<div dir="ltr"><br><br><div class="gmail_quote">2011/4/6 Elazar Leibovich <span dir="ltr"><<a href="mailto:elazarl@gmail.com">elazarl@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div dir="ltr">I want the settings in my wireless router to be, ideally:<div>1) Anonymous have access only to the internet, any packet will be either routed "outside" of the router or dropped.</div><div>2) Authenticated users (by any means) will be able also to access the inner network.</div>
<div><br></div><div>Even just achieving 1 for everyone (and drop authentication altogether) is good enough.</div><div><br></div><div>How can I implement this rules?</div><div><br></div><div>The easiest solution which came to my mind is:</div>
<div>1) Set known macs to be mapped to IP in 192.168.1.*, unknown macs to be mapped to 192.168.2.* (I think it's possible in many home routers)</div><div>2) Somehow tell the router to route all traffic (except the one coming from a PC A) to a PC A. (Not so sure it's possible).</div>
<div>3) In PC A, route all packets to the router, and drop packets whose destination is in 192.168.*, (this should be a simple IPtable rule).</div><div><br></div><div>Another solution - plug your ears instead of curing your bedmate's snoring.</div>
<div>1) Leave the router as it is, ignore any packets not coming from a known whitelist (can you tell linux to filter packets based on MAC? Even if you can't use IP whitelist and force the known MACs to be mapped to IPs in the whitelist, preventing unknown MACs from being mapped to the whitelist).</div>
<div><br></div><div>I of course prefer everything to be done in the router, but I'm not sure it's possible.</div></div>
<br></blockquote><div><br>Best solution: Use a router that has a 'guest network' feature. Many do (especially the expensive ones ;)). Some can have it when their firmware is replaced (read: dd-wrt and friends). e.g. <a href="http://www.dd-wrt.com/wiki/index.php/VLAN_Detached_Networks_%28Separate_Networks_With_Internet%29">http://www.dd-wrt.com/wiki/index.php/VLAN_Detached_Networks_%28Separate_Networks_With_Internet%29</a><br>
<br>Changing your MAC is pretty trivial...<br><br>-- Shimi <br></div></div><br></div>