This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Public internet access

Hi All,

Product: Security Gateway v7

I would like to set up a wireless access point to allow public access to the internet. I do not have another eth port to setup a DMZ. If I implement the following, would it be sufficient or are there extra steps that should be carried out?

Internal Network: 172.17.0.0/16
External Router for public use: 192.168.100.1
External Router does its own DHCP.

Additional Packet Filter Rules:
ALLOW External Router -> (HTTP, DNS etc.) -> Internet
DENY External Router -> Any-> Internal Network

Many Thanks in advance,
Edd

This thread was automatically locked due to age.

Parents

0 BarryG over 15 years ago

You plan to put the wireless router outside the firewall, right?

If this is simply another subnet on your LAN, I don't think this will secure the LAN from the WiFi network.

One problem with that is that you'd be doing Double NAT, which will make it more difficult if you need to allow external traffic into your network.

Your PF rules should specify the NETWORK not the IP; e.g. 192.168.100.0/24

If you don't have another NIC, perhaps could use a VLAN switch, or use one of the Astaro Wireless Access Points.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 15 years ago

You plan to put the wireless router outside the firewall, right?

If this is simply another subnet on your LAN, I don't think this will secure the LAN from the WiFi network.

One problem with that is that you'd be doing Double NAT, which will make it more difficult if you need to allow external traffic into your network.

Your PF rules should specify the NETWORK not the IP; e.g. 192.168.100.0/24

If you don't have another NIC, perhaps could use a VLAN switch, or use one of the Astaro Wireless Access Points.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data