[Imc-makerspace] How hard is it to partition a network to be split between private and public?

Thu Sep 29 11:17:45 CDT 2011

A proof of concept is definitely possible. We've been working on setting up
exactly what Brian has described in the mesh wifi group. Our focus has been
to additionally define an ad-hoc interface and associated firewall/dnsmasq
configurations to facilitate traffic between wireless routers. This would be
useful in the case of one router, connected to a single internet source,
which would then share the bandwidth across multiple access points.

It would be even simpler in the case of a single access point, which would
not require additional mesh configuration.

On Thu, Sep 29, 2011 at 9:18 AM, Erich Heine <sophacles at gmail.com> wrote:

> Also, the mesh wifi group meets tonight at Makespace Urbana, from 7-9. Feel
> free to stop by and check out what they've got going on, and maybe they can
> help you with this a bit too!
>
> Regards,
> Erich
>
> On Thu, Sep 29, 2011 at 9:14 AM, Brian Duggan <bcdugga at gmail.com> wrote:
>
>> Hey Charles,
>>
>> This is a common desire for many organizations as they consider the
>> benefits of providing free access to the community. This is also
>> possible within the context of a mesh wifi network. The network
>> configuration is pretty straightforward, provided the organization has
>> the hardware and firmware to do it.
>>
>> Almost all off-the-shelf hardware is capable of this configuration
>> nowadays, but the default firmware varies greatly from device to device.
>> I've never seen a consumer-grade device that gave the user this kind of
>> control.
>>
>> I'll describe this in terms of OpenWRT on a moderately-capable piece of
>> hardware, since that's what the mesh wifi group has been using. This
>> will be a high-level description. I or anyone from the mesh wifi group
>> can provide more details, if needed.
>>
>> Step 0: Create a new subnet and bridge interface for the public wifi
>> network
>> Step 1: Create a new virtual wifi access point and add the public wifi
>> network to it
>> Step 2: Configure dnsmasq to lease addresses over the new network
>> Step 3: Configure the firewall to forward packets between the wan
>> network and the public wifi network.
>>
>> When you're done, the device will advertise two access points: one for
>> the public network and one for the private network. The public network
>> should work just like the public network and provide Internet access.
>> The parts of this that keep the public and private networks from
>> communicating with each other are the lack of a route between the
>> networks and the lack of a forwarding rule for the networks in the
>> firewall.
>>
>> Hope that helps,
>> Brian
>>
>> On 9/29/11 9:34 AM, Charles Schultz wrote:
>> > Good morning,
>> >
>> > I am heading to a Tech Planning meeting this evening with the Champaign
>> > School District's IT Team. To date, the senior administrator has been
>> > very hesitant to touch wireless, much less open it up to the public. But
>> > having public wifi available at schools seems like a WIN-WIN to me. How
>> > hard is it to setup a network such that the school children are
>> > protected (mostly worried about viruses, not so much about side-by-side
>> > attacks or trojans), yet the public has free access? If I were to
>> > propose this idea to the Planning Team, could I lean on a few community
>> > volunteers for implementation/advice?
>> >
>> > Thanks for your time,
>> >
>> > --
>> > Charles Schultz
>> >
>> >
>> > _______________________________________________
>> > Imc-makerspace mailing list
>> > Imc-makerspace at lists.chambana.net
>> > http://lists.chambana.net/mailman/listinfo/imc-makerspace
>>
>> --
>>
>> _______________________________________________
>> Imc-makerspace mailing list
>> Imc-makerspace at lists.chambana.net
>> http://lists.chambana.net/mailman/listinfo/imc-makerspace
>>
>
>
> _______________________________________________
> Imc-makerspace mailing list
> Imc-makerspace at lists.chambana.net
> http://lists.chambana.net/mailman/listinfo/imc-makerspace
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/imc-makerspace/attachments/20110929/d37291f4/attachment-0001.html>