[MLB-WIRELESS] Wireless networking question

[Chris Samuel]

On Tue, Mar 11, 2003 at 10:52:25PM +1100, Joe Hovel wrote:

> I hope someone can answer a technical query for me:
> With an access point connected to a home network switch, I find that
> _all_ traffic for any of my PCs (even the little printserver) is passed
> through the access point. I noticed this because the Dlink
> configuration/monitoring software shows continuously increasing packet
> numbers, irrespective of where traffic is intended. 

Two points here - one from the security point of view and one
from the general network configuration point of view:

1) security -	I would strongly suggest that you place a firewall
		between your internal network and the AP!  These do
		not have to cost much, especially if you have an old
		PC doing nothing, or can pick one up for next to nothing.
		There are a number of Linux based firewall projects that
		would suit this admirably, including IPCop (www.ipcop.org)
		which gives you a point and click web interface, but only
		uses the 2.2 kernel and ipchains, or the more up-to-date
		Bering (http://leaf.sourceforge.net/devel/jnilo) that uses
		a 2.4 kernel and the Smoothwall (http://www.smoothwall.net)
		iptables front end, but is a text-only configuration.

2) config -	it sounds like your DLink is acting as a hub rather than
		a switch - the difference being that a hub will flood a
		packet received on an interface out onto all others,
		whereas a switch learns who is on what port and then
		only transmits packets to the ports necessary. Of course
		broadcast traffic will flood out to all ports as well.
		So I would also suggest, if your budget stretches to it,
		putting all your internal systems on a switch, including
		your firewall, and plugging the AP into the red/untrusted
		side of the firewall.

Good luck!
Chris

To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message