[MLB-WIRELESS] Wireless connection of 2 wired networks

[Michael Craig]

Bridging???? Why?

Bandwidth will still be an issue, even using a bridge, and yes all bridge
devices filter by MAC address, hence the name bridge and not repeater. All
Broadcasts will still traverse the link, and eat up bandwidth depending on
the applications running on the network.

If you are running private subnets, which you most likely are (eg, 10.x.x.x,
192.168.x.x, 172.???.x.x). Why not set up a linux box, setup freeswan for a
IPSEC tunnel and shorewall for firewall. Then the data between the 2 subnets
will traverse the wireless link in a IPSEC tunnel (the standard vpn
standard, and in my mind the best!).

Then if you want roaming clients later on, just run ssh sentinal or similar
on them to run over an IPSEC tunnel as well.

If you really want to get tricky and have a fixed public IP on the internet,
set a linux box with 2 eth interfaces (1 for internal, 1 for internet, and 1
for wireless) as a firewall for both wireless and internet, and have secure
remote access and secure WLAN access for just a little extra work!

The only reason I can see for running bridging is to use some hard to/un
routable protocol (NetBUEI? or how ever you spell it). These
protocols...correct me if im wrong, cant passthrough a vpn tunnel without
major issues.

If you only want the bridge for Appletalk/IPX (read routable but not
TCP/IP), set up a GRE tunnel and pass that over the wireless link via IPSEC
transport mode.

Any questions, send me an email

Cheers

-----Original Message-----
From: owner-melbwireless at wireless.org.au
[mailto:owner-melbwireless at wireless.org.au]On Behalf Of Allan Nelson
Sent: Thursday, 16 October 2003 8:35 AM
To: melbwireless at wireless.org.au
Subject: Re: [MLB-WIRELESS] Wireless connection of 2 wired networks


Thanks all for the advice and links.

I found this site
http://bridge.sourceforge.net/
and from there have found all the information i need.

I had thought about setting them both up as routers, but this is much
eaiser for what i want it to do. It is only a testing type link. If it
works well and does what we need then there will be things changed to
make it more secure, and i will be looking at using the OpenVPN that
Jason Hecker pointed out to me.

Thanks again, and i hope that this has been useful to more than just me
:) There is a lot of good ideas.

Allan





_________________________
Oxley College
Network Administrator



To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message



To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message