[Cialug] public/private wifi

[Josh More]

Several options.  For security, ALL of them should use WPA2, not WEP.

1) Use two WAPs.  Connect them to dedicated interfaces on a
security/firewall box like Untangle or IP Cop.  Set the rules there.

2) Use one WAP, set it public with no connections anywhere else.  Set up
a VPN connection with a client on your workstation to use the WAP to pop
back in to your local network in a secure fashion.

There are probably others, but anything that involves sharing a WAP for
two security levels is probably unwise.



-Josh More, RHCE, CISSP, NCLP, GIAC 
 morej at alliancetechnologies.net 
 515-245-7701

>>> Matthew Nuzum <newz at bearfruit.org> 12/31/09 11:17 AM >>>
What's the ideal way to set up a public/private wifi network? Picture
this
scenario:

You have a network that you want to allow people to access publicly.
There
is a shared wep key that you can tell people to use when they're
connected
to your network. Devices may be a PC or could be a phone, an iPod, a wii
or
whatever. However you don't want these people to use your printer or
access
your network shares. Being able to limit the bandwidth used by these
devices
is nice.

You want it to be easy for the people who should be able to access these
shared resources to get connected to them. They may be using Linux, Mac
OS
or Windows. Or they may be a wired or wireless printer (my HP printer
uses
wifi and saves scanned docs to a shared folder).

What would you do? Assuming you have a common soho router (maybe openwrt
compatible) a computer that can be used as a server (running whatever
OS)
and plenty of networking/linux experience.

-- 
Matthew Nuzum
newz2000 on freenode, skype, linkedin, identi.ca and twitter