Sharing only internet connectivity with wireless router
shimi
linux-il at shimi.net
Wed Apr 6 10:26:24 IDT 2011
2011/4/6 Elazar Leibovich <elazarl at gmail.com>
> I want the settings in my wireless router to be, ideally:
> 1) Anonymous have access only to the internet, any packet will be either
> routed "outside" of the router or dropped.
> 2) Authenticated users (by any means) will be able also to access the inner
> network.
>
> Even just achieving 1 for everyone (and drop authentication altogether) is
> good enough.
>
> How can I implement this rules?
>
> The easiest solution which came to my mind is:
> 1) Set known macs to be mapped to IP in 192.168.1.*, unknown macs to be
> mapped to 192.168.2.* (I think it's possible in many home routers)
> 2) Somehow tell the router to route all traffic (except the one coming from
> a PC A) to a PC A. (Not so sure it's possible).
> 3) In PC A, route all packets to the router, and drop packets whose
> destination is in 192.168.*, (this should be a simple IPtable rule).
>
> Another solution - plug your ears instead of curing your bedmate's snoring.
> 1) Leave the router as it is, ignore any packets not coming from a known
> whitelist (can you tell linux to filter packets based on MAC? Even if you
> can't use IP whitelist and force the known MACs to be mapped to IPs in the
> whitelist, preventing unknown MACs from being mapped to the whitelist).
>
> I of course prefer everything to be done in the router, but I'm not sure
> it's possible.
>
>
Best solution: Use a router that has a 'guest network' feature. Many do
(especially the expensive ones ;)). Some can have it when their firmware is
replaced (read: dd-wrt and friends). e.g.
http://www.dd-wrt.com/wiki/index.php/VLAN_Detached_Networks_%28Separate_Networks_With_Internet%29
Changing your MAC is pretty trivial...
-- Shimi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20110406/60ceb5e7/attachment.html>
More information about the Linux-il
mailing list