[Cialug] public/private wifi

Tim Champion timchampion at gmail.com
Thu Dec 31 11:27:06 CST 2009 

Personally, I would have two wireless routers.
Router 1 - its WAN connects out to the ISP (modem or whatever). make that
one the public router, light on the security.
Router 2 - WAN port connected to a LAN port of Router 1. Tighter security,
all your network shares and your "personal" computers behind that firewall.

Anybody connecting to the "public" router 1 would be able to get out, but
not "in" to your personal network.

Tim Champion
timchampion at gmail.com


On Thu, Dec 31, 2009 at 11:22 AM, Josh More
<morej at alliancetechnologies.net>wrote:

> Several options.  For security, ALL of them should use WPA2, not WEP.
>
> 1) Use two WAPs.  Connect them to dedicated interfaces on a
> security/firewall box like Untangle or IP Cop.  Set the rules there.
>
> 2) Use one WAP, set it public with no connections anywhere else.  Set up
> a VPN connection with a client on your workstation to use the WAP to pop
> back in to your local network in a secure fashion.
>
> There are probably others, but anything that involves sharing a WAP for
> two security levels is probably unwise.
>
>
>
> -Josh More, RHCE, CISSP, NCLP, GIAC
>  morej at alliancetechnologies.net
>  515-245-7701
>
> >>> Matthew Nuzum <newz at bearfruit.org> 12/31/09 11:17 AM >>>
> What's the ideal way to set up a public/private wifi network? Picture
> this
> scenario:
>
> You have a network that you want to allow people to access publicly.
> There
> is a shared wep key that you can tell people to use when they're
> connected
> to your network. Devices may be a PC or could be a phone, an iPod, a wii
> or
> whatever. However you don't want these people to use your printer or
> access
> your network shares. Being able to limit the bandwidth used by these
> devices
> is nice.
>
> You want it to be easy for the people who should be able to access these
> shared resources to get connected to them. They may be using Linux, Mac
> OS
> or Windows. Or they may be a wired or wireless printer (my HP printer
> uses
> wifi and saves scanned docs to a shared folder).
>
> What would you do? Assuming you have a common soho router (maybe openwrt
> compatible) a computer that can be used as a server (running whatever
> OS)
> and plenty of networking/linux experience.
>
> --
> Matthew Nuzum
> newz2000 on freenode, skype, linkedin, identi.ca and twitter
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cialug.org/pipermail/cialug/attachments/20091231/afd93a0d/attachment.htm

More information about the Cialug mailing list