How to restrict computers on a D-Link wireless router?

I have a wireless Internet connection that has three allowed
client PC for three person. But it has a open password.
That means we can give the password to other people and
other people would able to connect more PC to the network,
which isn't allowed by the rule. So how can I restrict the
total allowed client PC to be three? Surely, the admin
password is only known by me.

Here is a snapshot of the D-link router web interface. I
looked everywhere, it seems the channel setting on this page
is the most likely one to restrict client access. The
default is 6. But the help doesn't say much about it. Does
anyone know if this is the setting I should change to 3?

http://www.geocities.com/rickatgp/snap.jpg

Smurf wrote:

> I have a wireless Internet connection that has three allowed
> client PC for three person. But it has a open password.
> That means we can give the password to other people and
> other people would able to connect more PC to the network,
> which isn't allowed by the rule. So how can I restrict the
> total allowed client PC to be three? Surely, the admin
> password is only known by me.
>
> Here is a snapshot of the D-link router web interface. I
> looked everywhere, it seems the channel setting on this page
> is the most likely one to restrict client access. The
> default is 6. But the help doesn't say much about it. Does
> anyone know if this is the setting I should change to 3?
>
> http://www.geocities.com/rickatgp/snap.jpg
No the channel setting merely says which of the 11 (in the US)
allowed channels you are using.

There is no such mechanism to limit the number of clients
on any wireless router I have met. The important thing is
the encryption key (the password is for admin access to be
allowed to control the router), and you should only give the
encryption key to the three people who need to know.

David
_________________________________________
Usenet Zone Free Binaries Usenet Server
More than 120,000 groups
Unlimited download
http://www.usenetzone.com to open account

On Sun, 19 Jun 2005 15:26:14 GMT, Smurf <(E-Mail Removed)> wrote:

>I have a wireless Internet connection that has three allowed
>client PC for three person. But it has a open password.
>That means we can give the password to other people and
>other people would able to connect more PC to the network,
>which isn't allowed by the rule. So how can I restrict the
>total allowed client PC to be three? Surely, the admin
>password is only known by me.
>
>Here is a snapshot of the D-link router web interface. I
>looked everywhere, it seems the channel setting on this page
>is the most likely one to restrict client access. The
>default is 6. But the help doesn't say much about it. Does
>anyone know if this is the setting I should change to 3?
>
>http://www.geocities.com/rickatgp/snap.jpg

I can't quite make out the page but know the 'Chan' isn't what you are
looking for. This simply represents the radio frequency used by the
WiFi function.

I'm not sure I have translated your facts correctlt but one way of
'limiting' the users that can connect could be by the mac address and
that might be found under the filters sections.

You turn on the funtion and simply add the mac addresses for all the
'allowed' machines and it should reject the rest (especially if you
are talking about the wireless interface here)?

Not the ultimate re security but for a std user .. ?

All the best ..

T i m

On Sun, 19 Jun 2005 16:33:23 GMT, T i m <(E-Mail Removed)> wrote:

>On Sun, 19 Jun 2005 15:26:14 GMT, Smurf <(E-Mail Removed)> wrote:
>>http://www.geocities.com/rickatgp/snap.jpg

>I can't quite make out the page

The image is larger than your screen size. The browser conveniently
resized the picture to fit, mutilating the image in the process. In
IE, left-click in the lower right corner of the screen and a weird
looking "box" icon will appear. Click it and the image will be
readable. You can permanently disarm this feature in:
Tools -> Internet Options -> Advanced
and uncheck "Enable Automatic Image Resizing". In Mozilla or Firefox,
just left-click anywhere in the image to toggle between normal and
resized images.

>but know the 'Chan' isn't what you are
>looking for. This simply represents the radio frequency used by the
>WiFi function.
>
>I'm not sure I have translated your facts correctlt but one way of
>'limiting' the users that can connect could be by the mac address and
>that might be found under the filters sections.
>
>You turn on the funtion and simply add the mac addresses for all the
>'allowed' machines and it should reject the rest (especially if you
>are talking about the wireless interface here)?
>
>Not the ultimate re security but for a std user .. ?
>T i m

There's nothing in the DI-524 router that will limit the number of
connections. I also question why this would be necessary. However,
it it is required for some reason, you have the problems of how to
determine which 3 users are the proper 3 users, how to "expire" any
stale connections, and how to handle any secondary authorizations
required (login/passwd). These are not DI-524 features, but are
commonly found in wireless hot spot software such the various NOCAT
based solutions. Some of these require an external computah to do the
authorization and user counting. Others can be build into firmware,
such as those based on the Linksys WRT54G using HyperWRT or Sveasoft
firmware. The scripting capeabilities of the Linux operating system
make it possible to impliment a user count limit. Unfortunatly, I
don't have a plug-n-play solution for whatever you're doing. If the 3
wireless users are known to you and are not random, then simple MAC
address authentication will work.


