Hey Max,<br>
<br>
Thanks for letting me know about wl0_ap_isolate option in wifidog
client - it's nice to know that authenticated users have some
protection from wanton wardrivers. I'll be proposing that we implement
the feature on all routers part of the Wireless Toronto network.<br>
<br>
Thanks again, Rein<br><br><div><span class="gmail_quote">On 2/19/06, <b class="gmail_sendername">Max Horváth</b> <<a href="mailto:max.horvath@maxspot.de">max.horvath@maxspot.de</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
-----BEGIN PGP SIGNED MESSAGE-----<br>Hash: SHA1<br><br>Hi Rein,<br><br>Rein Petersen wrote:<br><br>> Hi All,<br>><br>> I was performing a few tests with Wifidog client and found that a<br>> non-authenticated user was able to ping authenticated users.
<br>><br>> Is OpenWRT capable of isolating all network activity of non-<br>> authenticated users (by MAC address I suppose) to protect legit<br>> users from war-drivers?<br><br>There is no filtering possible.<br>
<br>What you might do is setting the NVRAM variable wl0_ap_isolate to the<br>value of 1. This will enable AP client isolation. It means that you<br>hide clients from each other. Setting it to 0 (which is enabled by<br>default) means that you allow clients to see each other.
<br><br>So wl0_ap_isolate=1 will not only disallow any communication between<br>unauthenticated users, but all. It is what we here at maxspot did.<br>Just to meet security issue. Cause it turns out that you cannot just<br>
filter between authenticated and unauthenticated users.<br>
</blockquote></div>