secure access point from rest of network

I want to have a "outsider" share my internet connection, but not be allowed to the rest of the network. Basically, I want them to be on their own access point and not be able to get anywhere else. Is this possible?

Further details: I have netgear equipment. My DSL line comes in and goes to my expensive wired router. From there, my server is attached and so is another switch. I have all of my other computers on the network on the switch. I really don't care where they "plug" into, but I just don't want to give them access to the server and all of my other computers. Suggestions?

Reply to
Loading thread data ...

When you find out how to DO it, I'd love to find out how you did, so I can do the opposite... I have a wireless network at home, added another WAP, and the computes that access that one can ONLY see itself and the internet, absolutely nothing else.. Annoying since I want to add a second AP TO the network, rather than have it isolated/by itself....

Reply to
Peter Pan

I have Netgear, Linksys (DD-WRT), and D-Link at home. The only one I was able set up to do what you want was the D-Link. I've done this on two DLs I have installed at a client's site. They wanted Internet access for Wireless, but not to their internal network or server. The only local access I had to build in was DNS for their local server.

Reply to
mike vore

Absolutetly! I allow outsiders (plural!) to openly use one of my AP's as my house overlooks a community park/lake. My mindset is that I may want to use someone else's open network while in public for simple web browsing, so I should also share mine!

Google "captive portal". I'm using ZoneCD (free, GNU/Linux based, runs off a CD), but there are many others out there.

Simple/typical setup scenerio:

formatting link
I filter again porn, running services, strobing, DoS, etc.. Majority of people that connect through my open AP are just kids with the Nintendo DS's though.

Cheers, Eric

Reply to


Connect a Linksys WRT54G (or the GL, for Linux, has much better performance in my opinion) to any place in your network.

Give it a static IP address (either an external from your ISP, if you have multiple, or a private IP from your inside range - it won't matter, depends on where you connect it)

In the web-based setup configure the following...

Wireless > Wireless Security Security Mode: Disable Wireless > Advanced Wireless Settings AP Isolation: On (prevents wireless users from connecting to each other directly) SecureEasySetup: Disable (prevents someone from hitting the Cisco logo/button on the front of the router) Security > Firewall Firewall Protection: Enable Block Anonymous Internet Requests: Checked Filter Multicast: Checked Filter IDENT: Checked Security > VPN IPSec Passthrough: Enable (if you want corporate users who visit your HotSpot to be able to VPN back to their office) PPTP Passthrough: Enable L2TP Passthrough: Enable Access Restrictions > Internet Access Internet Access Policy: 1 (HotSpot) Status: Enable PCs > Edit List of PCs IP Range 01: ~ 254 Allow: Selected Everyday: Checked Times: 24 Hours Blocked Services > Add/Edit Service AtRisk, TCP & UDP, 135 ~ 139 MS-DS, TCP & UDP, 445 ~ 445 ...this blocks all the Microsoft File Sharing ports, therefore they can't connect to your internal servers. (consider adding other ports and services that you have on your internal network, but don't want HotSpot users to get to)

Also c> I want to have a "outsider" share my internet connection, but not be

Reply to
JPElectron Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.