How do I let people access the internet via an access point but not allow them access to my network

Discussion in 'Wireless Networks' started by yar, Sep 20, 2004.

  1. yar

    yar Guest

    I have a wired network with a router and switches to four pcs in my home
    network, I have now added a wi-fi access point to allow others access to my
    internet connection.

    I am unsure how to stop people gaining access to my home network once they
    have connected via the access point.

    My pcs have fixed ip addresses so I have added these ip addresses to my fire
    walls, will this be good enough.

    Please help and advise.
     
    yar, Sep 20, 2004
    #1
    1. Advertisements

  2. I don't think any of this can be done that easily - but I am not an
    expert so someone else might have better ideas. Any of the following
    should work:

    1. You have four machines. If you are using fixed IP addresses on
    your local machines make sure they run sequentially and then allow
    that sequence of four through the firewalls on each computer. Lock
    out anything else. However this means that machines connecting to
    your wireless network will also have to use fixed IP addresses.
    Should one of yours be turned off and another with the same address
    log in then it will get passed the firewall.

    2. Set your machines to use dynamically assigned IP addresses and
    turn on DCHP on your router. Use address reservation on the DCHP to
    make sure that each of your four machines is always allocated the same
    IP address. Set the firewalls as in (1). Other machines logging on
    to the wireless system will be assigned an IP address outside the
    trusted range and therefore will not have access through the
    firewalls.

    3. This is my favourite - do either of the above but use the
    operating systems on your local machines to restrict access to your
    shares. You will need to ensure each machine you use has the same
    username and password for your principal account. Set your shares
    only to accept access from machines presenting the right username and
    password. Then no-one that is not you can actually see anything you
    are sharing, they will just get an error message saying they do not
    have permission to access the resource and to contact their systems
    administrator.

    Hope this helps.
     
    Simon Pleasants, Sep 20, 2004
    #2
    1. Advertisements

  3. yar:
    some/most(?) routers these days allow for mac address filtering.....also if
    you use the built in dhcp server you may also be able to do client filetring
    per ip address range.....

    shockie B)
     
    shockwaveriderz, Sep 20, 2004
    #3
  4. if you have the wrt54g router from linksys , there is a firmware that allow
    to only permit internet navigation for the people that conect by wireless.

    By the way if your router allows acls its "easy". Put ip fixed in the wired
    part and put acls in the wired part only allowing outside trafic from the
    interface to the wired if it came from the wired part or make the acsl by
    mac's , but this more advanced.
     
    Juan Carlos \(El fortinero\), Sep 21, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.