Frank writes:>>> There are 3 existing computers in our second office. Two
can communicate with each other and with the outside world by wireless. One,
mine, can not communicate with the other two computers as that is not
desirable from an employment perspective. I can communicate with the outside
world. If I added a fourth computer with a fourth wireless router/bridge it
would need to be set so that it could not communicate with any other
computer by wireless only communicating with the outside world.
--- Frank, It's not clear to me how you accomplish this. I assume all three current PCs are connected to the same router. How is it that your PC can connect to the router, but not talk to the other 2 PCs? In other words, do you currently have a hardware or software firewall separating you from allowing them to see your PC, or some other setup?It seems like you have this arrangement
Router/wireless | |-via/wireless--PC A |-via/wireless--PC B |-via/wireless---------firewall-----PC C (yours)
And you want to add: | |-----via/wireless router/firewall---PC D
This would appear to allow you to see A and B if you choose, but prevent any PC from seeing C or D.
How difficult do you want to make this? Could you put software firewalls in each machine to control access from the other PCs? Or do you need more security than that.
Would this work? (software firewalls)
Router/wireless | |-via/wireless----firewall (allows B only)----PC A |-via/wireless----firewall (allows A only)----PC B |-via/wireless----firewall (allows nobody)-----PC C (yours) |-via/wireless----firewall (allows nobody)-----PC D
Ken Elliott
===================== -----Original Message----- From: slug@nks.net [mailto:slug@nks.net] On Behalf Of SOTL Sent: Saturday, January 08, 2005 10:53 AM To: slug@nks.net; Chuck Hast Subject: Re: [SLUG] Wireless Routers and Bridges
On Saturday 08 January 2005 10:19 am, Chuck Hast wrote: > On Sat, 8 Jan 2005 08:55:43 -0500, SOTL <sotl155360@earthlink.net> wrote: > > On Saturday 08 January 2005 04:01 am, Paul M Foster wrote: > > > On Fri, Jan 07, 2005 at 09:28:14PM -0500, SOTL wrote: > > > > Hi All > > > > > > > > What is the difference between a wireless router and a wireless > > > > bridge? Just so I do not confuse people I know a router goes on > > > > the line side and the bridge goes on the computer side but > > > > really is the difference? > > > > > > Note: I'm a neophyte to this area. I've set up several simple > > > networks and know something about the theory of this area. I've > > > never seen or used a bridge but I know the definition of one. So > > > feel free to correct me. I'll also use this opportunity to ask > > > questions of the more knowledgeable in the group. Here's my understanding: > > > > > > Bridges are specialized routers, designed to connect two or more > > > networks or LANs. They use info from the MAC layer (MAC > > > addresses?) to route packets. > > > > > > Routers are more general purpose. They make decisions or where to > > > route packets based partially on info from higher up in the > > > protocol stack (IP addresses?). They can be made to function as > > > bridges, though perhaps less efficiently. > > > > > > There are two factors at work. The first is the connection between > > > IP address and machine names, and the ability to resolve machine > > > names into addresses. This is handled either by a populated > > > /etc/hosts file (which contains the names and addresses of local > > > machines), or access to an active local DNS server. In the latter > > > case, the DNS server serves to translate machine names into IP > > > addresses to the best of its ability. > > > > > > The second factor is the routing of packets once the IP addresses > > > are known. The "route -n" command will show you what routing > > > decisions will be made on the machine it's run on. Your local > > > machine will likely know how to route all traffic on your LAN directly to the machines involved. > > > That is, the "route -n" command shows that for local addresses, > > > there is no gateway; packets to those addresses are routed > > > directly. Any other addresses will go to a "gateway" router > > > somewhere on your network, which shows on a separate line of the "route -n" command. > > > > > > If your network is like mine, you've got a router for the LAN. It > > > accepts packets for addresses my local machine doesn't know how to > > > deal with. It knows how to address local traffic. But for any > > > other traffic, it has its own "gateway" route, which is to the DSL > > > modem. The DSL modem does whatever handwaving it needs to to get > > > internet packets where they're going. > > > > > > Since part of specifying a route with the route command also > > > entails specifying what type of addresses will go on that route, > > > you could specify a secondary gateway for any traffic going to a > > > different LAN or network segment. That gateway would then hand off > > > traffic to the proper hosts on its network segment. > > > > > > So the point here is that, while a bridge would directly route > > > traffic to specific machines on different network segments, a > > > router whose routing tables are properly set up (with a separate > > > gateway on the other network segment(s)) could perform the same > > > function. It mainly depends on how your routes are set up. > > > > > > Right? > > > > > > Paul > > > > Thanks Paul > > > > If I get the issue correct it is a matter of package routing and > > what is allowed to pass, basically a firewall and routing issue. > > > > If that is correct then if all firewall features were nulled out > > then could one could a router be used for a bridge on a simple > > network consisting of one bridge/router connected to one computer > > and one router connected to the eathernet line side. > > One other thing to take into account is the layout of the RF part of > the system. Normally wireless routers are designed to connnect to user > gear (RF > Nic's) or real bridges, if you are modifying a router to work as a > bridge you need to make sure that the RF piece can be changed so as to > act like a subservient device to the router rather than a router controller device. > > Wireless lan on the RF side operates in two modes 1. Multi-point to > multi-point or Peer to peer, this is where you do not have a router or > access point through which all devices operate through 2. Point to > multi-point which is the way most of us operate these things, one > device > is a access point/router and the other devices communicate through it. > > If you use a router as a bridge it must be able to change from a > access point to a user type device which is how the router views it as a radio. > The router is looking > for user devices and will not see a router device unless that device > can be made to appear as another user device on the RF LAN.
Now I am more confused than I was. The issue to me is not clear. So let me explain what we have and what I need and then maybe someone can advise me.
There are 3 existing computers in our second office. Two can communicate with each other and with the outside world by wireless. One, mine, can not communicate with the other two computers as that is not desirable from an employment perspective. I can communicate with the outside world. If I added a fourth computer with a fourth wireless router/bridge it would need to be set so that it could not communicate with any other computer by wireless only communicating with the outside world. A firewall is not desirable in this router/bridge as the system to be connected would be a SuSE 9.2 which as you are aware of has internal firewall capabilities nor would normal routing action be required only straight in straight out.
Under these circumstances can a wireless router [normally used to connect to the line side] be used as a wireless bridge [normally connected to the computer side]?
Thanks
Frank
----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.
----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:07:52 EDT