ipcop + wifi + strange use of the DMZ?>> help.

Discussion in 'NZ Computing' started by asdf, Nov 25, 2003.

  1. asdf

    asdf Guest

    I have a IPcop fire wall on my current network.

    On the red it have ADSL
    on the orange I have nothing.
    on green I have my normal network.

    I am running squid to.

    Now, I would like to take out the nic I have in for orange, and put in a DSE
    pci wifi card, then set up ipcop to allow me to do a ad-hoc network, on a
    separate network (ie, green is 192.168.0.1 and orange is 192.168.99.1). So
    this would stop people that got on to my wifi network getting on to my LAN
    (on green). But I want to allow the same kind of traffic flow from orange
    to red, as is on the green interface so I can surf from my laptop quite
    haply!!!

    Also is it possible to configure squid to require you to authenticate before
    letting traffic through?? (ie to stop people being able to easily connect to
    my wifi network and use my bandwidth?)


    Thanks Daniel
     
    asdf, Nov 25, 2003
    #1
    1. Advertising

  2. asdf

    AD. Guest

    On Wed, 26 Nov 2003 10:43:10 +1300, asdf wrote:

    > I have a IPcop fire wall on my current network.
    >
    > On the red it have ADSL
    > on the orange I have nothing.
    > on green I have my normal network.
    >
    > I am running squid to.
    >
    > Now, I would like to take out the nic I have in for orange, and put in a
    > DSE pci wifi card, then set up ipcop to allow me to do a ad-hoc network,
    > on a separate network (ie, green is 192.168.0.1 and orange is
    > 192.168.99.1). So this would stop people that got on to my wifi network
    > getting on to my LAN (on green). But I want to allow the same kind of
    > traffic flow from orange to red, as is on the green interface so I can
    > surf from my laptop quite haply!!!


    That's the way I'd set it up. What about just plugging a WiFi access point
    into the orange NIC with a crossover cable? Saves mucking about with WiFi
    drivers which can be a mixed bag on Linux currently.

    You could even replace the cross over cable with a switch later if you
    want a real DMZ :)

    >
    > Also is it possible to configure squid to require you to authenticate
    > before letting traffic through?? (ie to stop people being able to easily
    > connect to my wifi network and use my bandwidth?)


    Yes, these days it can even do NTLM stuff.

    Cheers
    Anton
     
    AD., Nov 25, 2003
    #2
    1. Advertising

  3. asdf

    Andy Lawson Guest

    "asdf" <> wrote in message
    news:R1Qwb.9715$...
    > I have a IPcop fire wall on my current network.
    >
    > On the red it have ADSL
    > on the orange I have nothing.
    > on green I have my normal network.
    >
    > I am running squid to.
    >
    > Now, I would like to take out the nic I have in for orange, and put in a

    DSE
    > pci wifi card, then set up ipcop to allow me to do a ad-hoc network, on a
    > separate network (ie, green is 192.168.0.1 and orange is 192.168.99.1).

    So
    > this would stop people that got on to my wifi network getting on to my LAN
    > (on green). But I want to allow the same kind of traffic flow from orange
    > to red, as is on the green interface so I can surf from my laptop quite
    > haply!!!
    >
    > Also is it possible to configure squid to require you to authenticate

    before
    > letting traffic through?? (ie to stop people being able to easily connect

    to
    > my wifi network and use my bandwidth?)
    >
    >

    You could also try waiting for IpCop v 1.4 which is supposed to add an extra
    interface (Blue IIRC) for wireless networking. Not sure how its all supposed
    to tie together but you could take a look at the relevant developers forums
    and see if there's anything of help. Have you tried www.ipcops.net and the
    forums there?
     
    Andy Lawson, Nov 26, 2003
    #3
  4. asdf

    asdf Guest

    "Andy Lawson" <> wrote in message
    news:LoWwb.9729$...
    > "asdf" <> wrote in message
    > news:R1Qwb.9715$...
    > > I have a IPcop fire wall on my current network.
    > >
    > > On the red it have ADSL
    > > on the orange I have nothing.
    > > on green I have my normal network.
    > >
    > > I am running squid to.
    > >
    > > Now, I would like to take out the nic I have in for orange, and put in a

    > DSE
    > > pci wifi card, then set up ipcop to allow me to do a ad-hoc network, on

    a
    > > separate network (ie, green is 192.168.0.1 and orange is 192.168.99.1).

