stuart test blog

I’ve just purchased a new wireless/router/4-port switch for home. It’s a Linksys WRT54G and it has: wireless capabilities for both B and G access; a 4-port 100MB switch; and router/firewall functions. The reason for buying it was two-fold: firstly, I wanted to buy a 100Mbps switch as I’m currently using a crappy, old 10Mbps hub; secondly: I had purchased (and waiting for delivery) a new notebook that had built-in wireless capability.

I was at first going to buy a Linksys 8 port switch and then compare prices on a wireless access point. However, I stumbled across the WRT54G and this device was cheaper than some of the regular access points, and it had a built-in 4 port switch. The added functionality of the firewall/router meant that I could use my existing SonicWall SOHO 3 as the internet firewall and then use the Linksys as a second firewall, creating a DMZ where I could keep my web/mail server. This worked out way better than just using the one firewall and port forwarding web and mail traffic to the server on my LAN. This also caused another problem, but I’ll get to that later.

With the two firewalls in place, I now had two local subnets – one designated as a DMZ using the 10Mb hub, and the other as my LAN with my two computers, and network printer plugged into the switch – leaving one port spare. I now had no direct access to my LAN from the internet and only had the minimal ports opened on both firewalls. The increased network performance from going from a 10Mb hub to a 100Mb switch was (as expected) incredible and as I use my Windows PC as a pseudo-file-server storing videos and music, I could easily stream music across the network without any jumping or stuttering.

The only problem I encountered with my new setup, is that I’m no longer able to use the VPN functionality of the SonicWall effectively. Before, I connect remotely to my LAN using the SonicWall Global VPN Client. The SonicWall would terminate the connection and assign me an IP address on my LAN using DHCP, and I would have full access to my network from anywhere with an internet connection. But now, if my SonicWall gives me an IP address it’s going to be in the DMZ – so I’ll have full access to my web/mail server but nothing on the LAN because of the extra firewall. So I’m not sure what I’m going to do about this – for the meantime I’ve just stopped using the VPN because I it’s a ‘nice-to-have’ but not essential. I may try to do some fancy configuring of the firewalls to get it all working but haven’t got around to it yet.

As for the wireless setup on the Linksys, I didn’t really know what the best way to set it up would be so I did a bit of research. I headed straight to Google and starting digging up all sorts of info about what levels of protection would be best. Obviously, I wanted it to be as secure as possible, but I also didn’t want it to be so secure that it would be a hassle to maintain. I soon worked out that the latest, greatest wireless security was WPA2 (Wi-Fi Protected Access 2) – an update to WPA. Windows XP doesn’t support this out of the box, but if you’re running Service Pack 2 (which you should be!) then you can download an update to get support – I read about it here: www.microsoft.com/technet/community/columns/cableguy/cg0505.mspx. The other update I had to install was to the Linksys router itself. The firmware that it shipped with didn’t have support for WPA2 but a quick look on their website (www.linksys.co.nz for NZ) and I found an updated firmware that was a few clicks away from installing. With this firmware in place, setting up the security was a breeze. I ended up configuring the security using WPA2 with PSK (pre-shared key) as I didn’t have a RADIUS server in place. I also chose not to use MAC address filtering because it would have meant that I would need to edit the router everytime I wanted to allow someone access to my network. The MAC address filtering can also easily be hacked, and I was quite happy that my long, complex pre-shared key would keep hackers guessing for a long time.

Now I just need my laptop to arrive to test that it all works….