Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Linux Firewall as Wireless Access Point



I currently have a home / office TCP/IP network with an 8-port switch 
at the center.  One port connects to my firewall -- an old Dell machine 
running Slackware with iptables.  The second NIC on that machine goes 
to the cable modem.

I have been contemplating adding wireless to the network.  I was 
looking at wireless access points the other day -- they seem to be more 
expensive than the wireless broadband routers!  Then I realized maybe I 
could just use the firewall as the WAP, by adding a third (wireless) 
NIC on the firewall and constructing the iptables rules properly.

Is a commercial WAP or wireless router offering something that I would 
need and could not get with this setup?  I see that iptables can do MAC 
filtering, and I think I could get the needed encryption just by making 
the appropriate WEP settings.  If that's right, all I have to do is see 
if the firewall location (in the basement) is workable for signal 
pickup throughout the house.

Anyone see a problem with this?  Anybody done it?  Are there Linux 
drivers for most (or at least some) wireless NICs that will allow me to 
set the keys etc.?

Also, are there security concerns with this approach that don't exist 
if the WAP  is a separate device on its own port off the switch?  I can 
see the topology is different but I'm not sure if there's any logical 
difference security-wise -- it seems like the presence (or absence) of 
the switch between the firewall and the wireless device really 
shouldn't matter.  On the other hand I'd have to route inbound traffic 
on the wireless NIC back out to the internal network, and vice versa, 
which is a new set of rules and a new function for the firewall, so one 
can't assume it's free of vulnerabilities.

Thanks for any tips,

--
Tom







BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org