Re: [PLUG] dual networking question

Rich Freeman on 27 Jan 2013 08:10:14 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] dual networking question

From: Rich Freeman <r-plug@thefreemanclan.net>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] dual networking question
Date: Sun, 27 Jan 2013 11:10:09 -0500
Cc: Carl Johnson <cjohnson19791979@gmail.com>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=H3oR7zS7PZ1uzVOKDP5T8KYdIyb/jnYLOT+T6F3R3L8=; b=qy6N6gegGfXRtEyEBSknXxWiwCLkPqMcW+RIhxONrR6/CKqRhvag0cqW6yi3qbEsci ztrajbq+CBMZ5TkSiGhJ6rhrIZfmiKN9JkFSfDDr94GaUKL6OA9yXzwbpEnoPsA5awg3 a5lNYR9CJ6/sizIl1b/a1B7wLzKRjkhx+f/ApEbFVaDagbz55xknTaR0h2FUmf+DS5JA AaialMSdRmVGcookTJ+CJLaIzwhBEqGDtEZC42IbQVKpdlT7vK21aoB7hNfkuIRojqbv wY1aWzGWnw3OU6pJlNuGdI6O5+mJy6h6mFYfoYXXpsKBQzSlueA/TQt9fNJ8KlybXJYS uXeA==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: plug-bounces@lists.phillylinux.org

On Sun, Jan 27, 2013 at 10:58 AM, David Coulson <david@davidcoulson.net> wrote:
> because a church wants to maintain a linux firewall, right? :)
>
> Wait until someone moves away, or is unavailable, and you have a huge mess
> on your hands. Better to make it really simple.
>

I was tending to think the same thing, which is probably why somebody
suggested two internet connections (with two cheap routers).  I think
that is needlessly wasteful, but there are simpler options.

I'll assume that right now your church just has a simple wireless
router that has a LAN interface and an internet interface and the WiFi
is bridged to the LAN.  That's how every consumer router comes out of
the box.

Leave all that alone, and configure that WiFi as your protected
private WiFi.  It gets full internet access, and it is bridged on the
LAN.

Get a second wireless router and plug the internet port on it into
your LAN.  Configure it to just get an IP via DHCP (which will come
from the LAN router).  Set up rules on that router to block access to
the LAN subnet with the exception of its gateway.  Open up its WiFi
access.

The public WiFi will be double-NATed but I don't see that as a big
deal.  It won't be able to do anything but get to the Internet.  The
configuration is fairly simple and you don't touch the existing LAN
setup at all.

Your other option is to get a fancier router designed to handle these
sort of things - some of the DDWRT-out-of-the-box routers can probably
handle something like this, and probably include some kind of
terms-of-service click-through page as well.  Then you can just run
your whole network on one router.

Either way you'll want to document things, and if something breaks
they'll still need to have some kind of idea what they're doing to fix
it.  But, either solution is lighter than a linux router with three
interfaces and two wireless access points.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] dual networking question
  - From: "Eric at Lucii.org" <eric@lucii.org>
- Re: [PLUG] dual networking question
  - From: Carl Johnson <cjohnson19791979@gmail.com>
- Re: [PLUG] dual networking question
  - From: David Coulson <david@davidcoulson.net>

Prev by Date: Re: [PLUG] dual networking question
Next by Date: Re: [PLUG] dual networking question
Previous by thread: Re: [PLUG] dual networking question
Next by thread: Re: [PLUG] dual networking question
Index(es):
- Date
- Thread