Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > ipcop + wifi + strange use of the DMZ?>> help.

Reply
Thread Tools

ipcop + wifi + strange use of the DMZ?>> help.

 
 
asdf
Guest
Posts: n/a
 
      11-25-2003
I have a IPcop fire wall on my current network.

On the red it have ADSL
on the orange I have nothing.
on green I have my normal network.

I am running squid to.

Now, I would like to take out the nic I have in for orange, and put in a DSE
pci wifi card, then set up ipcop to allow me to do a ad-hoc network, on a
separate network (ie, green is 192.168.0.1 and orange is 192.168.99.1). So
this would stop people that got on to my wifi network getting on to my LAN
(on green). But I want to allow the same kind of traffic flow from orange
to red, as is on the green interface so I can surf from my laptop quite
haply!!!

Also is it possible to configure squid to require you to authenticate before
letting traffic through?? (ie to stop people being able to easily connect to
my wifi network and use my bandwidth?)


Thanks Daniel



 
Reply With Quote
 
 
 
 
AD.
Guest
Posts: n/a
 
      11-25-2003
On Wed, 26 Nov 2003 10:43:10 +1300, asdf wrote:

> I have a IPcop fire wall on my current network.
>
> On the red it have ADSL
> on the orange I have nothing.
> on green I have my normal network.
>
> I am running squid to.
>
> Now, I would like to take out the nic I have in for orange, and put in a
> DSE pci wifi card, then set up ipcop to allow me to do a ad-hoc network,
> on a separate network (ie, green is 192.168.0.1 and orange is
> 192.168.99.1). So this would stop people that got on to my wifi network
> getting on to my LAN (on green). But I want to allow the same kind of
> traffic flow from orange to red, as is on the green interface so I can
> surf from my laptop quite haply!!!


That's the way I'd set it up. What about just plugging a WiFi access point
into the orange NIC with a crossover cable? Saves mucking about with WiFi
drivers which can be a mixed bag on Linux currently.

You could even replace the cross over cable with a switch later if you
want a real DMZ

>
> Also is it possible to configure squid to require you to authenticate
> before letting traffic through?? (ie to stop people being able to easily
> connect to my wifi network and use my bandwidth?)


Yes, these days it can even do NTLM stuff.

Cheers
Anton
 
Reply With Quote
 
 
 
 
Andy Lawson
Guest
Posts: n/a
 
      11-26-2003
"asdf" <(E-Mail Removed)> wrote in message
news:R1Qwb.9715$(E-Mail Removed)...
> I have a IPcop fire wall on my current network.
>
> On the red it have ADSL
> on the orange I have nothing.
> on green I have my normal network.
>
> I am running squid to.
>
> Now, I would like to take out the nic I have in for orange, and put in a

DSE
> pci wifi card, then set up ipcop to allow me to do a ad-hoc network, on a
> separate network (ie, green is 192.168.0.1 and orange is 192.168.99.1).

So
> this would stop people that got on to my wifi network getting on to my LAN
> (on green). But I want to allow the same kind of traffic flow from orange
> to red, as is on the green interface so I can surf from my laptop quite
> haply!!!
>
> Also is it possible to configure squid to require you to authenticate

before
> letting traffic through?? (ie to stop people being able to easily connect

to
> my wifi network and use my bandwidth?)
>
>

You could also try waiting for IpCop v 1.4 which is supposed to add an extra
interface (Blue IIRC) for wireless networking. Not sure how its all supposed
to tie together but you could take a look at the relevant developers forums
and see if there's anything of help. Have you tried www.ipcops.net and the
forums there?


 
Reply With Quote
 
asdf
Guest
Posts: n/a
 
      11-26-2003

"Andy Lawson" <(E-Mail Removed)> wrote in message
news:LoWwb.9729$(E-Mail Removed)...
> "asdf" <(E-Mail Removed)> wrote in message
> news:R1Qwb.9715$(E-Mail Removed)...
> > I have a IPcop fire wall on my current network.
> >
> > On the red it have ADSL
> > on the orange I have nothing.
> > on green I have my normal network.
> >
> > I am running squid to.
> >
> > Now, I would like to take out the nic I have in for orange, and put in a

> DSE
> > pci wifi card, then set up ipcop to allow me to do a ad-hoc network, on

a
> > separate network (ie, green is 192.168.0.1 and orange is 192.168.99.1).

