[Imc-makerspace] How hard is it to partition a network to be split between private and public?

Thu Sep 29 09:20:38 CDT 2011

Interesting, thanks Brian.

So, in short, it seems that if I were to suggest this for the school
district, at a minimum we need to start with wifi devices that support such
dual broadcasts. Which I think is probably going to be an obstacle in and of
itself. How do I sell this to the administration? Would it be worthwhile to
ask around at the U of I's networking group? I know Charley Kline would be
interested in this as a proof-of-concept, but he is like crazy busy. How do
I go from the theoretical to the practical? =)

On Thu, Sep 29, 2011 at 09:14, Brian Duggan <bcdugga at gmail.com> wrote:

> Hey Charles,
>
> This is a common desire for many organizations as they consider the
> benefits of providing free access to the community. This is also
> possible within the context of a mesh wifi network. The network
> configuration is pretty straightforward, provided the organization has
> the hardware and firmware to do it.
>
> Almost all off-the-shelf hardware is capable of this configuration
> nowadays, but the default firmware varies greatly from device to device.
> I've never seen a consumer-grade device that gave the user this kind of
> control.
>
> I'll describe this in terms of OpenWRT on a moderately-capable piece of
> hardware, since that's what the mesh wifi group has been using. This
> will be a high-level description. I or anyone from the mesh wifi group
> can provide more details, if needed.
>
> Step 0: Create a new subnet and bridge interface for the public wifi
> network
> Step 1: Create a new virtual wifi access point and add the public wifi
> network to it
> Step 2: Configure dnsmasq to lease addresses over the new network
> Step 3: Configure the firewall to forward packets between the wan
> network and the public wifi network.
>
> When you're done, the device will advertise two access points: one for
> the public network and one for the private network. The public network
> should work just like the public network and provide Internet access.
> The parts of this that keep the public and private networks from
> communicating with each other are the lack of a route between the
> networks and the lack of a forwarding rule for the networks in the
> firewall.
>
> Hope that helps,
> Brian
>
> On 9/29/11 9:34 AM, Charles Schultz wrote:
> > Good morning,
> >
> > I am heading to a Tech Planning meeting this evening with the Champaign
> > School District's IT Team. To date, the senior administrator has been
> > very hesitant to touch wireless, much less open it up to the public. But
> > having public wifi available at schools seems like a WIN-WIN to me. How
> > hard is it to setup a network such that the school children are
> > protected (mostly worried about viruses, not so much about side-by-side
> > attacks or trojans), yet the public has free access? If I were to
> > propose this idea to the Planning Team, could I lean on a few community
> > volunteers for implementation/advice?
> >
> > Thanks for your time,
> >
> > --
> > Charles Schultz
> >
> >
> > _______________________________________________
> > Imc-makerspace mailing list
> > Imc-makerspace at lists.chambana.net
> > http://lists.chambana.net/mailman/listinfo/imc-makerspace
>
> --
>
> _______________________________________________
> Imc-makerspace mailing list
> Imc-makerspace at lists.chambana.net
> http://lists.chambana.net/mailman/listinfo/imc-makerspace
>

-- 
Charles Schultz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/imc-makerspace/attachments/20110929/b9730b59/attachment.html>