Topic: Wireless Access Point

[Sean R]

I am trying to set up a Netgear Wireless Router (MR814) behind my SME (v5.1.2).

From the server console, I specified a fixed IP address for the netgear (192.168.14.30).  I then disconnected my PC from my server and connected it to one of the 4 wired ports on the router.  The router was not connected to anything else.  I specified the fixed IP address during the Netgear configuration.  As well, set the gateway IP address as the internal one for the SME.

I then connect a cable to the router from the SME server, but I can no longer get to the SME server from my PC, either by name or IP.  I can ping the internal and external IP address of the router.

Any ideas on what I may be missing?  Do I have to restart anything on the SME?

My setup

Internet (DHCP)
|
|
SME Server
| 192.168.14.1
|
| 192.168.14.30
Netgear
| 192.168.0.1
|
| 192.168.0.2
PC (Wired)

Thanks,
Sean R

[Duncan]

Your Pcs are not on the same subnet as the E-smith local network. They are firewalled out.

Set a subnet in the E-smith box for the wired lans subnet.

Regards Duncan

[Sean R]

Thanks Duncan.  That seemed to work.  I created a new local network for the Netgear.  I can access the internet.

I still have one minor issue...  I can't connect to the SME server using it's name, just IP address.  

For the Netgear configuration, I specified that it should get it's DNS information from the SME.  As well, on my Windows box, I specified that it should get it's DNS information from SME.  No luck.

Thanks,
Sean

[Terry Brummell]

NetBIOS names are not handled by DNS, they are handled by WINS.  Specify the SME IP in the WINS settings on your wireless clients and see what happens.

[Sean R]

Thanks Terry.  I'll give that a try tonight.

/sean

[Dub Dublin]

FWIW, I suppose you know this is a *very* insecure network design.

Since wireless is by its very nature quite insecure now (as little as a few minutes worth of sniffing can crack WEP keys these days) it's a really good idea to make sure any wireless connection to your network is *OUTSIDE* the firewall.  

You can then use a general purpose VPN like PPTP, or a specific VPN/tunnel like PuTTY(ssh) to provide access through the firewall.  Same thing applies to dial-in/RAS servers - I can't tell you how many big companies I've seen spend big bucks on their firewall, and then let anyone bypass it because the dial-in servers are on the inside.  Doh!

Even putting the wireless on the outside is still not ideally secure, but it's several orders of magnitude better than putting an access point or wireless router on the inside of your firewall - unless your *intent* is to expose the soft underbelly of your server to the world.

Perhaps one day we'll be able to arbitrarily declare network interfaces as "internal" or "external" in SME - that would be really nice... (wistful sigh...)

[Tim]

Dub Dublin wrote:
>
> FWIW, I suppose you know this is a *very* insecure network
> design.
>
> Since wireless is by its very nature quite insecure now (as
> little as a few minutes worth of sniffing can crack WEP keys
> these days) it's a really good idea to make sure any wireless
> connection to your network is *OUTSIDE* the firewall.
>
>I have to disagree with these statements. I run a WISP (Wireless Internet Service Provide) and you do not crack 128 bit keys in a few minutes. It actually takes several hours of captured data, a lot of computer power, and time. No I would not put secret data on a wireless, but then I wouldn't put it on a Lan with direct Internet access either. Security is making access take more time and money than someone is willing to spend to break in. If the data is worth the effort any security can be breached.