How to restrict computers on a D-Link wireless router?

I have a wireless Internet connection that has three allowed client PC for three person. But it has a open password. That means we can give the password to other people and other people would able to connect more PC to the network, which isn't allowed by the rule. So how can I restrict the total allowed client PC to be three? Surely, the admin password is only known by me.

Here is a snapshot of the D-link router web interface. I looked everywhere, it seems the channel setting on this page is the most likely one to restrict client access. The default is 6. But the help doesn't say much about it. Does anyone know if this is the setting I should change to 3?

Won't work. Microsloth DHCP will try to renew the lease in half the lease time. First, the minimum lease time in RFC1541 is set to 1 hour. RFC2131 removed this minimum lease time restriction, but most of the DCHP servers I've seen don't support the RFC2131 extensions and expansions. About 4 years ago, I tried forcing the DHCP lease time to

15 minutes and found that old versions of Windoze 98, W2K pre-SP3, and the early releases of XP, would do weird things. It varied from never attempting to renew the lease to complaining that the delivered DHCP lease was "corrupted" and therefore not accepting the initial DHCP request. I have no clue if any of this has been fixed in the last 4 years but considering the large number of unpatched and out of date systems currently in operation, I would suggest that 1 hr be considered the minimum.

I just had another idea of how to do this. According to Cisco, the NAT found in all cheapo routers is really PAT or Port Address Translation. Real NAT (Cisco style) is a 1 to 1 mapping of routeable IP addresses from the WAN side, to an equal number of LAN addresses. This might work for whatever the OP is trying to accomplish. However, the DI-524 cannot do this. The WRT54G with alternative firmware might be able to do it. A more sophistocated router, such as Cisco, might be necessary.

In the event that there are 3 routeable IP addresses delived by the ISP, it is also possible to directly deliver these IP addresses to the wireless clients. Again, the DI-524 is a lost cause for doing this, and a more sophistocated router is required.

In both cases, there is no convenient mechanism for releasing the WAN IP addresses. Whomever gets there first, wins. For release, one must flush the arp table (this can be done automatically), which then releases the IP address for the next user. In both cases, this can turn into a real PITA.

I can't quite make out the page but know the 'Chan' isn't what you are looking for. This simply represents the radio frequency used by the WiFi function.

I'm not sure I have translated your facts correctlt but one way of 'limiting' the users that can connect could be by the mac address and that might be found under the filters sections.

You turn on the funtion and simply add the mac addresses for all the 'allowed' machines and it should reject the rest (especially if you are talking about the wireless interface here)?

Not the ultimate re security but for a std user .. ?

All the best ..

T i m

allowed channels you are using.

There is no such mechanism to limit the number of clients on any wireless router I have met. The important thing is the encryption key (the password is for admin access to be allowed to control the router), and you should only give the encryption key to the three people who need to know.

David _________________________________________ Usenet Zone Free Binaries Usenet Server More than 120,000 groups Unlimited download

to open account

Now everyone knows the password ;-)

If I understand the setup, you have several potential users, but should only allow three at a time. The only way to control that might be to limit the number of DHCP addresses in the pool, and have a short expiration time. The first three could connect, any others would have to manually assign addresses in order to use the network. That isn't security, but I'm not sure what you are trying to accomplish.

I am also not sure that the DHCP leases can expire quickly enough for your needs. How often and how long are the users connected? How many users are you trying to make fit into the allowed pool of three?

Hi,

As always, Jeff Liebermann offered excellent advise on how that would be possible using some sort of NOCAT setup. As he mentioned, this would require throwing another computer into the loop and most likely re-arranging the way your network is setup. There is a pretty good (and free) NOCAT portal called "ZoneCD" that I believe can do exactly that. I'm using ZoneCD myself, but don't have a restriction on number of clients.

MAC filtering, as also mentioned, could work -- but from your message I'm assuming that you have a wide range of people that connect, but want to set a limit at 3? If so, MAC filtering probably would be troublesome since all the MAC's would have to in the router's database.