> So
> > this would stop people that got on to my wifi network getting on to my

LAN
> > (on green). But I want to allow the same kind of traffic flow from

orange
> > to red, as is on the green interface so I can surf from my laptop quite
> > haply!!!
> >
> > Also is it possible to configure squid to require you to authenticate

> before
> > letting traffic through?? (ie to stop people being able to easily

connect
> to
> > my wifi network and use my bandwidth?)
> >
> >

> You could also try waiting for IpCop v 1.4 which is supposed to add an

extra
> interface (Blue IIRC) for wireless networking. Not sure how its all

supposed
> to tie together but you could take a look at the relevant developers

forums
> and see if there's anything of help. Have you tried www.ipcops.net and the
> forums there?

O, wow, that sound quite exiting. Any idea how far way 1.4 is sposed to be?


 
Reply With Quote
 
asdf
Guest
Posts: n/a
 
      11-26-2003

"AD." <(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
> On Wed, 26 Nov 2003 10:43:10 +1300, asdf wrote:
>
> > I have a IPcop fire wall on my current network.
> >
> > On the red it have ADSL
> > on the orange I have nothing.
> > on green I have my normal network.
> >
> > I am running squid to.
> >
> > Now, I would like to take out the nic I have in for orange, and put in a
> > DSE pci wifi card, then set up ipcop to allow me to do a ad-hoc network,
> > on a separate network (ie, green is 192.168.0.1 and orange is
> > 192.168.99.1). So this would stop people that got on to my wifi network
> > getting on to my LAN (on green). But I want to allow the same kind of
> > traffic flow from orange to red, as is on the green interface so I can
> > surf from my laptop quite haply!!!

>
> That's the way I'd set it up. What about just plugging a WiFi access point
> into the orange NIC with a crossover cable? Saves mucking about with WiFi
> drivers which can be a mixed bag on Linux currently.


$$$$$$$$$ im just about to sit my full motercycal test, just thinking of
buying a new helmot and a big bike... i have enough costs there with out
shelling out ~$150 on a AP. I allready have a DSE wifi nic, cost me $69 and
is sposadly linux compatable came with linux drivers.

> You could even replace the cross over cable with a switch later if you
> want a real DMZ
>
> >
> > Also is it possible to configure squid to require you to authenticate
> > before letting traffic through?? (ie to stop people being able to easily
> > connect to my wifi network and use my bandwidth?)

>
> Yes, these days it can even do NTLM stuff.


NTLM??? explain.

> Cheers
> Anton



 
Reply With Quote
 
SteveM
Guest
Posts: n/a
 
      11-26-2003
"asdf" <(E-Mail Removed)> wrote in
news:_rXwb.10172$(E-Mail Removed):

>
> "AD." <(E-Mail Removed)> wrote in message
> news(E-Mail Removed)...
>> On Wed, 26 Nov 2003 10:43:10 +1300, asdf wrote:
>>
>> > I have a IPcop fire wall on my current network.
>> >
>> > On the red it have ADSL
>> > on the orange I have nothing.
>> > on green I have my normal network.
>> >
>> > I am running squid to.
>> >
>> > Now, I would like to take out the nic I have in for orange, and put
>> > in a DSE pci wifi card, then set up ipcop to allow me to do a
>> > ad-hoc network, on a separate network (ie, green is 192.168.0.1
>> > and orange is 192.168.99.1). So this would stop people that got on
>> > to my wifi network getting on to my LAN (on green). But I want to
>> > allow the same kind of traffic flow from orange to red, as is on
>> > the green interface so I can surf from my laptop quite haply!!!

>>
>> That's the way I'd set it up. What about just plugging a WiFi access
>> point into the orange NIC with a crossover cable? Saves mucking about
>> with WiFi drivers which can be a mixed bag on Linux currently.

>
> $$$$$$$$$ im just about to sit my full motercycal test, just thinking
> of buying a new helmot and a big bike... i have enough costs there
> with out shelling out ~$150 on a AP. I allready have a DSE wifi nic,
> cost me $69 and is sposadly linux compatable came with linux drivers.
>
>> You could even replace the cross over cable with a switch later if
>> you want a real DMZ
>>
>> >
>> > Also is it possible to configure squid to require you to
>> > authenticate before letting traffic through?? (ie to stop people
>> > being able to easily connect to my wifi network and use my
>> > bandwidth?)

