How to Protect your wifi-Lan

[Triplejolt]

Found this article on ZDnet. Explains what GRE tunnels are and their use (you link was down, pandlouk ).

[pandlouk]

Found this article on ZDnet. Explains what GRE tunnels are and their use (you link was down, pandlouk ).

Thanks. I corrected the link 

[pandlouk]

I updated the guide How to Protect your wifi-Lan

[d_squared]

Please look at the subnetting information again.  The last octet isn't supposed to be manipulated in that manner.

Assuming classical routing

1 computer & the router means that you need 2 IP's in addition to the network and broadcast, so you need to unmask the last 2 bits => 11111100 (255.255.255.252)

2 computer & the router (plus network and broadcast) means that you need to unmask the last three bits =>  11111000 (255.255.255.248),  and this means that you have room in the subnet for one more node (computer, printer, NAS, whatever attaches to the network

4 nodes & the router means that you need to unmask the last 4 bits => 11110000 (255.255.255.240),  this allows for up to eight total IP's to be in the subnet.

Normally this should be as far as you would need to go in a regular household.  Granted if you have more that 8 nodes and less than 16 the 224 subnet is what you need.

my 2 cents.  (too much cisco stuck in my head, I guess that means the Prof did a good job....)

 (R)

P.S. Of course if you throw out the classical rules and go VLSM or CIDR then all the rules change.  you no longer need to reserve two IP's.

[pandlouk]

Thanks for the info. I corrected it.

[Triplejolt]

Don't forget IP Unnumbered, which allows IP traffic without an IP address...
 

[pandlouk]

Don't forget IP Unnumbered, which allows IP traffic without an IP address...
 

Thanks Triplejolt,
but the problem is that if I add the IP unnumbered configuration how will I explain it at the novice users?

[d_squared]

For most home user that have a factory firmware in their wireless router, I don't think that they would even be able to select the option.  And those that are using aftermarket firmware probably know how to handle that particular scenario.

Using a WRT54GS as an example, all of the subnets that it will allow can be selected via a drop down menu.  So going into IP Unnumbered is not even an option.

[Triplejolt]

Don't put IP unnumbered in there Pandlouk... I was just trying to be funny
IP unnumbered is a feature used by Cisco to be able to conserve IP addresses. Normally, home DLS routers don't support this as this rely on tunneling protocols and Layer 2 capability.

[ocky]

Is it correct to say that my ADSL router's firewall also protects my wife's
laptop which connects to the net via a wireless access point ? The access
point is connected to my aforementioned router. Her wireless AP is  secured
with WPA2-PSK encryption key and uses the AES encryption algorithm.
Strong passwords were used for both the AP login and the encryption key.
Plus SSID is not broadcast and MAC access control (only my router's LAN port).
We are not networked i.e. no sharing is allowed and both have software firewalls etc.
Is my wife's laptop secure ? 
PS. I have the free Comodo Pro PF    and wife still uses Sygate 5.5   

[Triplejolt]

Is it correct to say that my ADSL router's firewall also protects my wife's

Yes. You are both "protected" by the routers firewall. The computer firewall is another matter

[sputnik365]

disable wireless management

[Triplejolt]

Why?

[imsoc]

Could someone please explain step #3 in a bit more detail?

My current network setup is as follows:

PC #1 - ethernet connection to wireless router (and modem)

PC #2 - wireless connection

PC #3 (my computer) - wireless connection

How do I isolate my computer from the other two, using the network zones and/or the firewall rules?

[Eric Cryptid]

Ok... One quick question on the subnet mask thingy. I'm using a Linksys WAG354G (Annex A) Wireless Gateway as my router. When I try to change the Subnet to 255.255.255.252 it says:

DCHP Start IP Address with Lan isn't in the same network


What am I doing wrong?