    > So
    > > this would stop people that got on to my wifi network getting on to my

    LAN
    > > (on green). But I want to allow the same kind of traffic flow from

    orange
    > > to red, as is on the green interface so I can surf from my laptop quite
    > > haply!!!
    > >
    > > Also is it possible to configure squid to require you to authenticate

    > before
    > > letting traffic through?? (ie to stop people being able to easily

    connect
    > to
    > > my wifi network and use my bandwidth?)
    > >
    > >

    > You could also try waiting for IpCop v 1.4 which is supposed to add an

    extra
    > interface (Blue IIRC) for wireless networking. Not sure how its all

    supposed
    > to tie together but you could take a look at the relevant developers

    forums
    > and see if there's anything of help. Have you tried www.ipcops.net and the
    > forums there?

    O, wow, that sound quite exiting. Any idea how far way 1.4 is sposed to be?
     
    asdf, Nov 26, 2003
    #4
  5. asdf

    asdf Guest

    "AD." <> wrote in message
    news:p...
    > On Wed, 26 Nov 2003 10:43:10 +1300, asdf wrote:
    >
    > > I have a IPcop fire wall on my current network.
    > >
    > > On the red it have ADSL
    > > on the orange I have nothing.
    > > on green I have my normal network.
    > >
    > > I am running squid to.
    > >
    > > Now, I would like to take out the nic I have in for orange, and put in a
    > > DSE pci wifi card, then set up ipcop to allow me to do a ad-hoc network,
    > > on a separate network (ie, green is 192.168.0.1 and orange is
    > > 192.168.99.1). So this would stop people that got on to my wifi network
    > > getting on to my LAN (on green). But I want to allow the same kind of
    > > traffic flow from orange to red, as is on the green interface so I can
    > > surf from my laptop quite haply!!!

    >
    > That's the way I'd set it up. What about just plugging a WiFi access point
    > into the orange NIC with a crossover cable? Saves mucking about with WiFi
    > drivers which can be a mixed bag on Linux currently.


    $$$$$$$$$ im just about to sit my full motercycal test, just thinking of
    buying a new helmot and a big bike... i have enough costs there with out
    shelling out ~$150 on a AP. I allready have a DSE wifi nic, cost me $69 and
    is sposadly linux compatable came with linux drivers.

    > You could even replace the cross over cable with a switch later if you
    > want a real DMZ :)
    >
    > >
    > > Also is it possible to configure squid to require you to authenticate
    > > before letting traffic through?? (ie to stop people being able to easily
    > > connect to my wifi network and use my bandwidth?)

    >
    > Yes, these days it can even do NTLM stuff.


    NTLM??? explain.

    > Cheers
    > Anton
     
    asdf, Nov 26, 2003
    #5
  6. asdf

    SteveM Guest

    "asdf" <> wrote in
    news:_rXwb.10172$:

    >
    > "AD." <> wrote in message
    > news:p...
    >> On Wed, 26 Nov 2003 10:43:10 +1300, asdf wrote:
    >>
    >> > I have a IPcop fire wall on my current network.
    >> >
    >> > On the red it have ADSL
    >> > on the orange I have nothing.
    >> > on green I have my normal network.
    >> >
    >> > I am running squid to.
    >> >
    >> > Now, I would like to take out the nic I have in for orange, and put
    >> > in a DSE pci wifi card, then set up ipcop to allow me to do a
    >> > ad-hoc network, on a separate network (ie, green is 192.168.0.1
    >> > and orange is 192.168.99.1). So this would stop people that got on
    >> > to my wifi network getting on to my LAN (on green). But I want to
    >> > allow the same kind of traffic flow from orange to red, as is on
    >> > the green interface so I can surf from my laptop quite haply!!!

    >>
    >> That's the way I'd set it up. What about just plugging a WiFi access
    >> point into the orange NIC with a crossover cable? Saves mucking about
    >> with WiFi drivers which can be a mixed bag on Linux currently.

    >
    > $$$$$$$$$ im just about to sit my full motercycal test, just thinking
    > of buying a new helmot and a big bike... i have enough costs there
    > with out shelling out ~$150 on a AP. I allready have a DSE wifi nic,
    > cost me $69 and is sposadly linux compatable came with linux drivers.
    >
    >> You could even replace the cross over cable with a switch later if
    >> you want a real DMZ :)
    >>
    >> >
    >> > Also is it possible to configure squid to require you to
    >> > authenticate before letting traffic through?? (ie to stop people
    >> > being able to easily connect to my wifi network and use my
    >> > bandwidth?)

    >>
    >> Yes, these days it can even do NTLM stuff.

