Rental Home Wireless Networks? 57
Tangential asks: "I'm looking for advice. I have a rental home at the beach that I've equipped with Cable Modem and WiFi. After trying to use it with WEP for a summer I gave that up (life is far too short for me to talk every renter thru configuring their notebook). I would like a bit of control over who uses my system. I've blocked outbound port 25 (since my ISP doesn't), but what I'd really like to do is run something like hotels do, where you enter a password and activate your MAC address for a certain amount of time, Then I could just tell the renter the password and manage that remotely. I run OSS in my Linksys WRT-54G router at home (from Sveasoft) and I like being able to use a low cost router for such a function. I'd like to know what systems other folks have encountered that do this using OSS and mass market equipment."
Hassle (Score:5, Insightful)
Re:Hassle (Score:2)
Some of us do enjoy sitting on the deck and watching the ocean while getting some e-mail, work, or surfing in. In fact, if it's close enough to the beach, I'm all about sitting in my lounge chair (like the movie The Net) and doing stuff on the Internet.
I have mobile access via GPRS but would love to have a full broadband connection. YMMV.
Re:Hassle (Score:1)
Now, granted, that wasn't the issue in the parent, but I know that's what some hanyack is thinking.
PUBLICip (Score:5, Informative)
Check out the features [publicip.net] and see if that's what you're looking for. It's free!
MOD Parent UP (Score:1, Informative)
Re:PUBLICip (Score:1)
Re:PUBLICip (Score:1, Funny)
PublicIP (Score:2, Informative)
Keep in mind.. (Score:4, Interesting)
Things like that aren't guaranteed - if you need to ensure that no user is using it for bittorrent, or anything like that, you might as well give up :)
For instance, if you leave port 22 open, your users will be able to set up a socks proxy through SSH [the-engine.org] (requires a box available on the 'net with SSH tunneling privs, but that isn't hard to get). If you have that blocked, but have ping open, well.. They'd have to have another box on the outside with admin privs, but they could also tunnel all the traffic through ping (I've seen it done before, never tried it myself).
You probably won't have to worry about the tenants doing this, but always be wary of wardrivers who are looking to leech some wifi.
If the benefits outweight the risks, go for it.
I think that's the point (Score:2)
Re:I think that's the point (Score:2)
whats the point of trying to control it (Score:2)
Re:whats the point of trying to control it (Score:2)
I would take it as a kindness if the easy ways to block spam relays were taken.
On the right track.. (Score:2, Interesting)
Post Google:
http://www.portless.net/menu/ewrt/ [portless.net]
and look into software called "nocatauth", which the above has put on a WRT54G
Luck
Re:On the right track.. (Score:4, Interesting)
It basicly provides you with all you need for running a hotspot without bothering your users with new software or different settings. User connects, is directed to a webpage where they have to login, and everything works..
tunnel (Score:2)
D-Link Airspot Line of Wireless Routers. (Score:3, Informative)
DSA-5100http://www.dlink.com/products/?sec
Product Features: Creates Multiple Public Networks with Five Different
Authentication Policies
Supports up to 400 Concurrent Online Users
Advanced User Management with Traffic Monitoring and Policy Enforcement Product Description:
D-Link®, the industry leader in innovative networking solutions, introduces another breakthrough in the Airspot family of service gateway products. As the need for on-demand Internet connectivity continues to grow, the D-Link Airspot DSA-5100 Public/Private Hot Spot Gateway provides large establishments a solid solution for adding multiple public access networks while still maintaining the integrity of an existing private network. The DSA-5100 Hot Spot Gateway is a business-class service gateway designed to segment public and private network infrastructures. By adding a managed switch to the integrated public port, network administrators can deploy several public networks over a large-scale establishment such as a university campus or resort. Through the private port on the DSA-5100, the backend private network such as the campus operation centers or central office, can remain completely separate and secure.
To optimize and maintain network up time and performance, the DSA-5100 Hot Spot Gateway has two built-in WAN ports that support link fail-over in order to provide Internet connection redundancy. In the case that the first ISP's connection fails, the second link (if configured and conencted to a second ISP) will take over to ensure that Hot Spot customers with maintain uninterrrupted Internet access. The DSA-5100 supports virtually all WAN connection types including static, dynamic, and PPPoE Client.
The DSA-5100 Hot Spot Gateway also offers several advanced features to help manage and support up to 400 public users online at any time. Additional user management controls include bandwidth control, network policy enforcement, customizable user timer, login/logout web-page, online traffic monitoring, and URL redirection.
To ensure authorized network access, the DSA-5100 supports multiple authentication methods such as POP3, RADIUS, LDAP, internal user database, and external Web (HTTP or HTTPS) authentication. With support for 802.1q VLAN tagging, different authentication policies can be used per administrator-assigned VLAN networks for maximum security. In addition, VLAN tagging helps to segment and prioritize incoming traffic. For the private network, the integrated DHCP server and firewall with Denial of Service (DoS) Protection safeguards the network from malicious attacks and hackers.
Network administrators can manage the DSA-5100 Hot Spot Gateway and all of its features via the Web-based, CLI, SSH, or SNMP v2 management interfaces. With a wide array of convenient management utilities, the D-Link Airspot DSA-5100 Public/Private Service Gateway is an efficient and powerful hotspot solution.
