[isf-wifidog] LAN and WLAN Seperation

Aaron Z aaronz at pls-net.org
Ven 26 Juin 15:22:53 EDT 2009 

That is correct, I should have made it clear that this is assuming that the WAP is ONLY connected to the business network by its WAN port and that no business traffic passes through the WAP (via the LAN ports or via the WLAN). If that is the case it is more complicated, but not impossible to do (I do something somewhat similar for our libraries). 
In the scenario I sent earlier, the address range of the buisness network (on the WAN side of the WAP) would be 192.168.3.x and the address range of the wireless network (LAN or WLAN side of the WAP) would be 192.168.1.x 

Aaron Z 

----- "Ian Gough" <igough57 at gmail.com> wrote: 
> From: "Ian Gough" <igough57 at gmail.com> 
> To: "WiFiDog Captive Portal" <wifidog at listes.ilesansfil.org> 
> Sent: Friday, June 26, 2009 3:10:59 PM GMT -05:00 US/Canada Eastern 
> Subject: Re: [isf-wifidog] LAN and WLAN Seperation 
> 
> My understanding is that the WLAN and LAN by default are on the same subnet and that all wireless and wired access by default go through wifidog. Can anybody verify if this is true? 
> 
> If so, then setting up the firewall rule shown below would not work if the business's computers are plugged into the wireless router without more configuration. 
> 
> ian 
> 
> 
> On Fri, Jun 26, 2009 at 2:11 PM, Aaron Z < aaronz at pls-net.org > wrote: 
> 

In Wifidog.conf there is a section called "FirewallRuleSet global", if you have the WAN port on your box connected to the rest of your network (so that the wireless users are on a different subnet than your buisness machines) you can change the setting to be as shown, this will prevent your guests from accessing the 192.168.3.x subnet. 
> 
> # Rule Set: global 
> # 
> # Used for rules to be applied to all other rulesets except locked. 
> FirewallRuleSet global { 
> ## Use the following if you don't want clients to be able to access machines on 
> ## the private LAN that gives internet access to wifidog. Note that this is not 
> ## client isolation; The laptops will still be able to talk to one another, as 
> ## well as to any machine bridged to the wifi of the router. 
> FirewallRule block to 192.168.3.0/24 
> } 
> 
> HTH 
> 
> Aaron Z 
> 
> ----- "casey w ballard" < casey.w.ballard at gmail.com > wrote: 
> > From: "casey w ballard" < casey.w.ballard at gmail.com > 
> > To: wifidog at listes.ilesansfil.org 
> > Sent: Friday, June 26, 2009 1:00:15 PM GMT -05:00 US/Canada Eastern 
> > Subject: [isf-wifidog] LAN and WLAN Seperation 
> 
> > 
> > Hello, I can't seem to find the information anywhere on the FAQ secitons so I geuss I will ask it here. I am planning to implement this feature at my cafe but I dont want the wireless clients to be able to get access to my dell registers or computerized security system. Is there any way that I may block the wireless clients from being able to see the other wired computers? 
> > -Casey 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20090626/0afff19f/attachment.htm

Plus d'informations sur la liste de diffusion WiFiDog