I'm using primarily D-Link stuff also. I believe my AP's have a feature that allow the number of clients to connect (I'd have to look), but know with certainty that my D-Link router does not -- at least not directly. To set a limit with the router, I would probably just configure it's DHCP server's range of IP's to accommodate only three dynamically assigned IP's. I.e., say having the IP starting address begin at 192.168.0.x and end at

192.168.0.(x+2). Once all three are used up, clients could still connect (I think) but wouldn't be given an IP and therefore couldn't pass traffic. For ease of use, give all your permanently other pieces of hardware (other AP's, bridges, ect) a different block and have them static.

As for channels, as previously mentioned in this thread that is just the frequency used by the router/AP. It plays no bearing on the number of clients. (I.e., multiple clients can connect on the same channel/frequency.)

Cheers!

-E

I don't know D-Link kit, but look in the LAN tab and see whether you can limit the DHCP service to assign from a pool of just three IP addresses.

Tony

re-arranging

Ah, after reading other replies and reading deeper into your initial post, you are talking about a three IP limit on the WAN (public) side? (ISP gives you three public IP's?) Not understanding how this is any problem if you are using a router to create a private (W)LAN. (?) Everything connected through your router should be funneled out to same public IP. The ISP (most of them, anyway) could care less how many clients you have on a private networked being funneled to one of their public IP's. Er, maybe I'm still reading your post wrong. (?)

Cheers!

-E

I suppose the bottom line is if the op want's to restrict the number of connections to just 3 *specific* PC's (in which case 'mac address' filtering should do it?) or a max 3 from many (in which case the o/p will need something more specialised)?

All the best ..

T i m

I don't know of any ISP that delivers 3 IP's. Checking my subnet cheat sheet, it should be in incriments of 1, 5, 13, 29, 61, etc.

However, if he really does have 3 routeable IP's, there's an easy way to deliver them. Just install 3 seperate access points. Without NAT, each access point will allow exactly one connection. They should be on different RF channels (1, 6, and 11) to prevent mutual interference. Of course, this solution doesn't scale very well if more connections are needed.

I should have said "useable" IP's. Each subnet will lose an IP for the gateway and one for the broadcast. However, the gateway does not need to be in the subset and can be common for all the customers within the IP clock. You can recover the broadcast IP with gratuitous ARP, or you bridge additional IP's through one routeable IP, as SBC sometimes does with their "Five sticky IP vaguely static IP" offering.

of ways to do it.

Digging through the SBC DSL offerings, I find that they offer:

1, 5, 13, 29, 61, and 125 static IP's depending upon location.

There are other SBC DSL resellers that offer static IP's in binary increments:

the best of knowledge, nobody offers 3 static IP's.

Covad does offer multiple dynamic IP's. Each account has a connection limit. Users authenticate individually with PPPoE and receive a routeable IP address with each connection or login. I'm not sure if this is officially still offered, but I do know of systems that use this feature.

Obviously some clarification is required as to what is going on.

This is most likely the correct answer, without some elaboration from the original poster.

Yeah, I'm not really understanding what the OP was asking now either. At first, it seemed he was asking about limiting to three IP's on his private side, which is easy enough. Then, reading more inbetween the lines, seems like he is refering to the public side. (?)

I wonder if the "wireless Internet connection" he is refering to is a WISP and the "three allowed connections" are some sort of funky AOL-ish (yuck!) WAN logins?

Cheers!

-E

ISP's usually deliver 1, 2, 4, 8, 16, 32 etc addresses. However if you choose to make a LAN out of say 16 you will lose the first address as the network address and the last as the broadcast address (for ARP) and also one address must be assigned to the router to give the other LAN hosts a gateway. But you don't need to LAN them and you could have all 16 hosts on 16 addresses, but then any traffic between your hosts must make a round-trip path through the DSL line.

Tony

Maybe it's a college dorm room, where there are three students, and three allowed users.

Or some other equally impossible to guess case.

The OP, snipped-for-privacy@org.com has not participated in this thread... What was the new word Jeff spotted today? "Trawling" ?