Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 4091 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Public internet access

edwardl.a.u
Hi All,

Product: Security Gateway v7

I would like to set up a wireless access point to allow public access to the internet. I do not have another eth port to setup a DMZ. If I implement the following, would it be sufficient or are there extra steps that should be carried out?

Internal Network: 172.17.0.0/16
External Router for public use: 192.168.100.1 
External Router does its own DHCP.

Additional Packet Filter Rules:
ALLOW External Router ->  (HTTP, DNS etc.) -> Internet
DENY   External Router -> Any-> Internal Network 

Many Thanks in advance,
Edd


This thread was automatically locked due to age.
Parents
  • 0
    Barry's right that they still could gain access because they don't have to transit the Astaro to reach the rest of "Internal (Network)" where the router is.  How can that be avoided?  I haven't tried the following before, but it seems like it should work:

    • WAN IP of router = 172.17.1.252 with netmask = 255.255.255.254
    • Default Gateway for wireless router = 172.17.1.253 = IP of Astaro's "Internal (Address)"

    That is to say, the WAN  interface of the wireless router is configured in such a way that all traffic goes to the default gateway because it's on a subnet that consists of only two IPs - its own and that of the Astaro.

    Cheers - Bob
Reply
  • 0
    Barry's right that they still could gain access because they don't have to transit the Astaro to reach the rest of "Internal (Network)" where the router is.  How can that be avoided?  I haven't tried the following before, but it seems like it should work:

    • WAN IP of router = 172.17.1.252 with netmask = 255.255.255.254
    • Default Gateway for wireless router = 172.17.1.253 = IP of Astaro's "Internal (Address)"

    That is to say, the WAN  interface of the wireless router is configured in such a way that all traffic goes to the default gateway because it's on a subnet that consists of only two IPs - its own and that of the Astaro.

    Cheers - Bob
Children
No Data