    >
    > NTLM??? explain.
    >
    >> Cheers
    >> Anton

    >
    >


    As far as I am aware you will only be able to do AdHoc mode with that PCI
    card and not full AP functionality. (However this should suit your
    purposes just fine) Authenication will have to wait for ver 1.4 of IPcop.

    I am currently in the process of implementing this exact config. Be aware
    that IPCop does not provide DHCP on the Orange interface so any wireless
    client on that interface needs a static IP address or you need to run
    DHCP on a seperate box of some kind also connected to the orange
    interface. This is not a problem for me as my Dlink 900+ AP can provide
    DHCP. I will also be running a sacrificial server on orange for FTP, File
    sharing, whatever else I can think of, etc as my AP will be part of the
    nzwireless.org mesh network (at some point).

    For more wireless info see www.nzwireless.org

    SteveM
     
    SteveM, Nov 26, 2003
    #6
  7. asdf

    AD. Guest

    On Wed, 26 Nov 2003 19:08:56 +1300, asdf wrote:

    >> That's the way I'd set it up. What about just plugging a WiFi access
    >> point into the orange NIC with a crossover cable? Saves mucking about
    >> with WiFi drivers which can be a mixed bag on Linux currently.

    >
    > $$$$$$$$$ im just about to sit my full motercycal test, just thinking of
    > buying a new helmot and a big bike... i have enough costs there with out
    > shelling out ~$150 on a AP. I allready have a DSE wifi nic, cost me $69
    > and is sposadly linux compatable came with linux drivers.


    No worries, I hadn't realised you already had it.

    >> > Also is it possible to configure squid to require you to authenticate
    >> > before letting traffic through?? (ie to stop people being able to
    >> > easily connect to my wifi network and use my bandwidth?)

    >>
    >> Yes, these days it can even do NTLM stuff.

    >
    > NTLM??? explain.


    NTLM is a Windows challenge/response authentication protocol used in
    Windows LANs. A lot of corporate proxies use it to transparently
    authenticate users against a domain (it might still work in peer to peer
    networks). Of course it is pretty much a Windows/IE only type system, but
    samba has reverse engineered it and Squid uses that code I think. I'm not
    sure if Squid can use it transparently though (ie no auth dialog popping
    up).

    NTLM can also transparently authenticate IE users against IIS webservers
    etc - Mozilla is also working on this. Because NTLM isn't a standard part
    of the HTTP protocol (it uses a non standard header) it can't be used to
    authenticate someone to a server outside the proxy because proxies can
    pass it.

    Samba can normally do basic etc authentication (a dialog box pops up for
    each session), but as there is only one standard auth header I think
    basic proxy auth will conflict with the header needed if you need to use
    basic auth against a web site.

    Clear as mud? :)

    Cheers
    Anton
     
    AD., Nov 26, 2003
    #7
  8. asdf

    T.N.O. Guest

    asdf wrote:
    > $$$$$$$$$ im just about to sit my full motercycal test, just thinking of
    > buying a new helmot and a big bike... i have enough costs there with out
    > shelling out ~$150 on a AP. I allready have a DSE wifi nic, cost me $69 and
    > is sposadly linux compatable came with linux drivers.


    Can I recommend that you invest in a good spell checker, dude, that's
    abysmal.

    motorcycle
    helmet
    already
    supposedly

    Sorry, but I couldn't let it pass, and yes, I too have probably made errors.

    Although, you do seem to have spelled them phonetically, so you get
    bonus points for that.
     
    T.N.O., Nov 26, 2003
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jack
    Replies:
    0
    Views:
    740
  2. Andy Lawson

    Re: How do you ghost a HDD with ipCop installed?

    Andy Lawson, Sep 13, 2003, in forum: NZ Computing
    Replies:
    0
    Views:
    504
    Andy Lawson
    Sep 13, 2003
  3. Linux Beginner

    Need help with IPCop

    Linux Beginner, Dec 3, 2003, in forum: NZ Computing
    Replies:
    8
    Views:
    838
    harry
    Dec 4, 2003
  4. Dany P. Wu

    D-Link DSL-200 rev.B1 and IPCop 1.4.5

    Dany P. Wu, May 9, 2005, in forum: NZ Computing
    Replies:
    7
    Views:
    825
    SteveM
    May 9, 2005
  5. El Penguino

    Anybody using IPCOP and DSL?

    El Penguino, Oct 16, 2005, in forum: NZ Computing
    Replies:
    6
    Views:
    461
    SteveM
    Oct 16, 2005
Loading...

Share This Page