Wireless/ Wired Mixed Networking (2networks)

wingcom · 02-17-2005, 02:13 AM

Hi,

I just bought a wireless ADSL-Router (DSL-G604T). Untill now i was quite happy using wires but since i am moving and will have more floors i am placing 1 box upstairs and dont want to be bother with cables...

Now, i've read many things about wireless communication and it seems not to be to secure. Above that i like my mandrake box as an acting firewall/ router and dns server. Since i can see many things in the logs i control pretty much everything.

I've been searching alot to keep my data as secure as possible and let my mandrake as it is. The thing i did, is, i created 2 networks (192.168.1.* and 10.0.1.*) One network for the D-Link which broadcasts 10.0.1.* and only holds wireless connections (currently 1 pc) and 1 pc on cable --> my mandrake box. The mandrake box has 2 network cards (one for the router and another on a hub (with laptop and xbox). The network card to the router (eth1) is treated as "the internet".

This works... BUT, i am having trouble with my DNS settings, i keep on losing them... BOTH (eth0 and eth1) are overwritten with dns ip 10.0.1.1 and i am not able to browse a page in mozilla with the hostname UNTILL i ping it because pinging DOES work.

What i really want to know is: is this a good setup? Are there better solutions (keeping my mandrake router/firewall functionality)? Any suggestions? i just dont want stuff like the xbox or my laptop(work) to be "in the air" and accesible to evil neigbours

Any suggestions/ comments are very welcome. Also if someone how this dns problem could be caused... i am all ears...

thanx!

wingcom

wingcom · 03-05-2005, 05:21 AM

I've tested some more and read the shorewall documentation.

I now bridged the two network cards so there is only one ip for both cards (layer 2 bridge) . my wireless router = the net, my linux = firewall and the hub connected to my linux = local area network. When somebody steals my wireless password, they will still have to go through the firewall on the bridge. My linux is still providing dhcp and dns. To configure it i couldnt use wizard since they cannot handle the bridge.

Thought i should share this info.

Anyway, normally a bridge lets through broadcast messages but for some reason shorewall is blocking one:

Code:

Mar  5 12:00:49 ENTERPRISE kernel: Shorewall:INPUT:REJECT:IN=br0 OUT= MAC= SRC=192.168.1.2 DST=192.168.1.255 LEN=144 TOS=0x00 PREC=0x00 TTL=64 ID=146 DF PROTO=UDP SPT=631 DPT=631 LEN=124

Anyone got an idea on what rule i should set to de-block this? I already got this:

Code:

ACCEPT	fw	loc	tcp	631	-
ACCEPT	fw	loc	udp	631	-
ACCEPT	loc	fw	tcp	631	-
ACCEPT	loc	fw	udp	631	-

and this:

Code:

ACCEPT	net	fw	tcp	631	-
ACCEPT	net	fw	udp	631	-

with:

net = br0:eth1
loc = br0:eth0

Shorewall does not show up a chain like all2all or something and also its a broadcast --> Destination:192.168.1.255. I dont know how to set this in shorewall... any clues?

thanx
wiNGCom