Public Access Point needed certain features

im looking for an access point / router which can be used in a public
place .

i would like the following features :

throws up a login screen that users must enter a username/password
before using the internet,

prevents user A from seeing user B when connected to the access point,

ie user A cannot ping user B etc . there is no access from A to B via
the access point and running tools like ethereal would be impossible.

obviously a user with kismet can get around this and sniff raw 802.11
packets but that is very rare. i just want to prevent the casual user
from snopping around the rest of the PCs associated to the Access
Point.

any ideas which products provide this ?

"sam1967" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> im looking for an access point / router which can be used in a public
> place .
>
> i would like the following features :
>
> throws up a login screen that users must enter a username/password
> before using the internet,
>
> prevents user A from seeing user B when connected to the access point,
>
> ie user A cannot ping user B etc . there is no access from A to B via
> the access point and running tools like ethereal would be impossible.

-->The first subj above can be done many ways and it called "captured
portal" or "Portal" I believe. A search in this and other newsgroups and you
will find many software, mods, etc for different hardware and software
vendors.

-->As to subj two, Linksys WAP55AG and WRT54G has a feature called AP
Isolation and according to the inline help:
Creates a separate virtual network for your wireless network. When this
feature is enabled, each of your wireless client will be in its own virtual
network and will not be able to communicate with each other. You may want to
utilize this feature if you have many guests that frequent your wireless
network.

Other vendors might support this also but I only know of the two I own/use
above.

Hope this helps. ;-)

Scotty

On 16 Jun 2005 07:42:06 -0700, "sam1967" <(E-Mail Removed)>
wrote:

>im looking for an access point / router which can be used in a public
>place.

It would need to be a router as an access point lacks the necessary IP
layer port redirection features. You could use an access point, but
then the router section would need to be implimented in a PC or
external router.

>i would like the following features :
>
>throws up a login screen that users must enter a username/password
>before using the internet,

I don't know of any routers that "throws up", barfs or reguritates
upon connection. I believe it could be done with the necessary
plumbing, but suspect the appeal might limited. Have you considered
something less disgusting?

Such wireless routers are called "hot spot portals" and are usually
based on NOCAT firmware or software.

>prevents user A from seeing user B when connected to the access point,
>ie user A cannot ping user B etc . there is no access from A to B via
>the access point and running tools like ethereal would be impossible.

That's called "client isolation" although Linksys erroniously calls it
"AP isolation" or some such. It's simply a setting in the
configuration on the WRT54G that prevents the wireless bridge from
forwarding packets between wireless clients.

There was also a substantial discussion on client to client isolation
in this newsgroup. See:
| http://groups-beta.google.com/group/...c3b3315b?fwc=1
| http://groups-beta.google.com/group/...029742969eee72
for how to do it with routeing.

>obviously a user with kismet can get around this and sniff raw 802.11
>packets but that is very rare. i just want to prevent the casual user
>from snopping around the rest of the PCs associated to the Access
>Point.

Well, even with "client isolation", an evil person such as myself can
sniff other users packets. There's not much that can be done to
prevent that other than encrypting everything with unique per-user
keys. Some of the high end "wireless switch" devices do just that.
The purpose of "client isolation" is to prevent client to client
attacks by virus, worm, and open shares. Note that this type of
isolation only applies between wireless clients. If there are any
PC's plugged into the ethernet switch on the router, they will be
visible from all the wireless clients.

>any ideas which products provide this ?

Linksys WRT54G and GS are my current favorites for cheap. Sveasoft's
Alchemy and Talisman softare both provide the necessary client
isolation feature. Talisman comes in various builds that include a
host spot build. The major feature is a built in RADIUS server for
authentication.
http://www.sveasoft.com/content/view/20/0/
There is also the HyperWRT firmware that includes useful hot spot
features:
http://www.hyperwrt.org
I'm not 100% sure if it includes client isolation so please double
check.

Incidentally, you might also want to repair or replace your keyboard.
Your shift key appears to be broken.


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

thanks scott and jeff.

"Incidentally, you might also want to repair or replace your keyboard.
Your shift key appears to be broken."


jeff i appreciate your techie advice but as for your advice on the use
of the english language .... well you can shove it right up your big
arse already :-)

yada yada yada