[MLB-WIRELESS] AP and Server Q
Rowan Crowe
rowan at sensation.net.au
Mon Apr 14 18:19:24 EST 2003
On Mon, 14 Apr 2003, Matt Pearce wrote:
> Hi All,
>
> Just a quick question (I hope!!), if I get an AP is it a good idea to
> install another network card in my server and connect the AP to it directly
> for better controling security etc, if so what is a good way to configure
> things software wise on my FreeBSD server ??
Definitely a good idea. I would suggest:
* use ipfw on that interface to protect the server itself, eg
block port 22 (ssh).
* permit only IPs that you know about (ie the range that DHCP assigns, or
you have chosen manually) so that people cannot spoof source IPs.
* use tcpdump to see if there are any IP broadcast 'leaks' that are not
essential to the operation of the WLAN; if so, use ipfw to get rid of
them.
* set up a more general firewall to protect your internal wired network.
your paranoia level will vary according to whether this is for your
private use, or for sharing with others.
Just a few ideas to start with, hope this helps...
Cheers.
--
Rowan Crowe - Melbourne, Australia
www.camrecord.com www.camdiscover.com www.heyasl.com www.sensationbot.com
To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message
More information about the Melbwireless
mailing list