I'd like to share JUST my internet connection with some remote PCs. Any solution would have to give me some confidence that these new PCs were somewhat isolated from my own LAN. I can share files on my LAN, they can share files on their LAN, but no sharing between LANs. Slower surfing is an acceptable outcome, just no extra security holes please. I'd like a solution that does not depend on leaving a PC running (ICS), multi-homed, SW firewalls, etc.
What I have: LAN1 is 3 PCs wired into a BEFW11S4 gateway configured router. A cable modem on the uplink provides the www. Occasionally I use a wireless laptop here as well, but most of the time I have the wireless disabled out of paranoia. I do use WEP.
LAN2 is a couple of PCs located 1/2 mile away suffering on dial-up (no cable available). These 2 PCs are not networked together yet. A wireless LAN at this location probably makes the most sense to avoid drilling holes.
I can stand on the roof of either house with binoculars and almost see just where I would mount the antenna on the other house. There is very large (pepper, willow?) tree that blocks LOS. It has lots of small leaves all year, but not so dense I can't partially see through it. There are also a few palm trees to either side of LOS.
I am thinking that a cantenna or dish pair might provide the link, with the antennas mounted up on each roof. I'll probably build or buy one cantenna so I can do a survey at each location first.
I considered getting a second BEFW11S4 for LAN2, thinking it could talk wirelessly to the first one, but I have been told they won't do that. I don't see anything in the settings about putting the router in AP client mode, so maybe that is true. Tech support never seems very confident about their answers on this stuff though.
Next I looked at the WET11 for LAN2. I believe I would still need something like a WAP11 or router too. The antenna location is not going to be very close to the PCs so its either 50ft of LMR400 on the antenna or the WET + WAP plus some CAT5.
Security questions: I have read where the directional antenna makes it harder for local eavesdropping. Are there any antennas or methods to eliminate everything but the very narrow aperature? Most of the ones I have seen have pretty wide radiation patterns.
A previous post metioned a wireless client isolation feature of the WRT54G. This could be what I want, but maybe the BEFW11S4 can provide something similar. I see some filtering functions in the router. I see how I can filter (prevent) a particular IP from reaching the WAN, and I see how the DMZ function places an IP 'outside' on the WAN. Can the DMZ function be used to isolate one IP from others? Can the static routing function be used for this? Does disabling DHCP on each LAN and using static IPs increase security? I saw mention of SSH over WEP. I suppose I would need to leave a PC running as a gateway to make this happen.
Thanks