[NTLUG:Discuss] Re: A Voice in the Wilderness

Bryan J. Smith b.j.smith at ieee.org
Tue Aug 31 08:40:35 CDT 2004 

On Tue, 2004-08-31 at 08:59, Fred Hensley wrote:
> All is installed and appears to be working well until I purchased the
> dreaded Linksys WRT54G wireless router and attempted to integrate it
> into my configuration. 

The WRT54G is another NAT device.  You don't want to be introducing a
2nd NAT device into your network (your first one is IPCop).  You're
going to have ARP and route table issues.

You want to get a _pure_ "access point" instead.

> Over the past several months I've repeatedly tried to get this connection 
> working, but to no avail, and am now officially out of time...

Are you replacing the IPCop box with the WRT54G?  Considering the
advances coming IPCop 1.4 (currently RC2), like an official "BLUE" zone
for segmenting the LAN (like wireless), you might want to stick with it.

> The three important things I need to do are as follows:  
> 1.  IPCOP - Walkthrough the current configuration and security settings
> of the installation to ensure that it is properly configured.  Enable
> VPN and SSH access, as well as the Dynamic DNS support.

With IPCop 1.3, you can use the "ORANGE" zone (normally a DMZ) as a
"poor man's BLUE" for segmenting the WLAN (since 1.3 doesn't have a
BLUE).

> 2.  Integrate the Wireless router.  Oddly enough, I am attempting to
> integrate this on the "green" port of the IPCOP so as to ensure that my
> wireless notebook PC is protected by the firewall.

Unfortunately that means it is on your LAN.  Under IPCop 1.3, I used the
"ORANGE" zone as a "poor man's BLUE."  I'm now running IPCop 1.4 beta 8
and I'm using the true BLUE zone.

> To that end, I am using MAC Address security, WEP (or better), and
> disabling transmission of the SSID to limit visibility to the outside
> world.

That's smart, _but_ disabling the transmission of the SSID tends to
break a lot of WLAN cards I've found.  Same deal with some
implementations of WEP.  So you might end up needing a new WLAN card for
some of your systems.  All my Dell notebooks have issues, until I put a
"pure" Intersil PRISM 2.x card in them (proving once and for all it was
the Dell WLAN cards to my client).

> 3.  Configure the relevant portions of PHP4/Apache/MySQL with fudforum
> so that it is initially up-and-going and externally addressable via the
> "orange" IPCOP port.

So you have a system that you are going to put in the DMZ?  That other
box?

> All the necessary hardware is ready to go, although I may need to
> upgrade the router firmware to fix a dynamic dns issue.  

?  Where is IPCop in all this  ?
What is your WRT54G set up for DDNS?

> A sharp person could probably navigate me through this in 2-3 hours, and
> for which I would gladly buy them lunch and/or pay some appropriate fee.
> If a housecall were in order, I'm located in Richardson within a few
> blocks of UTD campus.
> Meanwhile I'm going to patch a couple of pieces of drywall in my study
> which now bear a curious resemblance to my forehead. (just kidding)


-- 
Compatibility and update matrix of Red Hat(R) distributions:  
http://www.vaporwarelabs.com/files/temp/RH-Distribution-FAQ-3.html 
http://www.vaporwarelabs.com/files/temp/RH-Distribution-FAQ-4.html 
------------------------------------------------------------------ 
Bryan J. Smith                                  b.j.smith at ieee.org

More information about the Discuss mailing list