sheff1johnny Posted March 26, 2015 Share Posted March 26, 2015 I need help to set up a guest network. I am doing some voluntray work for the mental health action group. At the moment we have wired computers. However we want to be able to provide internet access to members over wi fi, what they can access through their phones or tablets. The main problems we are having is being able to protect the groups files from members. And the other is restricting what sites members can visit. We are using a BT hub 3, which appears to have no guest facillities included on it. Any help appreciated. Link to comment Share on other sites More sharing options...
mrbrit Posted March 26, 2015 Share Posted March 26, 2015 (edited) The simplest way of doing this would be buying a secondary router, with those facilities in mind. I have a similar setup in place. It all depends on how flexable you want to be with the guest network, how knowledgeable you are with networking, and if you would need after support. Edited March 26, 2015 by mrbrit Link to comment Share on other sites More sharing options...
sheff1johnny Posted March 26, 2015 Author Share Posted March 26, 2015 The simplest way of doing this would be buying a secondary router, with those facilities in mind. I have a similar setup in place. It all depends on how flexable you want to be with the guest network, how knowledgeable you are with networking, and if you would need after support. Where would be the best place to get hold of one, the cheaper the better. Or if anyone has an old router with guest capabilities they'd like to donate to Mental Health Action Group Sheffield drip us a line..cheers. Link to comment Share on other sites More sharing options...
mrbrit Posted March 26, 2015 Share Posted March 26, 2015 Might be worth approaching the likes of Maplin. Possibly send an email to their customer services. I know that they donated a CCTV kit to Whirlow farm a while back so worth a shot if its for a genuine cause. Link to comment Share on other sites More sharing options...
sheff1johnny Posted March 26, 2015 Author Share Posted March 26, 2015 Thanks for your help, we have an idea and just want to run it by you, and see if you think it would work. We plan on using our draytek vigor 2820, as the main router, from this we plan to run our BT Hub 3.0 to give us wi fi for our memebers to use. Do you think this would work, and if we run into any diffuculties could we possibly email you for further advice. Link to comment Share on other sites More sharing options...
Ghozer Posted March 26, 2015 Share Posted March 26, 2015 You have to turn off DHCP in the BT hub - though I still doubt it would work because they are not designed to operate that way You ideally need an old cable router that uses Ethernet and not DSL for the WAN connection. I have a spare and will be happy to set it up... Link to comment Share on other sites More sharing options...
mrbrit Posted March 26, 2015 Share Posted March 26, 2015 (edited) Thanks for your help, we have an idea and just want to run it by you, and see if you think it would work. We plan on using our draytek vigor 2820, as the main router, from this we plan to run our BT Hub 3.0 to give us wi fi for our memebers to use. Do you think this would work, and if we run into any diffuculties could we possibly email you for further advice. The problem with using the home hub as the secondary would be the lack of isolation from the main network. This could potentially cause a security issue, in the sense that anyone who has access to the WiFi would also have access to any potential shares on the network, unless properly secured. I'd certainly take ghozer up on his offer though, he has a good rep round here. ---------- Post added 26-03-2015 at 15:12 ---------- FAO: Ghozer. I guess you are familiar with tomato? Personally I'd set up the first bridge (br0) to a private WiFi network with wpa2 192.168.1.xxx subnet. Then a virtual wireless interface on a separate bridge (br1) with a subnet of 192.168.2.xxx. Then use iptables to create a rule to drop all requests to the 192.168.1.xxx interfaces. The captive portal on tomatoRAF is awesome, so an open WiFi network on the second WiFi interface could have a disclaimer. Edit: apologies for any formatting or grammatical errors. Typing on a mobile with fat fingers Edited March 26, 2015 by mrbrit Link to comment Share on other sites More sharing options...
Ghozer Posted March 26, 2015 Share Posted March 26, 2015 The problem with using the home hub as the secondary would be the lack of isolation from the main network. This could potentially cause a security issue, in the sense that anyone who has access to the WiFi would also have access to any potential shares on the network, unless properly secured. I'd certainly take ghozer up on his offer though, he has a good rep round here. ---------- Post added 26-03-2015 at 15:12 ---------- FAO: Ghozer. I guess you are familiar with tomato? Personally I'd set up the first bridge (br0) to a private WiFi network with wpa2 192.168.1.xxx subnet. Then a virtual wireless interface on a separate bridge (br1) with a subnet of 192.168.2.xxx. Then use iptables to create a rule to drop all requests to the 192.168.1.xxx interfaces. The captive portal on tomatoRAF is awesome, so an open WiFi network on the second WiFi interface could have a disclaimer. Edit: apologies for any formatting or grammatical errors. Typing on a mobile with fat fingers You're talking about using a PC as a router/relay I was talking about plugging one router directly into the other - if set up correctly it can be isolated while still having web access thinking something like OpenWRT (Which has multi layer capability as well as wi-fi relay mode and isolation etc) Link to comment Share on other sites More sharing options...
mrbrit Posted March 26, 2015 Share Posted March 26, 2015 You're talking about using a PC as a router/relay I was talking about plugging one router directly into the other - if set up correctly it can be isolated while still having web access thinking something like OpenWRT (Which has multi layer capability as well as wi-fi relay mode and isolation etc) No mate. I'm thinking a secondary router such as an e4200 flashed with tomato. Separate VLANs for both "sides" of the network. Will isolate traffic and host a small webserver with a captive portal. Link to comment Share on other sites More sharing options...
Ghozer Posted March 26, 2015 Share Posted March 26, 2015 No mate. I'm thinking a secondary router such as an e4200 flashed with tomato. Separate VLANs for both "sides" of the network. Will isolate traffic and host a small webserver with a captive portal. Ah - I was also talking a similar idea but using OpenWRT and something like the DLink DIR-315 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now