1. Home
  2. Wireless Networking
  3. Using Linksys WRT54G for hot spot

Using Linksys WRT54G for hot spot

I'm helping my friend set up a hot spot at his restaurant. He had a

54g that he was using for his internal LAN. Any wireless clients are able to see computers on his LAN, which he doesn't want. I saw no way with the LInksys FW to prevent the wireless clients from accessing the LAN (AP Isolation only isolated wireless clients from each other).

We bought a Linksys BEFSR41 router and put it in place of the 54G for his internal LAN locked away in his office. We then moved the 54G to a better place in the restaurant for reception. The 41 is the gateway and set to 192.168.0.1 on the LAN side. The 54G has a static IP of 192.168.0.10. Clients to the 54G get IPs in the range 192.168.1.100 and up. To them, the 54G is 192.168.1.1.

The problem is that the wireless clients can still see the LAN (for instance, 192.168.0.3.). I see that there is a static route on the 54G that configured itself for 192.168.0.0/255.255.255.0. If I could delete this route and add

192.168.0.1/255.255.255.255 instead, all would work perfectly. But the 54G won't let me delete that route, so wireless clients have a path to the entire 192.168.0.x network.

I also tried to configure the wireless side into its own 192.168.0.x network. With this, the 54G was 192.168.0.10 on its WAN side and was a client on the 192.168.0.x network on the LAN. But its own wireless side was a different 192.168.0.x network. This way, it would be impossible for a wireless client to route up to the LAN side

192.168.0.x machines. For some reason unknown to me, the 54G wouldn't pass packets at all in this setup.

The three solutions I can think of:

1) get another IP address from the ISP and have the two routers in parallell on a switch. I'd like to avoid this if possible.

2) set up the 41 so that it only allows the 54G to go to the internet but not the LAN. This would be a static route from 192.168.0.10 to

0.0.0.0 excluding the rest of 192.168.0.x.

3) setup the 54G so its clients are 192.168.1.x and to not route packets to 192.168.0.x at all.

The 54G and 41 are both set in gateway mode. Setting the 54G to router mode wouldn't route packets at all. The 54G and the 41 both have DHCP enabled.

Thanks for any help or feedback. Chris

Reply to
loot87
Loading thread data ...

Chris,

Where is your friend's restaraunt located? Harborlink Networks

formatting link
is always looking for more locations to populate. Their systems allow for the two networks (hotspot & internal) to stay separate.

Good luck! Chris

Reply to
NetSteady

Thanks, but we're in Colorado. We use a small ISP called Gonzo.

Reply to
loot87

Two important considerations when running a hotspot and a LAN:

  1. Prevent patrons from accessing your LAN (wired as well as wireless).
  2. Quality of Service to keep patrons from degrading service for your LAN.

Depending on your needs: * D-Link Airspot DSA-3100 Public/Private Hot Spot Gateway * Instant HotSpot * ZyAIR B-4000 Turn-key Hotspot Gateway * SonicWALL TZ 150 Wireless

p.s. See the Intel Wireless Hotspot Deployment Guide

Reply to
John Navas

Backwards. The WRT54G (with alternative firmware) has QoS which you're going to need.

To get some semblance of isolation, you use double NAT as below. It's not perfect, but it's good enough. If you want real isolation between the wireless and wired parts of the LAN, methinks some routing tweaks in the WRT54G will be best, or just save your dollars and buy a Sonicwall TZ-170 which offers completely seperate IP address blocks for the wired and wireless parts.

LAN #1 is the private office LAN. LAN #2 is the public wireless LAN. It could be the other way around, but that would create a complex setup for doing port redirection to the private office LAN for incoming traffic (i.e. PCAnywhere, VNC, VoIP, etc).

LAN #1 WAN===[Router #1]===================[Router #2]=======LAN #2 WAN = xxx.xxx.xxx.xxx WAN = 192.168.1.2 WAN NM = 255.255.255.0 WAN NM = 255.255.255.0 LAN = 192.168.1.1 LAN = 192.168.5.1 IP's = 192.168.1.xxx IP's = 192.168.5.xxx LAN NM = 255.255.255.0 LN NM = 255.255.255.0

Computers on LAN #1 cannot see any computers on LAN #2. Computers on LAN #2 can see all computers on LAN #1 Both LAN #1 and LAN #2 can see the internet. The "5" in the

192.168.5.xxx IP block is arbitrary.

If you do NOT want any of the LAN #2 computers to see the computers on LAN #1, you change the subnet mask on WAN port Netmask on Router #2 so that it only will "see" Router #1. That would look like his:

WAN = xxx.xxx.xxx.xxx WAN = 192.168.1.2 WAN NM = 255.255.255.0 WAN NM = 255.255.255.252

Reply to
Jeff Liebermann

Thanks for the in depth reply Jeff. Your time is much appreciated. And John, thanks for the recommendations. Chris

Reply to
loot87

If you put OpenWRT on it you'll have all the options you need (and lots more).

--kyler

Reply to
Kyler Laird

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.