[ltp] Please help me pick out my next thinkpad

David A. Desrosiers linux-thinkpad@linux-thinkpad.org
Thu, 12 Jun 2008 10:37:49 -0400


On Thu, Jun 12, 2008 at 7:54 AM, Christos Papadopoulos
<christos@cs.colostate.edu> wrote:
> Bruce Schneier is a well-known security expert and he runs an open
> wireless at home. Most comments to his posting disagreed with him. I
> happen to agree. Interesting read.

Since roughly 2000 (back in my Linuxcare days), I've been running 3
wifi access points on my home LAN, arranged as follows:

- One is a completely open, public WAP, which has ONLY access to get
directly to the internet. No access to any other internal equipment is
allowed or available.

- The second one is for "guests" and "visitors" at my home or home
office, locked down with a rotating password every 30 days. This one
has access to the Internet, my wireless
printer/fax/scanner/kitchen-sink and one internal Samba share for
moving data around that is too big to email/IM.

- The third one is locked down with WPA2/TKIP/AES, locked via MAC and
DHCP is disabled. A succesful connection to this WAP gives you access
to the Internet (unfiltered), all internal servers and services,
printers and my internal media services (streaming music/video).

The first and second WAP are transparent proxies to an internal Squid
server to speed up web access. No client-side configuration is
necessary. 3 simple iptables rules on those WAPs turn them into
transparent squid proxies.

When I moved to the East Coast, I gave my neighborhood (a very
tight-knit group of families ranging from newborn to several
generations old), access to the Internet for free, through the first
WAP.

I've never had any trouble at all with any of this configuration.