I'm thinking of getting an Airport Extreme basestation, and have a couple of questions I hope you guys could help me with.
Today I use a FreeBSD box as a firewall and router for both my wired and wireless network. The two networks are defined as two seperate NAT'ed subnets, and I have a mix of DHCP and static IP assignmens. The wireless network does not use WEP, but is encrypted with IPSec (racoon). My internet connection is SDSL with a static IP.
The FreeBSD box is also a web/database server. In addition to this I have a Win2K TS server which is accessed from specific outside clients with port forwarding on the FreeBSD box. The other computers are a couple of Win2K on 100Mbps, a Dell and a TiBook on 802.11b.
As you might guess, I'm thinking of replacing the FreeBSD box with an AE basestation. But I need to know how much functionality I will lose or gain.
My questions are as follows:
* Will the AE station route both my wireless and wired network if I connect a switch to the LAN port?
* Will I be able to define the two nets as seperate subnets and do firewalling between them?
* Can I do a mix of static and dynamic IP assignments? (ie reserve an IP in the dhcp scope)
* Can Wep/RADIUS/Leap replace IPSec as security on my wireless network? Will it work on both OSX and Win?
* I understand the AE station can do portforwarding, so there wont be a problem having www/ssh/ts servers on the inside serving content to the outside?
* How much can I restrict the client computers access to the outside? For instance, can I restrict "non-authenticated" wireless clients to just port 80?
I would like to keep the FreeBSD box as it's quite flexible and works very well, but unfortunately it will have to be replaced. So, will an AE basestation do what I want?
Top
