Internet-only access point

Archived from groups: alt.internet.wireless (More info?)

Hello,

I want to create an access point on my network that ONLY gives internet
access available onthe network, but not access to the network itself. What's
the best way to do it? I would imagine one of two:

A) Put a router between the network and teh access point that blocks all
traffic to local network 192.168.1.x except for the local gateway
192.168.1.1
B) Buy a linksys WRT54G, and install the "Linux on the WRT54G" distribution
on there and block it within that AP.

Is there another "better" way that I am missing?

- Steve


----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---
1 answer Last reply
More about internet only access point
  1. Archived from groups: alt.internet.wireless (More info?)

    On Fri, 25 Jun 2004 12:43:09 -0700, "Steve Quezadas"
    <steveeq2@tripperjones.com> wrote:

    >I want to create an access point on my network that ONLY gives internet
    >access available onthe network, but not access to the network itself. What's
    >the best way to do it? I would imagine one of two:
    >
    >A) Put a router between the network and teh access point that blocks all
    >traffic to local network 192.168.1.x except for the local gateway
    >192.168.1.1

    Hair splitting: An "access point" is a wireless bridge which knows
    nothing about IP addresses and therefore cannot route, block by IP, or
    otherwise pretend to play router. Methinks you meant "wireless
    router".

    >B) Buy a linksys WRT54G, and install the "Linux on the WRT54G" distribution
    >on there and block it within that AP.
    >
    >Is there another "better" way that I am missing?

    There's always a "better" way on usenet. Some ideas:

    1. For hot spots with internal lans, I use multiple routeable static
    IP addresses. One static IP is for the wireless access point. The
    other is for the internal LAN with its own router. Wireless access to
    the internal LAN requires a seperate wireless router or bridge.

    2. If you're stuck with a single IP address, you setup the wireless
    and internal LAN with different Class C IP blocks. For example, the
    wireless router DHCP delivers IP's in 192.168.1.xxx and the internal
    LAN runs on 192.168.2.xxx. You don't really need a 2nd router to
    connect these two seperate LAN's as you could setup a static route to
    the wireless router at 192.168.1.1 from 192.168.2.xxx on every client
    machine and point the default route to 192.168.1.1. However, this
    creative routeing has proven to be a rather painful exercise in
    maintenance, so I add a 2nd router to connect 192.168.1.xxx with
    192.168.2.xxx. The static route method isn't terribly secure as a
    clueful wireless user could easily break into the internal LAN.

    3. Use a multiport Linux based router. I've been using Freesco:
    http://www.freesco.org
    http://www.freescosoft.com (add-ons and modules)
    for multiport routers for quite a while. Works nice. Most of my
    boxes are 486DX2/66 clunkers running off Compact Flash cards as a disk
    drive (with an IDE to CD adapter). The current incantation will
    support up to 10ea ethernet cards. While it is possible to add a PCI
    wireless card, the location of the router and the ideal location of
    the radio are almost always incompatible. Therefore, I build my boxes
    with 3 or 4 ethernet cards, and plug in a wireless bridge radio into
    one of the ethernet ports. For easy firewall rules management:

    http://www.freescosoft.com/home/html/FREESCO/packages/v0.3.x/fwcontrol_---_tiger.htm
    Note: No USB support in the kernel.

    4. Multiport SBC (single bored computah) with wireless. See:
    http://www.soekris.com/how_to_buy.htm
    The 4511, 4521, and 4801 boards have multiple ethernet ports (and
    multiple radios), CF card for disks, USB, kitchen sink, etc. Of
    course, it runs Linux.


    --
    Jeff Liebermann jeffl@comix.santa-cruz.ca.us
    150 Felker St #D 831-336-2558
    Santa Cruz CA 95060 AE6KS
Ask a new question

Read More

Internet Wireless Networking