secure access point from rest of network

I want to have a "outsider" share my internet connection, but not be
allowed to the rest of the network. Basically, I want them to be on
their own access point and not be able to get anywhere else. Is this
possible?

Further details: I have netgear equipment. My DSL line comes in and
goes to my expensive wired router. From there, my server is attached
and so is another switch. I have all of my other computers on the
network on the switch. I really don't care where they "plug" into, but
I just don't want to give them access to the server and all of my other
computers. Suggestions?

oakj423@gmail.com wrote:
> I want to have a "outsider" share my internet connection, but not be
> allowed to the rest of the network. Basically, I want them to be on
> their own access point and not be able to get anywhere else. Is this
> possible?
>
> Further details: I have netgear equipment. My DSL line comes in and
> goes to my expensive wired router. From there, my server is attached
> and so is another switch. I have all of my other computers on the
> network on the switch. I really don't care where they "plug" into,
> but I just don't want to give them access to the server and all of my
> other computers. Suggestions?

When you find out how to DO it, I'd love to find out how you did, so I can
do the opposite... I have a wireless network at home, added another WAP, and
the computes that access that one can ONLY see itself and the internet,
absolutely nothing else.. Annoying since I want to add a second AP TO the
network, rather than have it isolated/by itself....

oakj423@gmail.com wrote:
> I want to have a "outsider" share my internet connection, but not be
> allowed to the rest of the network. Basically, I want them to be on
> their own access point and not be able to get anywhere else. Is this
> possible?
>
> Further details: I have netgear equipment. My DSL line comes in and
> goes to my expensive wired router. From there, my server is attached
> and so is another switch. I have all of my other computers on the
> network on the switch. I really don't care where they "plug" into, but
> I just don't want to give them access to the server and all of my other
> computers. Suggestions?
>

I have Netgear, Linksys (DD-WRT), and D-Link at home. The only one I was able
set up to do what you want was the D-Link. I've done this on two DLs I have
installed at a client's site. They wanted Internet access for Wireless, but
not to their internal network or server. The only local access I had to build
in was DNS for their local server.


--
Mike Vore
http://www.OhMyWoodness.com
http://mike.vorefamily.net/twr


--
Mike Vore
http://www.OhMyWoodness.com
http://mike.vorefamily.net/twr

<oakj423@gmail.com> wrote in message
news:1158953351.407363.148520@m7g2000cwm.googlegro ups.com...
>I want to have a "outsider" share my internet connection, but not be
> allowed to the rest of the network. Basically, I want them to be on
> their own access point and not be able to get anywhere else. Is this
> possible?
>
> Further details: I have netgear equipment. My DSL line comes in and
> goes to my expensive wired router. From there, my server is attached
> and so is another switch. I have all of my other computers on the
> network on the switch. I really don't care where they "plug" into, but
> I just don't want to give them access to the server and all of my other
> computers. Suggestions?

Absolutetly! I allow outsiders (plural!) to openly use one of my AP's as my
house overlooks a community park/lake.
My mindset is that I may want to use someone else's open network while in
public for simple web browsing, so I should also share mine!

Google "captive portal". I'm using ZoneCD (free, GNU/Linux based, runs off
a CD), but there are many others out there.

Simple/typical setup scenerio: http://www.publicip.net/zonecd/how.php

I filter again porn, running services, strobing, DoS, etc.. Majority of
people that connect through my open AP are just kids with the Nintendo DS's
though.

Cheers,
Eric

Easy...

Connect a Linksys WRT54G (or the GL, for Linux, has much better
performance in my opinion) to any place in your network.

Give it a static IP address (either an external from your ISP, if you
have multiple, or a private IP from your inside range - it won't
matter, depends on where you connect it)

In the web-based setup configure the following...

Wireless > Wireless Security
Security Mode: Disable
Wireless > Advanced Wireless Settings
AP Isolation: On (prevents wireless users from connecting to each
other directly)
SecureEasySetup: Disable (prevents someone from hitting the Cisco
logo/button on the front of the router)
Security > Firewall
Firewall Protection: Enable
Block Anonymous Internet Requests: Checked
Filter Multicast: Checked
Filter IDENT: Checked
Security > VPN
IPSec Passthrough: Enable (if you want corporate users who visit
your HotSpot to be able to VPN back to their office)
PPTP Passthrough: Enable
L2TP Passthrough: Enable
Access Restrictions > Internet Access
Internet Access Policy: 1 (HotSpot)
Status: Enable
PCs > Edit List of PCs
IP Range 01: 192.168.0.1 ~ 254
Allow: Selected
Everyday: Checked
Times: 24 Hours
Blocked Services > Add/Edit Service
AtRisk, TCP & UDP, 135 ~ 139
MS-DS, TCP & UDP, 445 ~ 445
....this blocks all the Microsoft File Sharing ports, therefore they
can't connect to your internal servers. (consider adding other ports
and services that you have on your internal network, but don't want
HotSpot users to get to)

Also consider using DNS Redirector to log and filter where users are
going. Just set the DNS server in the WRT54GL as the IP of the machine
running DNS Redirector, and it will be handed out as the default DNS
server to clients via DHCP.

oakj423@gmail.com wrote:
> I want to have a "outsider" share my internet connection, but not be
> allowed to the rest of the network. Basically, I want them to be on
> their own access point and not be able to get anywhere else. Is this
> possible?
>
> Further details: I have netgear equipment. My DSL line comes in and
> goes to my expensive wired router. From there, my server is attached
> and so is another switch. I have all of my other computers on the
> network on the switch. I really don't care where they "plug" into, but
> I just don't want to give them access to the server and all of my other
> computers. Suggestions?