Re:D-Link Airspot Line of Wireless Routers. (Score:4, Informative)
Re:D-Link Airspot Line of Wireless Routers. (Score:2)
Sometimes someone in our circle will crack and buy a Dlink because of some feature set. It doesn't take long to remember why we say "oh it's a Dlink, there's you're problem"
Re:D-Link Airspot Line of Wireless Routers. (Score:2)
I can use the laptop anywhere in the house, and even out in the yard. The hardest part was getting WPA running on Linux (took me about 1/2 hour.)
I had a friend visit for a couple of weeks, and his iBook worked flawlessly with it too.
Re:D-Link Airspot Line of Wireless Routers. (Score:2)
Linksys, OTOH, has given me nothing but problems.
Re:D-Link Airspot Line of Wireless Routers. (Score:2)
Re:D-Link Airspot Line of Wireless Routers. (Score:1, Insightful)
Do you realize how many computers you could buy for one of these things?
"Seems a little pricey"
What's the problem? (Score:5, Informative)
If you still think you need to have usernames and passwords try nocat [nocat.net]. It handles authentication but I usually use it for a splash page for access points I build from old laptops [osvoip.net].
Good luck.
Mod parent WAY up (Score:1)
OpenBSD pf (Score:4, Informative)
http://www.openbsd.org/faq/pf/authpf.html [openbsd.org]
Authpf(8) is a user shell for authenticating gateways. An authenticating gateway is just like a regular network gateway (a.k.a. a router) except that users must first authenticate themselves to the gateway before it will allow traffic to pass through it. When a user's shell is set to
Re:OpenBSD pf (Score:2)
Re:OpenBSD pf (Score:2)
one to download putty from the default page on your pf firewall
one a link to putty.exe
and one to download & run a batch file from the same webserver that does :
putty -D 8080 -ssh gatewayIP
which will also add a SOCKS proxy on localhost:8080 into the mix
hardly rocket science and it leaves you with one set of instructions for windows without having to know anything about the configuration programs of various Wireless cards
Re:OpenBSD pf (Score:2)
Re:OpenBSD pf (Score:1)
shizzle means shit
amongst other things
Ask the hotel? (Score:2)
Re:Ask the hotel? (Score:2)
Re:Ask the hotel? (Score:1)
Port 25 blocking, arggh (Score:2)
Re:Port 25 blocking, arggh (Score:2)
NoCat (Score:2)
Re:NoCat (Score:2)
RTFM (Score:2)
I run OSS in my Linksys WRT-54G router at home (from Sveasoft)...
The firmware you are using has the ability to make a captive portal.
My project, macf (Score:5, Insightful)
A few years ago, I wrote the skeleton for this sort of thing. It was for a job, the guy never did the paperwork to hire me, so I stopped working on it and put my code on Sourceforge. It worked; I just hadn't polished anything. (The management interface, in particular, sucked.) It pretty much requires FreeBSD to use as your filter box.
The basic architecture is like this. First, there's a management interface that's just some PHP scripts talking to a MySQL database. That's how you add leases, how long you want them to last, etc. You could also add the leases to the database using any other means you want.
A daemon is running that frequently sweeps the database and reconfigures the kernel part (described in a minute). The daemon expires old leases, adds new leases, etc. It also watches the traffic (passively, so the traffic isn't going through the daemon) and logs usage stats. (This last was part of the spec the original customer gave me.)
The kernel part is what actually does the filtering. This doesn't need any custom kernel modules or anything; it's just a netgraph node inbetween the interfaces you're filtering on that uses the built-in BPF netgraph driver. (In those days, the packet filters in FreeBSD didn't support MAC filtering.)
Anyway, like I said, it all works-- or at least did when I wrote it, and I don't see any reason that anything would have broken seriously. Check it out; it's macf on SourceForge [sourceforge.net].
Have you looked at NoCatAuth? (Score:1)
Why not let them pay someone to set it up? (Score:2)
Re:Why not let them pay someone to set it up? (Score:2)
NoCatAuth NoCatSplash (Score:5, Informative)
http://nocat.net/ [nocat.net]
But since nobody did, I posted it myself.
ChilliSpot or NoCat with NoCatSplash (Score:3, Informative)
Another option (already mentioned) that would work with the is to run NoCat
http://nocat.net/ [nocat.net] on a "server" along with NoCatSplash on the WRT54 (see http://nocat.net/~rob/wrt54g/ [nocat.net] ).
Take a look at http://www.slcwireless.com/ [slcwireless.com] to see how they are providing free wireless to location in Salt Lake City, Utah.
Good luck!
I implemented a setup similar to this (Score:2)
OpenWRT+meshdog (Score:1)
Try DD-WRT instead of Sveasoft (Score:1)
I haven't tried the hotspot features yet, but I like the rest of the DD-WRT software a lot, especially in client mode as a wireless network extender. You can set up firewall rules, time-of-day restrictions, even restrictions on website based on keywords. I don't use most of those features, but they're in there if you
m0n0wall (Score:2, Informative)
I did this on freebsd... (Score:1)
Scott
NetReg (Score:1)
Regualting Wifi (Score:1)