LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-22-2006, 05:55 AM   #1
marcusshirley
Member
 
Registered: Jan 2006
Distribution: openSUSE 10
Posts: 48

Rep: Reputation: 15
Is this routing plan secure?


Hi,

Could anyone please check my routing plan? I'm fairly inexperienced in public network security and would like some help.

I am soon to move into a house share with several other flatmates. We will have cable internet (NTL) at 4mbs. I would like to set up a community wireless network so that I can share the internet connection freely over 802.11b (using NoCatAuth, a wirelessB Router and a homemade omni antenna).

This is my routing plan:
http://i9.photobucket.com/albums/a83.../viewphoto.jpg

Will this be secure?
* Will my computers be safely secure from community wireless users?
* Will my housemates' computers be safe too?
* Will my computers be safely secure from my housemates' computers?

Is there, in fact, a better way of routing this setup?

Also, is there a way of limiting the bandwidth available to the wireless community users to stop my housemates getting p*ssed off?!

Could anyone please help me? Any advice would be much appreciated.

Thanks in advance,

Marcus

Last edited by marcusshirley; 08-22-2006 at 06:13 AM.
 
Old 08-23-2006, 05:07 PM   #2
gintaras46
LQ Newbie
 
Registered: Dec 2005
Posts: 7

Rep: Reputation: 0
I've reviewed your photo: sound good. Maybe too much firewall routers, but thats ok, if you can figure all them out. Just enable on the wireless router a DHCP with MAC authorisation (if it is not public router) and with strong WEP/WPA key. DHCP should give addresses different from your local LAN (e.g. if your LAN is 192.168.0.0, then wireless should be something as 192.168.1.0. that will prevent users to connect to your LAN, because they are on a different LAN.).

The same is for your housmates. Simply enable DHCP with a different address group. In summary, you will have three networks, separated by routers (gateways). Don't forget MAC and WEP/WPA.

Good luck

Last edited by gintaras46; 08-23-2006 at 05:08 PM.
 
Old 08-24-2006, 03:45 PM   #3
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
I think you will be protected from your house mates but that's about it. Somebody that has a wireless connect could reach your computer and they could reach your housemates.

Why do I say this? Well let's say (according to your pic) that the 1st floor is 192.168.0.0/24, the second floor is 192.168.1.0/24 and the wireless is 192.168.2.0/24.

Now for this to work your wireless AP will need an IP address from the 1st floor. Let's say 192.168.1.4. All the wireless clients will have .2.x address. When they go out to the internet their address will be translated from a .2.x address to .1.4 . At that point they are on your network. If they are requesting something on your network then they have access. If they are requesting something on the internet, then they go right on to the next router.

Same situation for you house mates...... You'll have full access to your housemates as well. You are protected from them however. I've never used the linksys you have but I'm willing to be they cannot be configured to protect against something like that.

How to fix it:
1. You be apart of you house mates network. You config would be
Code:
cable modem 
 |
 \/
  Router01 
 |       |
\/       \/
Router2  Router3
you and your mates will all be on Router2 and the wireless will be router3
2. Buy additional router and use confi above and stick router4 along with 2 and 3. You will be '2', your mates will be '3', and wireless will be '4'.

3. Dumpster dive for old computer, get somemore nics and put linux on it and make it your primary router. You could probably use this method to institute some sort of bandwidth regulation as well.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
VSFTPD with secure & non-secure logins Ricci Graham Linux - Software 6 02-25-2020 12:49 AM
how can I secure my nis server ?can I use openSSL to secure it form sniffing ? abhi_raj Linux - Networking 1 07-10-2006 07:19 AM
LXer: University of Michigan Selects SSH Tectia for Secure System Administration and Secure File Transfers LXer Syndicated Linux News 0 04-25-2006 01:54 AM
Plan 9 section7 Other *NIX 7 04-16-2006 12:17 AM
Secure email (SSL vs. secure authentication) jrdioko Linux - Newbie 2 11-28-2004 02:39 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:40 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration