split/isolate network

[Nils Kassube]

Doug wrote:
> On 11/21/2010 02:45 AM, Nils Kassube wrote:
> > NoOp wrote:
> >> Sorry, forgot to add that a good router/firewall1 should be able
> >> to accomplish the above. However I've not (yet) found a wireless
> >> router with a good enough firewall interface to allow me to
> >> inspect packets, logs, etc., in the same manner as my wired
> >> router/firewall, so I just connect the wireless to the wired& 
> >> use the wired as the controlling router&  gateway.
> > 
> > If you have a wireless router that is supported by openwrt [1] or
> > other free firmware, you can do all you want - it is just another
> > Linux distrubution. Of course you may void your warrenty if you
> > don't use the original firmware supplied by the manufacturer, but
> > that's another story.
> 
> So are you suggesting that the Linksys wireless router does not have
> as hardy a firewall as the wired version?  Is there any reasonable
> way to tell?

Well, what NoOp opined was that he hasn't seen a good firewall interface 
on a wireless router. And I mentioned that you can install a firmware 
like openwrt on some wireless routers to use the normal Linux tools 
instead of the limited options of the firmware coming with the device. I 
can't tell you anything about the quality of the firewall included in 
the routers. However my assumtion is that the WRT54GL you were talking 
about uses Linux and iptables for the routing which should be as good as 
a wired router. OTOH, with openwrt you have a lot more configuration 
options because you aren't limited by the web interface coming with the 
router. I didn't experiment that much with my WRT54GL, but I think you 
can configure the switch in a way that you have 4 separate LANs instead 
of a common LAN for all 4 ports, if that's what you need. The wireless 
port can be configured to operate as multiple access points or as a 
wireless client. These options aren't available with the original 
firmware, even though the hardware would support it.


Nils