[Imc-makerspace] How hard is it to partition a network to be split between private and public?

Brian Duggan bcdugga at gmail.com
Thu Sep 29 09:14:00 CDT 2011 

Hey Charles,

This is a common desire for many organizations as they consider the
benefits of providing free access to the community. This is also
possible within the context of a mesh wifi network. The network
configuration is pretty straightforward, provided the organization has
the hardware and firmware to do it.

Almost all off-the-shelf hardware is capable of this configuration
nowadays, but the default firmware varies greatly from device to device.
I've never seen a consumer-grade device that gave the user this kind of
control.

I'll describe this in terms of OpenWRT on a moderately-capable piece of
hardware, since that's what the mesh wifi group has been using. This
will be a high-level description. I or anyone from the mesh wifi group
can provide more details, if needed.

Step 0: Create a new subnet and bridge interface for the public wifi network
Step 1: Create a new virtual wifi access point and add the public wifi
network to it
Step 2: Configure dnsmasq to lease addresses over the new network
Step 3: Configure the firewall to forward packets between the wan
network and the public wifi network.

When you're done, the device will advertise two access points: one for
the public network and one for the private network. The public network
should work just like the public network and provide Internet access.
The parts of this that keep the public and private networks from
communicating with each other are the lack of a route between the
networks and the lack of a forwarding rule for the networks in the firewall.

Hope that helps,
Brian

On 9/29/11 9:34 AM, Charles Schultz wrote:
> Good morning,
> 
> I am heading to a Tech Planning meeting this evening with the Champaign
> School District's IT Team. To date, the senior administrator has been
> very hesitant to touch wireless, much less open it up to the public. But
> having public wifi available at schools seems like a WIN-WIN to me. How
> hard is it to setup a network such that the school children are
> protected (mostly worried about viruses, not so much about side-by-side
> attacks or trojans), yet the public has free access? If I were to
> propose this idea to the Planning Team, could I lean on a few community
> volunteers for implementation/advice?
> 
> Thanks for your time,
> 
> -- 
> Charles Schultz
> 
> 
> _______________________________________________
> Imc-makerspace mailing list
> Imc-makerspace at lists.chambana.net
> http://lists.chambana.net/mailman/listinfo/imc-makerspace

--

More information about the Imc-makerspace mailing list