Results 1 to 6 of 6
  1. #1
    Untanglit andyp's Avatar
    Join Date
    Jul 2008
    Location
    Thailand
    Posts
    20

    Post security:allow guests internet access only

    Im a newbie to Untangle, used it for 2 weeks and its great.

    i want to setup a wireless network that will allow open access to internet for visitors to my factory, but prevent them accessing data on the LAN.

    I have an existing wireless setup protected by wep key which is used by my staff.
    I use an ubuntu server and all clients are XP, some users have shared drives also.
    untangle server is in bridge mode and sits between my main hub and an ADSL router .
    i have spare ethernet ports in my ADSL router.

    is this a job for DMZ ? or perhaps setup another subnet ?

    i'm happy to buy another wireless router if required....
    andyp
    :)

  2. #2
    Untangler geniehost's Avatar
    Join Date
    Jun 2008
    Posts
    72

    Default

    Hello Andyp,

    I try what is in this thread http://forums.untangle.com/showthread.php?t=2334 , and I notice a wireless client not able to access my network resources, but only internet!


    You may give it a try.

    regards,
    Genie

  3. #3
    Untangler
    Join Date
    Jul 2008
    Location
    UT
    Posts
    30

    Default

    id think you may have to get another nic for dmz as when the wireless clients come in they will hit lan before untangle so access control would have to be done elsewhere, this is however if I am understanding your setup.

  4. #4
    Untanglit andyp's Avatar
    Join Date
    Jul 2008
    Location
    Thailand
    Posts
    20

    Red face

    Thanks for the advice.

    i think ive solved it,.... but unsure about the security aspect.

    i set up UT as a router and have a different subnet on the internal and external ports.
    i added an extra NIC and have DMZ as bridge mode.
    DHCP is set up for my internal port using UT and ive set DHCP on my ADSL router thats on the external port.

    I have a wireless router attached to the DMZ port set in bridge mode.

    what this means is that anyone who attaches to the wireless on the DMZ is assigned an DHCP IP addr from the wireless router on the external port. because this is on a different subnet to my internal port (which has all my company data which i want to protect) they can't map drives or see any information.

    the wireless access to the internal port is protected by WEP key so people need to have the password before they can get on the internal net.....i'm also going to restrict access to this by MAC addr.

    I'm new to this, and arrived at this solution by trial and error and much internet surfing.....

    could this arrangement be described as 'secure '.
    for my files i use samba so these are protected by the unix permissions etc so the main point of failure would be the XP clients shared drives ... i think.
    andyp
    :)

  5. #5
    Master Untangler
    Join Date
    Jan 2008
    Posts
    168

    Default

    I would ditch the MAC filtering as it provides little security and the maintenance/headache wouldn't be worth it. Then I would bump WEP up to WPA2.

  6. #6
    Untangler
    Join Date
    Sep 2007
    Posts
    43

    Default

    For added security, you can create a script to change the WPA shared key daily. This guarantee a one day pass to your wireless AP.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2