Howto separate wireless traffic - Slackware

This is a discussion on Howto separate wireless traffic - Slackware ; Hi, I've configured a Slackware 12.1 box with 2 nics. Eth0 connects to the ADSL modem, Eth1 connects to a LAN and provides DHCP and filesharing with Samba. I've build a firewall script using the tool provided here: http://www.slackware.com/~alien/efg/ for ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Howto separate wireless traffic

  1. Howto separate wireless traffic

    Hi,

    I've configured a Slackware 12.1 box with 2 nics. Eth0 connects to the
    ADSL modem, Eth1 connects to a LAN and provides DHCP and filesharing
    with Samba. I've build a firewall script using the tool provided here:
    http://www.slackware.com/~alien/efg/
    for allowing internet traffic.

    'Works like a charm. Recently I've added a wireless router to act as
    an Access Point. I point the router to 192.168.2.1 (eth1) and get a
    wireless connection, including access to the samba shares. Of course
    they require a password to get in but is there a way to just grant
    internet access and nothing else to the wireless connections?

    How do I separate that kind of traffic? Third NIC? Some clever
    iptables rules?

    Any help much appreciated.


  2. Re: Howto separate wireless traffic

    jeugdvakantiewerkgoirle@gmail.com wrote:

    >Hi,
    >
    >I've configured a Slackware 12.1 box with 2 nics. Eth0 connects to the
    >ADSL modem, Eth1 connects to a LAN and provides DHCP and filesharing
    >with Samba. I've build a firewall script using the tool provided here:
    >http://www.slackware.com/~alien/efg/
    >for allowing internet traffic.
    >
    >'Works like a charm. Recently I've added a wireless router to act as
    >an Access Point. I point the router to 192.168.2.1 (eth1) and get a
    >wireless connection, including access to the samba shares. Of course
    >they require a password to get in but is there a way to just grant
    >internet access and nothing else to the wireless connections?
    >
    >How do I separate that kind of traffic? Third NIC? Some clever
    >iptables rules?
    >
    >Any help much appreciated.


    I have a similar system running under Debian. I have built it up
    slowly as I wanted services.

    The way I handle this is to:
    - The wireless router is only an AP, no DHCP, etc.
    - I set up my own DHCP service on my server/gateway machine.
    - I set up static and dynamic IP addresses based on MAC address.
    - Any DHCP request from an unknow MAC address is assigned an IP
    address from the pool which is filtered via iptables rules.
    - Any known MAC addresses are assigned "static" IP addresses and are
    given specific access based on the IP address.

    This is a small family network that has no more than 10 computers on
    it at any one time. My intent is to filter internet access BUT allow
    intranet access to my shared printer and "Kids Common Drive".

    This is not exacly what you wanted BUT it is my approach. Hopefully
    it gives you some ideas.

    --
    -------------------------------------------------
    http://www3.sympatico.ca/dmitton
    SPAM Reduction: Remove ".invalid" from my domain.
    -------------------------------------------------

  3. Re: Howto separate wireless traffic

    On 2008-06-17, jeugdvakantiewerkgoirle@gmail.com wrote:
    > Hi,
    >
    > I've configured a Slackware 12.1 box with 2 nics. Eth0 connects to the
    > ADSL modem, Eth1 connects to a LAN and provides DHCP and filesharing
    > with Samba. I've build a firewall script using the tool provided here:
    > http://www.slackware.com/~alien/efg/
    > for allowing internet traffic.
    >
    > 'Works like a charm. Recently I've added a wireless router to act as
    > an Access Point. I point the router to 192.168.2.1 (eth1) and get a
    > wireless connection, including access to the samba shares. Of course
    > they require a password to get in but is there a way to just grant
    > internet access and nothing else to the wireless connections?
    >
    > How do I separate that kind of traffic? Third NIC? Some clever
    > iptables rules?


    Both will be the most effective.

    Plug the router into a third nic, and then use iptables to prevent
    packets traversing from the wireless interface to the others
    (except the packets you *want*, which will probably be only those
    in ESTABLISHED or RELATED state).

    -RW

+ Reply to Thread