I am in the process of setting up a wireless portion of my network just to get some experience working with wireless equipment, ok and because it is cool too.

As a security measure I am thinking of putting the wireless portion of my network on a different subnet than the wired. This way if someone is able to break through my WEP and MAC filtering, and guess my non broadcast SSID I will have another layer of protection. Currently the only wireless PC on my network is my Slackware laptop.

Now what I am wondering is if I do seperate my network this way, and am using DHCP on both interfaces, will I be able to have them both running at the same time? In other words, if I want to access my LAN form the laptop and I plug a CAT 5 cable into it, will I be able to access the LAN? Would Slackware direct the request to the proper interface by using the subnet? Or would it just get confused by being directlky connected to two different subnets at the same time?

It's all going to depend on the ip addresses. If the wired portion uses the 192.168.x.x then make the wireless part 164.106.x.x. Or if the wired uses a netmask 255.255.255.0, make the wireless part something different like 255.255.0.0. Or both.

I've got a similar sort of setup - I've got a wireless and a wired network. What I do is to have them on two separate networks:

Wired: 10.255.254.0, subnet mask 255.255.255.0
Wireless: 10.255.255.0, subnet mask 255.255.255.0

My linux machine has both a wireless card and a wired card and this machine is configured to route between these two networks, and also provide DHCP and DNS for both of them and it works fine.

I don't see any reason why Slackware would have a problem being connected to two separate networks at the same time - as long as they are distinct subnets. If you connect two different network media (e.g. wireless & wired) that share a subnet (or part of a subnet) you'll get error messages in /var/log/messages and all may not be well with the world.

If your gear supports it, go with WPA.

Your SSID is not hidden. It is still broadcast in response to client probes. You've simply turned off beaconing. No one will need to guess your SSID.

The MAC address of your laptop is sent in the clear all day long. MAC addys are never encrypted, are easily sniffed and spoofed.

In other words, WEP is the only real protection you have in place and it's vulnerabilities are well-documented as I'm sure you know.

ComputerErik, great minds think alike

Just these past few days, I have been thinking about doing the exact same thing and so I've been doing some research on how to set this up. I have a wireless network that might have 2-3 laptops on it at any given time and 2-3 wired clients. It looks like the most secure way is to create a DMZ in which you place your wireless network and any publicly-accessible servers, like apache or ftp. Then you put your wired network behind a firewall with a different subnet.

I'm thinkng about finding/buying a cheap PII box on which to create a Linux firewall. You need to have 3 networks card to do this right, one facing the outside, one facing your DMZ, and one facing your wired network. There are distros that specialize in this, like smoothwall and clarkconnect and ipcop, but I'm going to use Slack, of course.

If you end up working on this, please post back -- I'll be very curious to see how things go.

I am already running a Smoothwall box, so I would probably just run the Blue interface mod, and do that. I was just wondering how it would work out if I have both up and running at the same time. Ideally I would just keep the wirelss card in and plug into my LAN when I needed to access local resources or transfer files.

On the issue of WPA, has anyone tried it out with ndiswrapper? I got my wireless working without to much problem by installing the Windows driver and using ndiswrapper, but had some initial problems running the scripts to get it to come up automatically on boot. If anybody has already done the WPA mod to it and got it running some pointers would be appreciated.

I really haven't quit decided on what I really want. I like the idea of being totally wireless and being able to access my network from my laptop without needing to plug in a network cable. On the other hand is security. I have no huge fear of someone hacking into my network, I really don't have much of any value available even if someone were to gain access. Basically all that would be visible is my server, and even that you need a password to gain access to. Also I doubt that there is anyone really trying to break into my wireless network. I see two other totally open networks when I scan, so those would be much easier targets. So baiscally I need to sit down and decide which is more valuable to me. I will probably just go ahead and to the blue interface mod for the Smoothwall and try it out.

Ah, well, you are far ahead of me.

I do have WPA working with ndiswrapper just fine. I was also finally able to get it working even when I turned off my essid broadcast -- let me know if you need help with that.