Personally, I would have two wireless routers.<br>Router 1 - its WAN connects out to the ISP (modem or whatever). make that one the public router, light on the security.<br>Router 2 - WAN port connected to a LAN port of Router 1. Tighter security, all your network shares and your "personal" computers behind that firewall. <br>
<br>Anybody connecting to the "public" router 1 would be able to get out, but not "in" to your personal network.<br><br clear="all">Tim Champion<br><a href="mailto:timchampion@gmail.com">timchampion@gmail.com</a><br>
<br><br><div class="gmail_quote">On Thu, Dec 31, 2009 at 11:22 AM, Josh More <span dir="ltr"><<a href="mailto:morej@alliancetechnologies.net">morej@alliancetechnologies.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Several options. For security, ALL of them should use WPA2, not WEP.<br>
<br>
1) Use two WAPs. Connect them to dedicated interfaces on a<br>
security/firewall box like Untangle or IP Cop. Set the rules there.<br>
<br>
2) Use one WAP, set it public with no connections anywhere else. Set up<br>
a VPN connection with a client on your workstation to use the WAP to pop<br>
back in to your local network in a secure fashion.<br>
<br>
There are probably others, but anything that involves sharing a WAP for<br>
two security levels is probably unwise.<br>
<br>
<br>
<br>
-Josh More, RHCE, CISSP, NCLP, GIAC<br>
<a href="mailto:morej@alliancetechnologies.net">morej@alliancetechnologies.net</a><br>
515-245-7701<br>
<br>
>>> Matthew Nuzum <<a href="mailto:newz@bearfruit.org">newz@bearfruit.org</a>> 12/31/09 11:17 AM >>><br>
<div><div></div><div class="h5">What's the ideal way to set up a public/private wifi network? Picture<br>
this<br>
scenario:<br>
<br>
You have a network that you want to allow people to access publicly.<br>
There<br>
is a shared wep key that you can tell people to use when they're<br>
connected<br>
to your network. Devices may be a PC or could be a phone, an iPod, a wii<br>
or<br>
whatever. However you don't want these people to use your printer or<br>
access<br>
your network shares. Being able to limit the bandwidth used by these<br>
devices<br>
is nice.<br>
<br>
You want it to be easy for the people who should be able to access these<br>
shared resources to get connected to them. They may be using Linux, Mac<br>
OS<br>
or Windows. Or they may be a wired or wireless printer (my HP printer<br>
uses<br>
wifi and saves scanned docs to a shared folder).<br>
<br>
What would you do? Assuming you have a common soho router (maybe openwrt<br>
compatible) a computer that can be used as a server (running whatever<br>
OS)<br>
and plenty of networking/linux experience.<br>
<br>
--<br>
Matthew Nuzum<br>
newz2000 on freenode, skype, linkedin, <a href="http://identi.ca" target="_blank">identi.ca</a> and twitter<br>
<br>
</div></div>_______________________________________________<br>
Cialug mailing list<br>
<a href="mailto:Cialug@cialug.org">Cialug@cialug.org</a><br>
<a href="http://cialug.org/mailman/listinfo/cialug" target="_blank">http://cialug.org/mailman/listinfo/cialug</a><br>
</blockquote></div><br>