| | 1 | = The delivery status = |
|---|
| | 2 | |
|---|
| | 3 | Coming with delivery status the Fonera provides using it like these scenarios only. |
|---|
| | 4 | |
|---|
| | 5 | == The private signal == |
|---|
| | 6 | The private signal uses WPA-PSK encryption by default, so that the owner of the Fonera may use this signal as his own. Authenticating successfully thereby the client gets an IP from the Fonera autmatically, giving access to the internet for free. Using this signal makes it possible to access the existing private network via WAN port (ethernet cable) also. |
|---|
| | 7 | The following example shows a connected client accessing PC1. |
|---|
| | 8 | |
|---|
| | 9 | {{{ |
|---|
| | 10 | (192.168.10.0/24) |
|---|
| | 11 | private signal |
|---|
| | 12 | (192.168.0.0/24) (LAN) |
|---|
| | 13 | DSL-ROUTER -- Cable --- SWITCH --- (WAN) FONERA |
|---|
| | 14 | | (WIFI) |
|---|
| | 15 | | public signal |
|---|
| | 16 | | (192.168.182.0/24) |
|---|
| | 17 | PC1 |
|---|
| | 18 | (192.168.0.1/32) |
|---|
| | 19 | }}} |
|---|
| | 20 | |
|---|
| | 21 | From the private signal the access vice versa (PC1 --> client) is not possible, unless you set up a proper port forwarding on your Fonera with the help of the WebIf that permits the transport of packages in direction to private signal.lässt. |
|---|
| | 22 | |
|---|
| | 23 | |
|---|
| | 24 | == The public signal == |
|---|
| | 25 | |
|---|
| | 26 | Clients connected to the public signal (Wifi) do not authenticate like clients on the private signal per WLAN ecryption but are getting ad hoc an IP from the subnet 192.168.182.0/24. |
|---|
| | 27 | When the client tries to call any internet site he/she is redirected to the authentication site of FON. |
|---|
| | 28 | If authentication runs successfully, access to the whole internet is opend to the client within the Fonera. |
|---|
| | 29 | The client connected to the Wifi network does not have any access to the net behind the WAN interface, |
|---|
| | 30 | so he/she cannot read any ressources there. Thus a link to PC1 cannot be established. (It should be this was anyway.) |
|---|
| | 31 | |
|---|
| | 32 | |
|---|
| | 33 | == Specials concerning security == |
|---|
| | 34 | |
|---|
| | 35 | Including version 0.7.1r3 and under of the firmware of the Fonera it is possible to reach ressources at WAN side which are '''not''' within the IP range of the WAN, if a route exists. Looking at the following scenario we see a further router that provides PC1 with another IP range (192.168.1.0/24). |
|---|
| | 36 | |
|---|
| | 37 | {{{ |
|---|
| | 38 | (192.168.10.0/24) |
|---|
| | 39 | private signal |
|---|
| | 40 | (192.168.0.1/24) (..0.2) (LAN) |
|---|
| | 41 | DSL-ROUTER -- Cable --- ROUTER --- (WAN) FONERA |
|---|
| | 42 | (192.168.1.1/24) |
|---|
| | 43 | | (WIFI) |
|---|
| | 44 | | public signal |
|---|
| | 45 | | (192.168.182.0/24) |
|---|
| | 46 | PC1 |
|---|
| | 47 | (192.168.1.10/32) |
|---|
| | 48 | }}} |
|---|
| | 49 | |
|---|
| | 50 | PC1 in the previous example stayed in the same subnet like the WAN port of the Fonera. Access from authenticated clients at Wifi side to PC1 is permitted. |
|---|
| | 51 | Thus in this case PC1 with IP from 192.168.1.0 is not in the same subnet as WAN interdace of the Fonera anymore. |
|---|
| | 52 | The Fonera uses the router (192.168.0.1) as default gateway. |
|---|
| | 53 | As the firewall of the simple Fonera (without FreeWLAN Addons) grants traffic to the subnet of WAN interface, the access from Wifi clients to PC1 is permitted, because it does not reside in the same subnet as WAN interface. |
|---|