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

Smurf <(E-Mail Removed)> wrote:
> I have a wireless Internet connection that has three allowed
> client PC for three person. But it has a open password.
> That means we can give the password to other people and
> other people would able to connect more PC to the network,
> which isn't allowed by the rule. So how can I restrict the
> total allowed client PC to be three?

Now everyone knows the password ;-)

If I understand the setup, you have several potential users, but should
only allow three at a time. The only way to control that might be to limit
the number of DHCP addresses in the pool, and have a short expiration time.
The first three could connect, any others would have to manually assign
addresses in order to use the network. That isn't security, but I'm not
sure what you are trying to accomplish.

I am also not sure that the DHCP leases can expire quickly enough for your
needs. How often and how long are the users connected? How many users are
you trying to make fit into the allowed pool of three?

--
---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8,-122.5

"Smurf" wrote in message
> I have a wireless Internet connection that has three allowed
> client PC for three person. But it has a open password.
> That means we can give the password to other people and
> other people would able to connect more PC to the network,
> which isn't allowed by the rule. So how can I restrict the
> total allowed client PC to be three? Surely, the admin
> password is only known by me.
>
> Here is a snapshot of the D-link router web interface. I
> looked everywhere, it seems the channel setting on this page
> is the most likely one to restrict client access. The
> default is 6. But the help doesn't say much about it. Does
> anyone know if this is the setting I should change to 3?
>
> http://www.geocities.com/rickatgp/snap.jpg

Hi,

As always, Jeff Liebermann offered excellent advise on how that would be
possible using some sort of NOCAT setup. As he mentioned, this would
require throwing another computer into the loop and most likely re-arranging
the way your network is setup. There is a pretty good (and free) NOCAT
portal called "ZoneCD" that I believe can do exactly that. I'm using ZoneCD
myself, but don't have a restriction on number of clients.

MAC filtering, as also mentioned, could work -- but from your message I'm
assuming that you have a wide range of people that connect, but want to set
a limit at 3? If so, MAC filtering probably would be troublesome since all
the MAC's would have to in the router's database.

I'm using primarily D-Link stuff also. I believe my AP's have a feature
that allow the number of clients to connect (I'd have to look), but know
with certainty that my D-Link router does not -- at least not directly. To
set a limit with the router, I would probably just configure it's DHCP
server's range of IP's to accommodate only three dynamically assigned IP's.
I.e., say having the IP starting address begin at 192.168.0.x and end at
192.168.0.(x+2). Once all three are used up, clients could still connect (I
think) but wouldn't be given an IP and therefore couldn't pass traffic. For
ease of use, give all your permanently other pieces of hardware (other AP's,
bridges, ect) a different block and have them static.

As for channels, as previously mentioned in this thread that is just the
frequency used by the router/AP. It plays no bearing on the number of
clients. (I.e., multiple clients can connect on the same
channel/frequency.)

Cheers!
-E

On Sun, 19 Jun 2005 15:26:14 GMT, Smurf <(E-Mail Removed)> wrote:

> Here is a snapshot of the D-link router web interface. I
> looked everywhere, it seems the channel setting on this page
> is the most likely one to restrict client access. The
> default is 6. But the help doesn't say much about it. Does
> anyone know if this is the setting I should change to 3?

I don't know D-Link kit, but look in the LAN tab and see whether you can
limit the DHCP service to assign from a pool of just three IP addresses.

Tony

On Sun, 19 Jun 2005 18:26:03 +0000 (UTC),
(E-Mail Removed) wrote:

>If I understand the setup, you have several potential users, but should
>only allow three at a time. The only way to control that might be to limit
>the number of DHCP addresses in the pool, and have a short expiration time.
>The first three could connect, any others would have to manually assign
>addresses in order to use the network. That isn't security, but I'm not
>sure what you are trying to accomplish.
>
>I am also not sure that the DHCP leases can expire quickly enough for your
>needs. How often and how long are the users connected? How many users are
>you trying to make fit into the allowed pool of three?

Won't work. Microsloth DHCP will try to renew the lease in half the
lease time. First, the minimum lease time in RFC1541 is set to 1
hour. RFC2131 removed this minimum lease time restriction, but most
of the DCHP servers I've seen don't support the RFC2131 extensions and
expansions. About 4 years ago, I tried forcing the DHCP lease time to
15 minutes and found that old versions of Windoze 98, W2K pre-SP3, and
the early releases of XP, would do weird things. It varied from never
attempting to renew the lease to complaining that the delivered DHCP
lease was "corrupted" and therefore not accepting the initial DHCP
request. I have no clue if any of this has been fixed in the last 4
years but considering the large number of unpatched and out of date
systems currently in operation, I would suggest that 1 hr be
considered the minimum.

