1. Log on the router's setup page. (Enter 192.168.1.1)1.
Right Click the "Network Connection" icon found in the taskbar.
2. Select "STATUS".
3. Go to "SUPPORT" tab.
4. Check the computer's "DEFAULT GATEWAY".
5. Use any internet browser and type the default gateway.
6. A new window will pop-up to the screen asking for uysername and password.
7. In router's setup page, "username" is always blank. If you have set the password, type the password. The default password for linksys setup page is "admin".
2. Go to "WIRELESS" tab. Then go to "WIRELESS SECURITY" sub tab.
3. For the "SECURITY MODE" choose "WEP".
4. For "DEFAULT TRANSMIT KEY", default is always 1. This is use if you will provide keys on "KEY 1, KEY 2, KEY 3, KEY 4". If you want to use the password you have type in "KEY 2", then choose option 2 as your "DEFAULT TRANSMIT KEY". But if you just have one password and it is on "KEY 1", then just set it to option 1.
5. For "WEP ENCRYPTION", you can select 64-bits or 128-bits hex digits. If you select 64-bits, you can have 10 HEX digits password. If you select 128-bits then you have to think of 26 HEX digits that will serve as your password. When we say HEX digits that means the letters allowed are from A-F only and all the numbers are allowed. You can combine A-F letter with your desired numbers. It's up to you whether you will have the combination of them or you'll just have all numbers or all A-F letters.
6. For "PASSPHRASE" area, you can type your own password and click generate button and the system will generate keys for you. For example you type your name on "PASSPHRASE" area after you click generate button, the generated keys will be seen on "KEY 1, KEY 2, KEY 3, KEY 4" areas.
7. If you don't like the system to generate keys for you, and you want to create your own password so that you can easily remember it, just type your password on "KEY 1" area. Remember, if you have selected 64-bits in the "WEP ENCRYPTION" area, then you'll just have 10 HEX digits password. If 128-bits are chosen, you'll have to think of 26 HEX digits password. Remember the key because if you forgot the key you will not be able to access the router's set-up page unless you reset the router.
8. Click "Save Settings".
Using WPA as a Security Mode
WPA (Wi-Fi Protected Access) is an improved security type. It is stronger than WEP encryption type. There are two (2) type of WPA : PSK and PSK2. PSK is just the same with WPA and PSK2 is just the same as WPA2.This gives you an option to choose either TKIP or AES. TKIP (Temporal Key Integrity Protocol) incorporates with MIC (Message Integrity Code) that provides great protection against hackers. AES (Advanced Encryption System) which utilizes a symmetric 128-Bit block data encryption. Now let's try to set-up wireless security using WPA security mode. The main difference between WEP and WPA security mode is that here in WPA you can choose letters from A-Z unlike WEP which you can only have A-F letters.
1. Log on the router's setup page.
2. Go to "WIRELESS" tab. Then go to "WIRELESS SECURITY" sub tab.
3. For the "SECURITY MODE" choose "WPA".
4. For "WPA ALGORITHMS" , choose between "TKIP or AES".
5. For "WPA SHARED KEY", enter your desired key. This will be your network key whenever you connect to your wireless network. Remember that it should be unique.
6. Just leave "GROUP RENEWAL KEY" for 3600 seconds.
7. Click "Save Settings".
NOTE: You can try this wireless security on any LINKSYS wireless router like, WRT54G,WRT54GC,WRT54G3G, WRT54GL,WRT54GS,WRT54GX,WRT54GX2,WRT54GX… and others.
NOTE: There is another way to secure your LINKSYS router. This is by using Wireless MAC Filtering.
NOTE: Setting-up wireless security on a LINKSYS router is just the same with setting-up wireless security on LINKSYS gateways
Re:Dave, great minds must think alike. Just ordered one from new egg. $20 shipped for a 5 port linkskey http://www.newegg.com/app/ViewProduct.asp?submit=manufactory&catalog=30&manufactory=1331&DEPA=5&sortby=14&order=1
Only used the hub because that is all I had at the moment. 
Re:Originally posted by: guy
Got it worked out…..I needed a hub between the SW and the NG. So the orange of the SW goes to the hub, then from the hub I plug in the WS and the netgear, but I have to plug into the internet port of the netgear. I have a diagram here Link (http://thewoodfamily.us/lan/lan.htm)
I would use a Switch (like a cheap $20 5 port D-link DSS 5+ unit) though not a Hub so you don't get collisions between your Web server and PDA/Laptop wireless traffic.
Re:Got it worked out…..I needed a hub between the SW and the NG. So the orange of the SW goes to the hub, then from the hub I plug in the WS and the netgear, but I have to plug into the internet port of the netgear. I have a diagram here Link (http://thewoodfamily.us/lan/lan.htm)
Re:Have your tried to give the DSL an Ip of 10.10.10.x (where x is NOT 1) , so you can use 10.10.10.1 as your gateway anyway ?
Re:I did, so far they are saying that everything looks good and that's about as far as I have got with that. Hmmm…..
Re:Ask on the Smoothwall forums, they should be able to help you out
Re:Originally posted by: guy
Why cant you place the AP to live on the orange interface (O), do you need an extra hub?
You should be able to place the AP on the O and let Smootwall (S) give dyn. IP to that range , but you will need a hub/switch or some way to place the AP and the Web Server (WS) on the same nic in S.
I dont know S, but any decent FireWall/DNS should be able to differenciate between multiple nics, and give dyn. IP based on their position.
Then you setup all the wireless nodes to have no access though S except port 80 out of the network.
They will be able to spot the WS but I guess that will be aceptable. Otherwise an extra firewall on WS will be in order.
If possible, remember to setup wireless security (WEP/WPA) and filter MAC addresses. (Like Confused said in DC)
I have a netgear DSL router there. It is passing the WS through fine. I think that the issue that I am having is the fact it is a DSL router ( I may be wrong). The orange of the SW does not do DNS or DHCP so I have to set up the gateway of the WS as 10.10.10.10 (this is the ip of the orange) and then tell it the dns of SBC. I then go to the DSL router and gave it the ip of 10.10.10.1 and set up the dhcp and the dns but what happens is the router gives the wireless nodes the correct ip range but then wants to use 10.10.10.1 as the GW and I get no web. I am kinda lost at this point so figured that I could just use the dsl router as an access point and bypass all the dhcp that it hands out. I kinda wished that the SW would do dns and dhcp on the orange but I guess that is not the purpose of their design.
Re:Why cant you place the AP to live on the orange interface (O), do you need an extra hub?
You should be able to place the AP on the O and let Smootwall (S) give dyn. IP to that range , but you will need a hub/switch or some way to place the AP and the Web Server (WS) on the same nic in S.
I dont know S, but any decent FireWall/DNS should be able to differenciate between multiple nics, and give dyn. IP based on their position.
Then you setup all the wireless nodes to have no access though S except port 80 out of the network.
They will be able to spot the WS but I guess that will be aceptable. Otherwise an extra firewall on WS will be in order.
If possible, remember to setup wireless security (WEP/WPA) and filter MAC addresses. (Like Confused said in DC)
Re:Re-edit your link. You need to get rid of the dot at the end.
0 Comments.