<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: after-white-space; ">This is really a matter of unbridging the interfaces and setting up iptables rules to prevent certain network routing.<DIV><BR class="khtml-block-placeholder"></DIV><DIV>Coova is just a nice interface on top of OpenWRT. You can check out the OpenWRT wiki, which should have plenty of information on this subject. Or just google for it, since lots of people have written about lots of network configurations for OpenWRT.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Be aware that you likely have to login via ssh to the device, but it sounds like you aren't afraid of that, so it shouldn't be a big problem.<BR><DIV> <BR>-- <BR> Dana Spiegel<BR> Executive Director<BR> NYCwireless<BR> <A href="mailto:dana@NYCwireless.net">dana@NYCwireless.net</A><BR> <A href="http://www.NYCwireless.net">www.NYCwireless.net</A><BR> +1 917 402 0422<BR> <BR> Read the Wireless Community blog: <A href="http://www.wirelesscommunity.info">http://www.wirelesscommunity.info</A><BR> </DIV><BR><DIV><DIV>On Jan 11, 2007, at 4:46 PM, John Boushall wrote:</DIV><BR class="Apple-interchange-newline"><BLOCKQUOTE type="cite"><DIV>I have contacted the coova group, which was no help. I would like to modify the iptables settings to prevent wifi users from connecting to the lan subnet, but not prevent them from accessing the gateway to the internet.</DIV> <DIV> </DIV> <DIV>Do you have any suggestions for changes to the iptables commands to permit this access scheme?</DIV> <DIV> </DIV> <DIV>John Boushall<BR><BR><B><I>Benoit Grégoire <<A href="mailto:bock@step.polymtl.ca">bock@step.polymtl.ca</A>></I></B> wrote:</DIV> <BLOCKQUOTE class="replbq" style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">On Wednesday 10 January 2007 10:30, John Boushall wrote:<BR>> I would like to exclude access to the local lan that the gateway is<BR>> connected to, with the exception of the authentication server and the<BR>> gateway out to the internet.<BR>><BR>> I have tried to configure the exclusions, but it results in excluding<BR>> access to all of the lan.<BR>><BR>> I am using the CoovaAP firmware (will be upgrading to 1.0 beta 3<BR>> shortly.)<BR>><BR>> Thank you for your help.<BR><BR>You should probably ask on a Coova list, this has little to do with wifidog.<BR>-- <BR>Benoit Grégoire<BR>Technologies Coeus inc.<BR></BLOCKQUOTE><BR><DIV> <BR class="khtml-block-placeholder"></DIV><HR size="1">Access over 1 million songs - <A href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=36035/*http://music.yahoo.com/unlimited/">Yahoo! Music Unlimited.</A><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">_______________________________________________</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">WiFiDog mailing list</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><A href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</A></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><A href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</A></DIV> </BLOCKQUOTE></DIV><BR></DIV></BODY></HTML>