Sharing only internet connectivity with wireless router

[Elazar Leibovich]

I want the settings in my wireless router to be, ideally:
1) Anonymous have access only to the internet, any packet will be either
routed "outside" of the router or dropped.
2) Authenticated users (by any means) will be able also to access the inner
network.

Even just achieving 1 for everyone (and drop authentication altogether) is
good enough.

How can I implement this rules?

The easiest solution which came to my mind is:
1) Set known macs to be mapped to IP in 192.168.1.*, unknown macs to be
mapped to 192.168.2.* (I think it's possible in many home routers)
2) Somehow tell the router to route all traffic (except the one coming from
a PC A) to a PC A. (Not so sure it's possible).
3) In PC A, route all packets to the router, and drop packets whose
destination is in 192.168.*, (this should be a simple IPtable rule).

Another solution - plug your ears instead of curing your bedmate's snoring.
1) Leave the router as it is, ignore any packets not coming from a known
whitelist (can you tell linux to filter packets based on MAC? Even if you
can't use IP whitelist and force the known MACs to be mapped to IPs in the
whitelist, preventing unknown MACs from being mapped to the whitelist).

I of course prefer everything to be done in the router, but I'm not sure
it's possible.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20110406/92ed3cec/attachment.html>