How to set up a public acess point

Discussion in 'Wireless Networking' started by yar, Nov 17, 2004.

  1. yar

    yar Guest

    Hi

    I have a small hotel, I want to give my guests access to the internet but I
    do not want to compromise my own home network.

    I currently have 4 pcs networked together with fixed IPs and a wireless
    access point that my apple express connects to for music and my daughters
    laptop, this has a key to access.

    I have been told that I can fit another access point with a different range
    of IP addresses and subnet mask that this would enable a connection but stop
    people getting to my network.

    I have also been told that if I attach another pc to my network fix the ip
    and then firewall it from my pcs I could then fit a wireless card share the
    connection and this would protect my network as well.

    I do not know enough about this, could some one please point me in the right
    direction.

    Thanks
    yar, Nov 17, 2004
    #1
    1. Advertising

  2. yar

    Dana Brash Guest

    Hi,

    You could certainly route another subnet off using a wireless AP/router
    combo.
    You probably have DSL or a cable modem, right?
    This would then lead into a router of some type, presumably your current
    configuation.
    From your current configuration, you could add the new router, and have the
    'Public' side of the new router be on your current subnet.

    Then you would have a new subnet behind the new router that your guests
    could use.

    However, I'd reverse it, and put guests in the front subnet, essentially
    creating a DMZ.


    /---------\
    | Internet |
    | |
    \---------/
    |
    |
    |
    \/ PUBLIC IP
    [ROUTER]--------------------------------------
    | Private IP (192.168.0.1)
    | \ \
    | \ 192.168.0.x/24 \
    | [Hotel Guests] \ DMZ
    | /
    | /
    |192.168.0.2 /
    [ROUTER 2] -------------------------------------
    | 192.168.1.1
    |
    |
    /----------\
    | Home |
    | Clients | 192.168.1.x/24
    \----------/


    This is NO replacement for proper anti-virus, malware/spyware, personal
    firewall, good common-sense practices to protect yourself. Particularly if
    you've got a lot of transient traffic in your DMZ, you'll want to make sure
    both routers are working well as firewalls, and that all your computers are
    running good AV and personal firewalls.

    --
    HTH,
    =d=


    Dana Brash
    MCSE, MCDBA, MCSA



    "yar" <> wrote in message
    news:...
    > Hi
    >
    > I have a small hotel, I want to give my guests access to the internet but

    I
    > do not want to compromise my own home network.
    >
    > I currently have 4 pcs networked together with fixed IPs and a wireless
    > access point that my apple express connects to for music and my daughters
    > laptop, this has a key to access.
    >
    > I have been told that I can fit another access point with a different

    range
    > of IP addresses and subnet mask that this would enable a connection but

    stop
    > people getting to my network.
    >
    > I have also been told that if I attach another pc to my network fix the ip
    > and then firewall it from my pcs I could then fit a wireless card share

    the
    > connection and this would protect my network as well.
    >
    > I do not know enough about this, could some one please point me in the

    right
    > direction.
    >
    > Thanks
    >
    >
    Dana Brash, Nov 17, 2004
    #2
    1. Advertising

  3. yar

    yar Guest

    Hi

    Thanks for the information.

    But not know a lot about this, how do I connect another router to the main
    router?.

    Also what's a DMZ.

    Thanks
    "Dana Brash" <> wrote in message
    news:...
    > Hi,
    >
    > You could certainly route another subnet off using a wireless AP/router
    > combo.
    > You probably have DSL or a cable modem, right?
    > This would then lead into a router of some type, presumably your current
    > configuation.
    > From your current configuration, you could add the new router, and have
    > the
    > 'Public' side of the new router be on your current subnet.
    >
    > Then you would have a new subnet behind the new router that your guests
    > could use.
    >
    > However, I'd reverse it, and put guests in the front subnet, essentially
    > creating a DMZ.
    >
    >
    > /---------\
    > | Internet |
    > | |
    > \---------/
    > |
    > |
    > |
    > \/ PUBLIC IP
    > [ROUTER]--------------------------------------
    > | Private IP (192.168.0.1)
    > | \ \
    > | \ 192.168.0.x/24 \
    > | [Hotel Guests] \ DMZ
    > | /
    > | /
    > |192.168.0.2 /
    > [ROUTER 2] -------------------------------------
    > | 192.168.1.1
    > |
    > |
    > /----------\
    > | Home |
    > | Clients | 192.168.1.x/24
    > \----------/
    >
    >
    > This is NO replacement for proper anti-virus, malware/spyware, personal
    > firewall, good common-sense practices to protect yourself. Particularly
    > if
    > you've got a lot of transient traffic in your DMZ, you'll want to make
    > sure
    > both routers are working well as firewalls, and that all your computers
    > are
    > running good AV and personal firewalls.
    >
    > --
    > HTH,
    > =d=
    >
    >
    > Dana Brash
    > MCSE, MCDBA, MCSA
    >
    >
    >
    > "yar" <> wrote in message
    > news:...
    >> Hi
    >>
    >> I have a small hotel, I want to give my guests access to the internet but

