>>are you sure ?
>
>
> Yes, I'm sure it's bridging.
>
>
>>then, what is my hand setted up gateway doing ???
>
>
> That's the router section. Think of a "wireless router" as a
> "wireless access point" glued to an "ethernet router". If done in
> seperate boxes, the ethernet output from the access point would go to
> one of the LAN inputs of the "ethernet router". When you set the IP
> addresses and all that, you're setting the router section. The only
> exception is that a stand along access point requires an IP address to
> do configurations and system settings. That IP address is only use
> for configuration and has nothing to do with the traffic.
learn abit about the french product called 'freebox':
it natively support wireless routing, and it is REALLY A ROUTER:
software conf can activate (or not) routing to wireless; by default it is off and
you can only access wired part.
Pb about this device is that the manifacturer does not sell it. It is an afforded
part to customer who pay for internet access ...
I mean that in this device, the wireless card is not briged.
>>4 IPs
>>and clients on any network can not even ping any other IP than the NIC of my gateway
>>it is connected to ... not even the IP of wireless card if he is on wired NIC ...
>
>
> Wanna bet? If you ignore the router part of the puzzle and just play
> with an access point, the IP address of the access point can be
> literally anything. In fact, that's exactly what I do on wireless
> systems that I don't want the users to tinker with the access points.
> I set the management IP address of the access point to something
> that's out of the usual 192.168.1.0/24 block.
what is your point in this part ?
>>what happens is that for simplicity, and dummy compliance, all manifacturers do
>>brige wireless to wired ... BUT on all firewalling tutos, you will find that this
>>kind of briging DO require to be activated ... aka is NOT available before you
>>explicitely ask for it.
>
> Sorry. I don't understand what you're asking or saying.
hmmm, did you ever try to activate WDS ?
did you read routing table of a WRT54g ?
if yes, read me again ...
>>WPA is hardware encryption: next year it will be broken = next year I can buy a new
>>router, and ask all my clients to buy new cards ...
>
> That's why I suggested you seperate the router function (with VPN) and
> the wireless function. When the next great exploits or new acronyms
> come out, you don't have to toss everything and start over.
I can perfectly well do it on my old pentium 120 ...
question is: can ahardware router do it for me ?
> Good luck. IPsec is no fun to setup. Lots of settings. Lots of
> potential incompatibilities between servers and clients. Lots of
> things to go wrong. To the best of my knowledge, nobody has a
> non-manual IPSec VPN setup.
that why I ask hardware device
(but still, I expect this kind of hardware to be upgradable ...
when WPA is encoded (let say) into silicon, IPSEC ought to be encoded into FLASH device)
> Most systems I've seen use a common /24 IP block for everything. If
> there's a VPN server in the system, the VPN server delivers an IP
> address through the tunnel to the client, which is used instead of the
> DHCP assigned IP address. I think that's what you're talking about.
some companies have over 10000 box in a single building: if you use only hub and
switches, you need a star network, where the root switch may saturate with a 100gb
.... because if two end branch clients want to exchange, they are likely to have to
come back to root switch ... when a routed network can be designed as islands, then
islands can be interconnected a smart way.
I have been customer in a network you describe: it was deadly slow and unstable:
breaking the root switch shotdown whole the network ... for example when you unplug
the switch the leads to the DHCP server room ...
--
DEMAINE Benoit-Pierre (aka DoubleHP )
http://www.demaine.info/
\_o< If computing were an exact science, IT engineers would not have work >o_/