Public Access Point needed certain features

im looking for an access point / router which can be used in a public place .

i would like the following features :

throws up a login screen that users must enter a username/password before using the internet,

prevents user A from seeing user B when connected to the access point,

ie user A cannot ping user B etc . there is no access from A to B via the access point and running tools like ethereal would be impossible.

obviously a user with kismet can get around this and sniff raw 802.11 packets but that is very rare. i just want to prevent the casual user from snopping around the rest of the PCs associated to the Access Point.

any ideas which products provide this ?

Reply to
Loading thread data ...

It would need to be a router as an access point lacks the necessary IP layer port redirection features. You could use an access point, but then the router section would need to be implimented in a PC or external router.

I don't know of any routers that "throws up", barfs or reguritates upon connection. I believe it could be done with the necessary plumbing, but suspect the appeal might limited. Have you considered something less disgusting?

Such wireless routers are called "hot spot portals" and are usually based on NOCAT firmware or software.

That's called "client isolation" although Linksys erroniously calls it "AP isolation" or some such. It's simply a setting in the configuration on the WRT54G that prevents the wireless bridge from forwarding packets between wireless clients.

There was also a substantial discussion on client to client isolation in this newsgroup. See: |

formatting link
formatting link
how to do it with routeing.

Well, even with "client isolation", an evil person such as myself can sniff other users packets. There's not much that can be done to prevent that other than encrypting everything with unique per-user keys. Some of the high end "wireless switch" devices do just that. The purpose of "client isolation" is to prevent client to client attacks by virus, worm, and open shares. Note that this type of isolation only applies between wireless clients. If there are any PC's plugged into the ethernet switch on the router, they will be visible from all the wireless clients.

Linksys WRT54G and GS are my current favorites for cheap. Sveasoft's Alchemy and Talisman softare both provide the necessary client isolation feature. Talisman comes in various builds that include a host spot build. The major feature is a built in RADIUS server for authentication.

formatting link
is also the HyperWRT firmware that includes useful hot spot features:
formatting link
'm not 100% sure if it includes client isolation so please double check.

Incidentally, you might also want to repair or replace your keyboard. Your shift key appears to be broken.

Reply to
Jeff Liebermann

thanks scott and jeff.

Reply to

"Incidentally, you might also want to repair or replace your keyboard. Your shift key appears to be broken."

jeff i appreciate your techie advice but as for your advice on the use of the english language .... well you can shove it right up your big arse already :-)

yada yada yada

Reply to

-->The first subj above can be done many ways and it called "captured portal" or "Portal" I believe. A search in this and other newsgroups and you will find many software, mods, etc for different hardware and software vendors.

-->As to subj two, Linksys WAP55AG and WRT54G has a feature called AP Isolation and according to the inline help: Creates a separate virtual network for your wireless network. When this feature is enabled, each of your wireless client will be in its own virtual network and will not be able to communicate with each other. You may want to utilize this feature if you have many guests that frequent your wireless network.

Other vendors might support this also but I only know of the two I own/use above.

Hope this helps. ;-)


Reply to
Scott Nelson - Wash DC Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.