    > I
    >> do not want to compromise my own home network.
    >>
    >> I currently have 4 pcs networked together with fixed IPs and a wireless
    >> access point that my apple express connects to for music and my daughters
    >> laptop, this has a key to access.
    >>
    >> I have been told that I can fit another access point with a different

    > range
    >> of IP addresses and subnet mask that this would enable a connection but

    > stop
    >> people getting to my network.
    >>
    >> I have also been told that if I attach another pc to my network fix the
    >> ip
    >> and then firewall it from my pcs I could then fit a wireless card share

    > the
    >> connection and this would protect my network as well.
    >>
    >> I do not know enough about this, could some one please point me in the

    > right
    >> direction.
    >>
    >> Thanks
    >>
    >>

    >
    >
    yar, Nov 17, 2004
    #3
  4. yar

    Jack Guest

    Hi
    A simple way to separate your Network from the guests is by creating two
    networks.

    First Network would be a Router with an Access Point and (or a Wireless
    Cable/DSL Router) for the guests Network.

    Then plug a second Router's WAN port into a regular port on the Guest's
    Router.

    Configure the LAN part of the second Router for your Network.

    Your Network will be able to access the Internet and the Guest Network, but
    the Guest Network will not be able to connect to your Network since the
    second Router Firewall (NAT) will block such attempts.

    Take into consideration that this does not solved general security problems
    that are involved in providing Public Internet access, unfortunately such
    issues are beyond the scope of Newsgroup medium.

    Jack (MVP-Networking).

    http://www.ezlan.net







    "yar" <> wrote in message
    news:...
    > Hi
    >
    > I have a small hotel, I want to give my guests access to the internet but

    I
    > do not want to compromise my own home network.
    >
    > I currently have 4 pcs networked together with fixed IPs and a wireless
    > access point that my apple express connects to for music and my daughters
    > laptop, this has a key to access.
    >
    > I have been told that I can fit another access point with a different

    range
    > of IP addresses and subnet mask that this would enable a connection but

    stop
    > people getting to my network.
    >
    > I have also been told that if I attach another pc to my network fix the ip
    > and then firewall it from my pcs I could then fit a wireless card share

    the
    > connection and this would protect my network as well.
    >
    > I do not know enough about this, could some one please point me in the

    right
    > direction.
    >
    > Thanks
    >
    >
    Jack, Nov 17, 2004
    #4
  5. yar

    Dana Brash Guest

    Hi Yar,

    Every router has (at least) two ports. Most home office equipment will
    refer to these as WAN (Wide Area Network, aka Public) and LAN (Local Area
    Network, aka Private). Each of these ports will be assigned an IP address.
    In my diagram below, I show the IP addresses on routers on the side of the
    router that that port should be plugged into.

    To connect another router to the main router, you would simply plug in the
    wires. You must then configure the router to use the right IP information.
    Jack posted some very clear instructions on how to do this.

    DMZ stands for De-Militarized Zone. The concept is that there is a 'safe
    zone' that acts as a buffer between two areas. Generally companies will
    build a DMZ to host servers that are exposed to the internet (for FTP or web
    services for example). In this case, it is an extra layer between your
    family's network and the internet, and it would be the place where you allow
    your guests to access the internet from.

    Without a basic understanding of networking and TCP/IP, this will be a
    difficult task. There are plenty of materials out there to read, Google
    would be a good place to start, followed by your local bookstore. Also try
    this link: http://www.wown.com/

    But it sounds to me like you're in the business of running a hotel, and
    probably don't want to spend a couple weeks reading up on subnetting and
    routing. So delegate.... I am SURE that you either know someone directly,
    or someone you know knows someone, who has already done this reading. Find
    this person, ask them for their help. Offer to buy them dinner or beers, or
    pay them, or whatever they want, and ask them to set it up for you. It
    should take them an hour or so if they fully test it. If you are interested
    in learning, watch over their shoulder and get them to tell you what they're
    doing.

