Why don't using a vpn path between your desktop und auth or your
main-router?
Client----------Wireless-Router------VPN-Router-----Main Router
| |
| |
+-------------VPN-Channel----------+
The vpn connection between client and the vpn router could be stablished
with different
authentications methods, e.g. preshared key on the client and the router.
The vpn router opens a vpn channel on a port you choose, e.g. 5004. On
the vpn router
you drop other ports and allow only incoming udp traffic on port 5004
from the interface to the wireless router.
In my opinion this scenario meets the most of your requirements. Am evil
client without preshared key
which overcome the wireless protection couldn't use this capture. The
only connection
could be used is a 5004 udp connection which require a preshared key. So
only if a client started
this half of the vpn connection with the correct preshared key, traffic
between client and the lan
is possible.
with kind regards
G. A. Wilm
Michelle Konzack schrieb:
> Hello,
>
> I have some 802.11a Access Point (privately) in Strasbourg and want to
> open it public. The solutions I have found are not suitable and some
> are realy strange.
>
> What I have:
>
> |
> |
> | 802.11a Auth-Router Main
> +---- Access ---- (Etch) ---> Router <----> Internet
> Point DHCP
>
> I want, that the Auth-Router block ANY traffic until the $CLIENT which
> connect over the Access-Point call ANY http-URL and autentificate.
>
> Then the $CLIENT is allowed to use the connection until the last traffic
> was on its MAC/IP for, e.g. 5 minutes, then the $CLIENT is required to
> re-authenticate.
>
> Also I need to prohibit that sevewral Clients use my Access-Point as
> free bridge for there traffic.
>
> I was searching the Net for a sample config how to do this but failed.
>
> So, I want to install the authentication website directly on the Auth-
> Router.
>
> Does anyone has done this before and how must I make the iptables setup
> to let this work?
>
> Thanks, Greetings and nice Day
> Michelle Konzack
> Systemadministrator
> Tamay Dogan Network
> Debian GNU/Linux Consultant
>
>
>
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment