I recently purchased a wireless access point. After some research into the
relative insecurity of WEP, I am looking implent more stringent measures.
My current setup includes a LAN sitting behind a packet filtering firewall
running Debian Woody. The current plan is to move the access point outside
the firewall, as shown in the diagram below ...
------------ | Cable/ | eth1 ---------- eth0 -----
| Internet | ---o| xDSL |o-----o| Firewall |o-----o| HUB |o----> LAN
------------ | modem | ---------- -----
| 802.11 |
| Access |
| Point |
eth0 : 192.168.1.x
eth1 : internet
eth2 : 192.168.2.x
The network address for each of the interfaces is shown above. Connections
to the access point are exclusivly MS Windows machines running XP. A file
server in the LAN runs Samba and a DHCP server (I plan to serve DHCP
address from the LAN, not the access point ... if possible).
I am currently in the process of building a new firewall where I'll
upgrade from ipchains to iptables. At the same time, I'd like to implement
some security and authentication services for the access point. Some
questions I have:
I understand that WEP is not optimal. My research indicates that IPSec
would be better. Any suggestions or pointers on setting up IPSec on
the new firewall? Or, is there someting prefereable to IPSec?
What can I use to autenticate the Windows services from Samba. It seems
to me that I am going to have a two step autentication process. First
step is authenticate access to the Access Point. Second step is granting
permission to utilize services shared by machines on the LAN (i.e.
Will I be able to access Samba services across the network boundary
from 192.168.1.x to 191.168.2.x?
I realize these are not all Debian related questions. But I will be
running Debian on the firewall and this seemed like a good place to start.
Ideas and pointers to documentation/HowTos would be much appreciated.
R. Wayne McCorkle