    --
    HTH,
    =d=


    Dana Brash
    MCSE, MCDBA, MCSA



    "yar" <> wrote in message
    news:...
    > Hi
    >
    > Thanks for the information.
    >
    > But not know a lot about this, how do I connect another router to the main
    > router?.
    >
    > Also what's a DMZ.
    >
    > Thanks
    > "Dana Brash" <> wrote in message
    > news:...
    > > Hi,
    > >
    > > You could certainly route another subnet off using a wireless AP/router
    > > combo.
    > > You probably have DSL or a cable modem, right?
    > > This would then lead into a router of some type, presumably your current
    > > configuation.
    > > From your current configuration, you could add the new router, and have
    > > the
    > > 'Public' side of the new router be on your current subnet.
    > >
    > > Then you would have a new subnet behind the new router that your guests
    > > could use.
    > >
    > > However, I'd reverse it, and put guests in the front subnet, essentially
    > > creating a DMZ.
    > >
    > >
    > > /---------\
    > > | Internet |
    > > | |
    > > \---------/
    > > |
    > > |
    > > |
    > > \/ PUBLIC IP
    > > [ROUTER]--------------------------------------
    > > | Private IP (192.168.0.1)
    > > | \ \
    > > | \ 192.168.0.x/24 \
    > > | [Hotel Guests] \ DMZ
    > > | /
    > > | /
    > > |192.168.0.2 /
    > > [ROUTER 2] -------------------------------------
    > > | 192.168.1.1
    > > |
    > > |
    > > /----------\
    > > | Home |
    > > | Clients | 192.168.1.x/24
    > > \----------/
    > >
    > >
    > > This is NO replacement for proper anti-virus, malware/spyware, personal
    > > firewall, good common-sense practices to protect yourself. Particularly
    > > if
    > > you've got a lot of transient traffic in your DMZ, you'll want to make
    > > sure
    > > both routers are working well as firewalls, and that all your computers
    > > are
    > > running good AV and personal firewalls.
    > >
    > > --
    > > HTH,
    > > =d=
    > >
    > >
    > > Dana Brash
    > > MCSE, MCDBA, MCSA
    > >
    > >
    > >
    > > "yar" <> wrote in message
    > > news:...
    > >> Hi
    > >>
    > >> I have a small hotel, I want to give my guests access to the internet

    but
    > > I
    > >> do not want to compromise my own home network.
    > >>
    > >> I currently have 4 pcs networked together with fixed IPs and a wireless
    > >> access point that my apple express connects to for music and my

    daughters
    > >> laptop, this has a key to access.
    > >>
    > >> I have been told that I can fit another access point with a different

    > > range
    > >> of IP addresses and subnet mask that this would enable a connection but

    > > stop
    > >> people getting to my network.
    > >>
    > >> I have also been told that if I attach another pc to my network fix the
    > >> ip
    > >> and then firewall it from my pcs I could then fit a wireless card share

    > > the
    > >> connection and this would protect my network as well.
    > >>
    > >> I do not know enough about this, could some one please point me in the

    > > right
    > >> direction.
    > >>
    > >> Thanks
    > >>
    > >>

    > >
    > >

    >
    >
    Dana Brash, Nov 18, 2004
    #5
  6. yar

    yar Guest

    Okay thanks for all the help



    "Jack" <www.ezlan.net> wrote in message
    news:%...
    > Hi
    > A simple way to separate your Network from the guests is by creating two
    > networks.
    >
    > First Network would be a Router with an Access Point and (or a Wireless
    > Cable/DSL Router) for the guests Network.
    >
    > Then plug a second Router's WAN port into a regular port on the Guest's
    > Router.
    >
    > Configure the LAN part of the second Router for your Network.
    >
    > Your Network will be able to access the Internet and the Guest Network,
    > but
    > the Guest Network will not be able to connect to your Network since the
    > second Router Firewall (NAT) will block such attempts.
    >
    > Take into consideration that this does not solved general security
    > problems
    > that are involved in providing Public Internet access, unfortunately such
    > issues are beyond the scope of Newsgroup medium.
    >
    > Jack (MVP-Networking).
    >
    > http://www.ezlan.net
    >
    >
    >
    >
    >
    >
    >
    > "yar" <> wrote in message
    > news:...
    >> Hi
    >>
    >> I have a small hotel, I want to give my guests access to the internet but

    > I
    >> do not want to compromise my own home network.
    >>
    >> I currently have 4 pcs networked together with fixed IPs and a wireless
    >> access point that my apple express connects to for music and my daughters
    >> laptop, this has a key to access.
    >>
    >> I have been told that I can fit another access point with a different

    > range
    >> of IP addresses and subnet mask that this would enable a connection but

    > stop
    >> people getting to my network.
    >>
    >> I have also been told that if I attach another pc to my network fix the
    >> ip
    >> and then firewall it from my pcs I could then fit a wireless card share

    > the
    >> connection and this would protect my network as well.
    >>
    >> I do not know enough about this, could some one please point me in the

    > right
    >> direction.
    >>
    >> Thanks
    >>
    >>

    >
    >
    yar, Nov 18, 2004
    #6
  7. On Thu, 18 Nov 2004 00:29:47 +0800, "Dana Brash"
    <> wrote:

    >You could certainly route another subnet off using a wireless AP/router
    >combo.
    >You probably have DSL or a cable modem, right?


    And some networking info.

    We provide Internet access by simply making the gateway information
    available to the users. The wireless connection does not give them
    access to the network, but the WAP will connect enough with the
    network to give a path to the gateway.

    Every user so far has been able to access the net even though the WAP
    can be seen by only my PC and one server. I've played with my own
    laptop on the wireless access and have been unable to get on the
    network proper (intentional BTW, the WAP settings are not at all
    looking to the net).

    The same has been true of terminal added on the network for Internet
    surfing. As long as the gateway is set properly, the terminal works
    without much other connectivity. In fact, the ones set up for the
    network will surf the Internet even when the network connection fails
    almost completely.

    -Curtis Russell
    Controller
    Washington DC JCC
    Curtis L. Russell, Nov 18, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page