I just had another idea of how to do this. According to Cisco, the
NAT found in all cheapo routers is really PAT or Port Address
Translation. Real NAT (Cisco style) is a 1 to 1 mapping of routeable
IP addresses from the WAN side, to an equal number of LAN addresses.
This might work for whatever the OP is trying to accomplish. However,
the DI-524 cannot do this. The WRT54G with alternative firmware might
be able to do it. A more sophistocated router, such as Cisco, might
be necessary.

In the event that there are 3 routeable IP addresses delived by the
ISP, it is also possible to directly deliver these IP addresses to the
wireless clients. Again, the DI-524 is a lost cause for doing this,
and a more sophistocated router is required.

In both cases, there is no convenient mechanism for releasing the WAN
IP addresses. Whomever gets there first, wins. For release, one must
flush the arp table (this can be done automatically), which then
releases the IP address for the next user. In both cases, this can
turn into a real PITA.


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

"Eras" wrote in message
> "Smurf" wrote in message
> > I have a wireless Internet connection that has three allowed
> > client PC for three person. But it has a open password.
> > That means we can give the password to other people and
> > other people would able to connect more PC to the network,
> > which isn't allowed by the rule. So how can I restrict the
> > total allowed client PC to be three? Surely, the admin
> > password is only known by me.
> >
> > Here is a snapshot of the D-link router web interface. I
> > looked everywhere, it seems the channel setting on this page
> > is the most likely one to restrict client access. The
> > default is 6. But the help doesn't say much about it. Does
> > anyone know if this is the setting I should change to 3?
> >
> > http://www.geocities.com/rickatgp/snap.jpg
>
> Hi,
>
> As always, Jeff Liebermann offered excellent advise on how that would be
> possible using some sort of NOCAT setup. As he mentioned, this would
> require throwing another computer into the loop and most likely
re-arranging
> the way your network is setup. There is a pretty good (and free) NOCAT
> portal called "ZoneCD" that I believe can do exactly that. I'm using
ZoneCD
> myself, but don't have a restriction on number of clients.
>
> MAC filtering, as also mentioned, could work -- but from your message I'm
> assuming that you have a wide range of people that connect, but want to
set
> a limit at 3? If so, MAC filtering probably would be troublesome since
all
> the MAC's would have to in the router's database.
>
> I'm using primarily D-Link stuff also. I believe my AP's have a feature
> that allow the number of clients to connect (I'd have to look), but know
> with certainty that my D-Link router does not -- at least not directly.
To
> set a limit with the router, I would probably just configure it's DHCP
> server's range of IP's to accommodate only three dynamically assigned
IP's.
> I.e., say having the IP starting address begin at 192.168.0.x and end at
> 192.168.0.(x+2). Once all three are used up, clients could still connect
(I
> think) but wouldn't be given an IP and therefore couldn't pass traffic.
For
> ease of use, give all your permanently other pieces of hardware (other
AP's,
> bridges, ect) a different block and have them static.
>
> As for channels, as previously mentioned in this thread that is just the
> frequency used by the router/AP. It plays no bearing on the number of
> clients. (I.e., multiple clients can connect on the same
> channel/frequency.)
>
> Cheers!
> -E

Ah, after reading other replies and reading deeper into your initial post,
you are talking about a three IP limit on the WAN (public) side?
(ISP gives you three public IP's?) Not understanding how this is any
problem if you are using a router to create a private (W)LAN. (?)
Everything connected through your router should be funneled out to same
public IP. The ISP (most of them, anyway) could care less how many clients
you have on a private networked being funneled to one of their public IP's.
Er, maybe I'm still reading your post wrong. (?)

Cheers!
-E

On Mon, 20 Jun 2005 03:13:47 GMT, "Eras" <(E-Mail Removed)> wrote:


>> > I have a wireless Internet connection that has three allowed
>> > client PC for three person. But it has a open password.
>> > That means we can give the password to other people and
>> > other people would able to connect more PC to the network,
>> > which isn't allowed by the rule. So how can I restrict the
>> > total allowed client PC to be three? Surely, the admin
>> > password is only known by me.

>Ah, after reading other replies and reading deeper into your initial post,
>you are talking about a three IP limit on the WAN (public) side?
>(ISP gives you three public IP's?) Not understanding how this is any
>problem if you are using a router to create a private (W)LAN. (?)
>Everything connected through your router should be funneled out to same
>public IP. The ISP (most of them, anyway) could care less how many clients
>you have on a private networked being funneled to one of their public IP's.
>Er, maybe I'm still reading your post wrong. (?)
>
>Cheers!
>-E
I suppose the bottom line is if the op want's to restrict the number
of connections to just 3 *specific* PC's (in which case 'mac address'
filtering should do it?) or a max 3 from many (in which case the o/p
will need something more specialised)?

All the best ..

T i m