There is "no 802.1x protocol for security".
There *is* WEP.  WEP doesn't not actually provide security.
There *is* IPsec to a box behind the wireless (or the W.A.P.
itself if smart).

M0n0Wall is an interesting FreeBSD distro you could swipe
from, there are many others.  Seek info about the Soekris
boxes and you will find a trove.

How do you plan on user auth?  They authenticate and that MAC
address is allowed "for a while?"  There's an opportunity to
hack in.


I have a Soekris box running a hand crafted small distro which
fits into a 32MB Compact Flash.  It's large.  I've gotten
functional down to 8MB, but it's kind of being a general house
machine (if Readonly).

Quoting Will Roberts (will.roberts@arctos.com):
> At 08:36 AM on 3/4/03, "Christian Fredrickson" <fredrick@eng.utah.edu> 
> wrote:
> 
> >I would like to setup a NetBSD firewall that will provide secure wireless
> >access to my users. I would like to use Active Directory LDAP to provide
> >user authentication. I would like to run 802.1X protocol for security. Does
> >anyone have a similar setup or have any suggestions for going about this?
> >
> >Thank you all,
> >
> >Chris
> 
> 
> I am sure that there are many ways to do this and this is just one:
> 
> We have a small ethernet LAN connected to the internet via a machine
> configured as a NAT router.  We wanted to allow some of our users to
> access the LAN via notebook computers equipped with generic 802.11b
> wireless PCMCIA (now called "PC") cards.
> 
> What we did was acquire a basic inexpensive wireless router (in our
> case an HP hn200w, but any of the similar linksys, asante, netgear
> equivalents would probably work.)
> 
> These devices are marketed for use as a home LAN "internet gateway" with
> built-in NAT router capability, but there is no reason that one has
> to use the NAT router functionality.
> 
> Were you to look inside one of these devices, you'd find that its internal
> elements could be represented as a logical block diagram something like
> this:
> 
>                                                              o
>                                                              | antenna
>          +--------+       +--------+        +----------+     |
>   WAN <->| NAT    |<----->|        |<------>| 802.11b  |<----+
>   port   | router |       |        |        | wireless |
>          +--------+       |        |<--1    | access   |
>                           |  10/   |        | point    |
>                           |  100   |<--2    +----------+
>                           |  HUB   |
>                           |        |<--3
>                           |        |
>                           |        |<->4 uplink <--- connect to existing LAN
>                           +--------+