| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 101038 | 2009-06-29 11:14:00 | Wifi hotspot to share internet with ethernet LAN but isolated from each other? | Agent_24 (57) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 787091 | 2009-06-29 11:14:00 | In effect, have two separate LANs (one wired and one wireless) both utilizing the same internet connection but (direct) communication between them impossible I assume the access point would need to be run through a PC running some kind of firewall software (Smoothwall?) Is this possible and if so, how would it be done? Also, would monitoring and access restriction to certain sites/ports/protocols etc be possible? |
Agent_24 (57) | ||
| 787092 | 2009-06-29 11:19:00 | www.dd-wrt.com Blam |
Blam (54) | ||
| 787093 | 2009-06-29 11:21:00 | I take it, there's a modem / router here somewhere ? If there is, you could block access to sites in the router, if its got the option. If there's no wireless modem / router, then how are both getting on the net (if its broadband)? | Speedy Gonzales (78) | ||
| 787094 | 2009-06-29 12:39:00 | Use VLANs in something such as Tomato perhaps? :) | Chilling_Silence (9) | ||
| 787095 | 2009-06-29 12:57:00 | Or use something like pfSense (pfsense.org/), but that'll involve finding some hardware to run it on. I personally run it on headless ALIX boards (http:), but they're a tad pricey. | Erayd (23) | ||
| 787096 | 2009-06-29 23:18:00 | My idea goes something like this (see attached picture) | Agent_24 (57) | ||
| 787097 | 2009-06-29 23:30:00 | you could connect the wireless AP directly to the switch BUT this will put all pcs on one network. do deny access to pc4 from pc1-3, you could simply put pc1-3 in one particular group and pc4 in a different group. Just read the image again..... what do you mean by communication between the pcs? filesharing? or that other pcs shouldnt be able to see pc4 at all? |
ronyville (10611) | ||
| 787098 | 2009-06-29 23:43:00 | For security purposes there should be no direct communication between the WLAN and the LAN networks except for Internet access.. If router is 192.168.0.1 perhaps firewall can block access to everything but that IP? Yes, effectively PC4 would not know that PC1-3 even exist, or that the wired part of the network exists at all. The IP addresses are shown as an example. Of course the firewall or if possible the wired PC can view the connected wifi clients to monitor connections and usage. |
Agent_24 (57) | ||
| 787099 | 2009-06-30 00:22:00 | My best guess is.. setting up a proxy server on the linux box. You will need 2 network cards... NIC1 (192.168.0.x) and NIC2 (192.168.1.x), forward all web traffic coming into NIC1 to NIC2... assign a similar IP range address to the wireless AP (192.168.1.x). The wireless pc should connect to the AP and should see 192.168.1.x as the main gateway. | ronyville (10611) | ||
| 787100 | 2009-06-30 00:30:00 | My idea goes something like this (see attached picture) Probably the best solution would be to use something like pfSense (http://www.pfsense.com/) on the linux box in your picture and have three network cards in it. One network card will plug directly into your ADSL router. One network card will plug into the wireless access point. The 3rd network card will plug into the switch. All three will be on different subnets and none of the PCs will be able to see the wireless network or vice versa unless you configure pfSense to allow it. All will be able to access the internet. |
CYaBro (73) | ||
| 1 2 | |||||