What I am doing at home with wireless is creating a new optional
interface in m0n0wall on a different "network" and then putting the
wireless on its own vlan in my switch. At that point, anyone connected
to wireless can't get to my local network since it is on a different
"segment" all together. The different vlans also help separate traffic.
It may be overkill but part of the fun is making it all work. Nobody on
the wireless network can see my local wired network, one machine on the
local wired network can get to the access point for snmp graphing and
that is it. All other traffic is blocked to make sure that 99% of the
traffic is separate.
I'm not using captive portal yet, I haven't had a single person other
than myself use this "open" wireless yet. Even if they did, they also
have the lowest traffic priority in my switch with regards to QoS so
they won't be hogging all the bandwidth.
From: Alex M [mailto:radiussupport at lrcommunications dot net]
Sent: Saturday, August 12, 2006 12:43 PM
To: Monowall Support List
Subject: [m0n0wall] Shared files are avalible even when user is not
authenticated by CP
Why shared files are available to users even though they are not
authenticated by CP, they just connected to the network.
a. how can I block that, so files are not visible before user is loged
in (Not just disabling NetBios as static firewall rule)
b. Is it possible to make automatic virtual networks where lats say comp
A abd B sharing files together but comp C cant see that file sharing
whatsoever? Solething like VPN but only on the router base.