If you want a firewall with real DMZ support, you can download Mandrake MNF. Toss your webserver on one DMZ, and your WAP on another (use VPN to get into your network once connected to the WAP). Most WAP's and wireless cards have interesting packet avoidance algorithms now, so if you have this, you probably don't need to worry too much about someone cracking your WEP key with airsnort or related tools, but still a good idea to put it on a DMZ if you're paranoid like me. > -----Original Message----- > From: Clay Fandre [mailto:clay at fandre.com] > Sent: Wednesday, September 03, 2003 2:57 PM > To: tclug-list at mn-linux.org > Subject: Re: [TCLUG] Home network design > > > > On Wed, 03 Sep 2003, Scot Jenkins wrote: > > > don't most of those router/firewall things put the dmz port > on the same > > network as the rest of the boxes on your "inside" LAN? If > so, using the > > dmz port would be a BAD idea. > > > > also the wireless AP, if it's going to be open to the > world, should be > > in a DMZ, a different network from your inside LAN. > > > > I agree. I have a P90 with 3 nic cards running as my firewall/router. > My DMZ hangs off of 1 of those nics and isn't allowed to get back into > my internal network. My AP is also on the DMZ, so if someone connects > to it they are still off my internal network. > > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > http://www.mn-linux.org tclug-list at mn-linux.org > https://mailman.real-time.com/mailman/listinfo/tclug-list > _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list