[ale] HELP, need to setup wireless access point!

Ron Frazier atllinuxenthinfo at c3energy.com
Fri Feb 4 14:21:56 EST 2011


I didn't intend any offense, so I hope none was taken.  The method I 
proposed seemed like the quickest way to get Paul up and running in what 
appeared to be a home office situation.

A router with a WAN port acts as a one way valve.  Unsolicited data 
cannot come back through the valve from the WAN to the LAN.  On my own 
personal setup, I have:

wifi router 1 --> wifi router 2 --> wired router 3 --> cable modem

I, my son, and my blu-ray dvd player, log into router 2 and do whatever 
we have to on the Internet.  However, router 2 has a bug in it's port 
stealthing capabilities.  If I run Shields Up from http://grc.com , a 
simulated (harmless) port scan attack, against router 2 with it 
connected directly to the cable modem, one of the first 1024 ports shows 
up as closed, rather than stealth.  I want them all to be stealthed.  
So, running through router 3 solves that problem.

My wife telecommutes to her job through the internet connection on some 
days, and she logs into router 1.  This provides additional isolation 
for her computer, so, if one of my machines or my son's gets a virus, it 
doesn't have direct access to her computer through the LAN, since 
everything on the same wifi connection is on the same LAN.

So, it works for me.  I do see what you're saying about points of 
failure and complexity though.

Again, no offense intended by my post.



On 02/04/2011 01:54 PM, Michael B. Trausch wrote:
> On Fri, 2011-02-04 at 13:35 -0500, Ron Frazier wrote:
>> I don't see what the problem is.  I go though two routers all the
>> time, both doing NAT, to get to my internet connection.  The following
>> should work fine with LAN cables between the parts.  Paul is welcome
>> to call me personally if he needs help.
> Just because something can be done does not mean it should be.
> Double-NAT (a NAT within a NAT) unduly reduces performance and creates
> an artificial barrier that need not exist.  It can also unnecessarily
> complicates the network and brings about more points of failure.
> But hey, I just administer networks for a living.
> 	--- Mike


(PS - If you email me and don't get a quick response, you might want to
call on the phone.  I get about 300 emails per day from alternate energy
mailing lists and such.  I don't always see new messages very quickly.)

Ron Frazier

770-205-9422 (O)   Leave a message.
linuxdude AT c3energy.com

More information about the Ale mailing list