>>
>> Yes, these days it can even do NTLM stuff.

>
> NTLM??? explain.
>
>> Cheers
>> Anton

>
>


As far as I am aware you will only be able to do AdHoc mode with that PCI
card and not full AP functionality. (However this should suit your
purposes just fine) Authenication will have to wait for ver 1.4 of IPcop.

I am currently in the process of implementing this exact config. Be aware
that IPCop does not provide DHCP on the Orange interface so any wireless
client on that interface needs a static IP address or you need to run
DHCP on a seperate box of some kind also connected to the orange
interface. This is not a problem for me as my Dlink 900+ AP can provide
DHCP. I will also be running a sacrificial server on orange for FTP, File
sharing, whatever else I can think of, etc as my AP will be part of the
nzwireless.org mesh network (at some point).

For more wireless info see www.nzwireless.org

SteveM
 
Reply With Quote
 
AD.
Guest
Posts: n/a
 
      11-26-2003
On Wed, 26 Nov 2003 19:08:56 +1300, asdf wrote:

>> That's the way I'd set it up. What about just plugging a WiFi access
>> point into the orange NIC with a crossover cable? Saves mucking about
>> with WiFi drivers which can be a mixed bag on Linux currently.

>
> $$$$$$$$$ im just about to sit my full motercycal test, just thinking of
> buying a new helmot and a big bike... i have enough costs there with out
> shelling out ~$150 on a AP. I allready have a DSE wifi nic, cost me $69
> and is sposadly linux compatable came with linux drivers.


No worries, I hadn't realised you already had it.

>> > Also is it possible to configure squid to require you to authenticate
>> > before letting traffic through?? (ie to stop people being able to
>> > easily connect to my wifi network and use my bandwidth?)

>>
>> Yes, these days it can even do NTLM stuff.

>
> NTLM??? explain.


NTLM is a Windows challenge/response authentication protocol used in
Windows LANs. A lot of corporate proxies use it to transparently
authenticate users against a domain (it might still work in peer to peer
networks). Of course it is pretty much a Windows/IE only type system, but
samba has reverse engineered it and Squid uses that code I think. I'm not
sure if Squid can use it transparently though (ie no auth dialog popping
up).

NTLM can also transparently authenticate IE users against IIS webservers
etc - Mozilla is also working on this. Because NTLM isn't a standard part
of the HTTP protocol (it uses a non standard header) it can't be used to
authenticate someone to a server outside the proxy because proxies can
pass it.

Samba can normally do basic etc authentication (a dialog box pops up for
each session), but as there is only one standard auth header I think
basic proxy auth will conflict with the header needed if you need to use
basic auth against a web site.

Clear as mud?

Cheers
Anton
 
Reply With Quote
 
T.N.O.
Guest
Posts: n/a
 
      11-26-2003
asdf wrote:
> $$$$$$$$$ im just about to sit my full motercycal test, just thinking of
> buying a new helmot and a big bike... i have enough costs there with out
> shelling out ~$150 on a AP. I allready have a DSE wifi nic, cost me $69 and
> is sposadly linux compatable came with linux drivers.


Can I recommend that you invest in a good spell checker, dude, that's
abysmal.

motorcycle
helmet
already
supposedly

Sorry, but I couldn't let it pass, and yes, I too have probably made errors.

Although, you do seem to have spelled them phonetically, so you get
bonus points for that.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPCop to PIX/VPN ?? Jens Mikkelsen Cisco 0 03-25-2007 10:29 AM
Anybody using IPCOP and DSL? El Penguino NZ Computing 6 10-16-2005 08:31 AM
D-Link DSL-200 rev.B1 and IPCop 1.4.5 Dany P. Wu NZ Computing 7 05-09-2005 10:21 AM
Need help with IPCop Linux Beginner NZ Computing 8 12-04-2003 08:48 PM
Re: How do you ghost a HDD with ipCop installed? Andy Lawson NZ Computing 0 09-13-2003 04:47 AM



Advertisments