Dual Homed

Set up my wireless router with the Time Warner Cable connection, left my DSL connected to my VPN for access to work. A feel a little naked having my firewalls in parallel rather than serial, but there it is. I configured the wireless router to specific MAC addresses as an extra measure.

What made me chuckle, though, is all the insecure networks on the local neighborhood.

For … chuckles. I connected to 8 of them, found the offending Windows PC, and dropped a note into “C:\Documents and Settings\<user>\Desktop\Thank you for the use of your PC.txt” containing the text “your wireless network was open to the world and your PC is accessible to anyone” and Geek Squad’s number ;)

I wonder if I’m going to have to set up the freakin routes each time I reboot.

13 Comments

Meh. Bandwidth place says I’m getting 2mb out of cable; so much for 7Mbs. I might try connecting cat5 to the wireless router and see if that ups the speed but I doubt it.

I’ve got 4 Wireless Nets available to mine all are secure, I was quite impressed :(

I can see 32. One has a machine called finances… 4 secure networks including mine.

There are only 2 that I can see. Mine and my next door neighbors.

I’ve always wanted to change the name of my access point to someting other than default.

R’lyeh comes to mind.

http://en.wikipedia.org/wiki/R%27lyeh

Most wireless cards have a preference where you set to always connect. So it will try that one first.

You should set your router to apt15freesex

Happy Birthday, KFSOne. 8^)

VPN… I don’t know much about this but is there any security advantage to using VPN to access work as opposed to just ssh?

VPN isn’t so much about security as convenience. To all intents and purposes, my box has a bridged connection onto the office LAN.

for the routes

windows open cmd prompt

route add 1.2.3.4 MASK x.x.x.x 4.3.2.1 -p

4.3.2.1 is the gw and -p makes it persistent through a reboot.

for linux .. lets see you’re using redhat iirc so open /etc/sysconfig/networks/ in there should be the routes file. add in the route to that file. i dont recall if linux has a similar persistent flag accesible via the CLI.

what firewalls are you using? you could pickup some cisco ASAs pretty cheap off ebay and run parallel with those. setup a branch to branch VPN tunnel off one (or both for failover) and then not worry about routes on the workstations. might be overkill but would be cool for a home office setup :D.

Lutorm

as kfsone mentioned, VPNs are easier to manage than SSH. you can setup SSH to be a vpn of sorts but its simpler to setup and manage using VPN. there are a million appliances that integrate VPN these days where as SSH would usually require a dedicated box on either end.

SSH is a wonderful replacement for telnet and can function as a VPN gateway but isnt the best tool for the job.

Sweet – I found the help for route really hard to read, and I hadn’t tried putting the -p at the end.

The firewalls aren’t anything brilliant but they have sufficient features that I can be specific about most of what I want to let in/out of my network.

I’ve never believed in software firewalls under Windows. Hackable software on an easily hackable OS is rather like standing up to fart before you sit down again.

preaching to the choir man. i laugh at people who still run checkpoint on windows. checkpoint stopped being a leader in firewalling oh .. in 97. Their enterprise management tools are nice but can be easily duplicated VIA snmp, ssh, and take your pick on the various web 2.0 platforms. just create a page that polls your routers via snmp (and link to an mrtg report), populate a nice GUi netowrk map, and use centralized authentication and bam … you’ve now duplicated the one thing that checkpoint has over their competitors.

i will say that Microsoft’s ISA platform is actually pretty cool when someone like me sets it up. problem is i can design a better solution via a number of different appliances vendors for less than the cost of the ISA licensing.

p.s. i think you can do route add -p instead of putting it at the end. i think as long as it doesnt fall in the IP/mask/gw portion its fine.

Leave a Reply

Name and email address are required. Your email address will not be published.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You may use these HTML tags and attributes:

<a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <s> <strike> <strong> 

%d bloggers like this: