2011/4/6 Elazar Leibovich <[email protected]> > I want the settings in my wireless router to be, ideally: > 1) Anonymous have access only to the internet, any packet will be either > routed "outside" of the router or dropped. > 2) Authenticated users (by any means) will be able also to access the inner > network. > > Even just achieving 1 for everyone (and drop authentication altogether) is > good enough. > > How can I implement this rules? > > The easiest solution which came to my mind is: > 1) Set known macs to be mapped to IP in 192.168.1.*, unknown macs to be > mapped to 192.168.2.* (I think it's possible in many home routers) > 2) Somehow tell the router to route all traffic (except the one coming from > a PC A) to a PC A. (Not so sure it's possible). > 3) In PC A, route all packets to the router, and drop packets whose > destination is in 192.168.*, (this should be a simple IPtable rule). > > Another solution - plug your ears instead of curing your bedmate's snoring. > 1) Leave the router as it is, ignore any packets not coming from a known > whitelist (can you tell linux to filter packets based on MAC? Even if you > can't use IP whitelist and force the known MACs to be mapped to IPs in the > whitelist, preventing unknown MACs from being mapped to the whitelist). > > I of course prefer everything to be done in the router, but I'm not sure > it's possible. > > Best solution: Use a router that has a 'guest network' feature. Many do (especially the expensive ones ;)). Some can have it when their firmware is replaced (read: dd-wrt and friends). e.g. http://www.dd-wrt.com/wiki/index.php/VLAN_Detached_Networks_%28Separate_Networks_With_Internet%29
Changing your MAC is pretty trivial... -- Shimi
_______________________________________________ Linux-il mailing list [email protected] http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
