How to I provide free wifi yet protect my office computers?

We are a small town of 5000 people and we don't have any local facility that provides residents with free wifi. I run an insurance agency and wanted to be able to offer this service. However, what I don't want is for someone to be able to hack their way into our computer systems that has our clients information on it.

Is there a way to use our office high speed internet service for free wifi but still protect our individual files? Thanks!

Bob

 

Hey Bob,

One method would be to use two separate routers. One for the Public and the other for your Office. However, this requires a business Internet modem which has 4 or more ports. If the current modem has one port, your ISP may be able to upgrade your package and furnish the business modem or you can buy a 3rd party business modem. Here's an example setup:

1. connect the modem to the internet to establish the wan ip in the modem.
2. connect the public router to one of the modem ports.
3. go into the modem settings and setup a dhcp reservation for the public router using the ip address 10.1.10.1.
4. now connect the office router into another modem port.
5. while still in the modem settings, setup a dhcp reservation for the office router using the ip address 10.1.10.2.
6. next, go into the public router settings. configure the Wan ip setting to Automatically obtain an IP address (which will always be the 10.1.10.1 ip given from the modem).
7. while still in the public router settings, configure The Lan Network with the starting lan ip 192.168.0.1 and also enable the dhcp server setting.
8. next, go into the office router settings. configure the Wan ip setting to Automatically obtain an IP address (which will always be the 10.1.10.2 ip given from the modem).
9. while still in the office router settings, configure The Lan Network with the starting lan ip 192.168.1.1 and also enable the dhcp server setting.

Reboot the modem, both routers and all pc's in the office.

attached is a basic diagram of how this would work.

*since the public router will be on a different ip addressing scheme (192.168.0.1) vs the office router (192.168.1.1), people using the public connection will never see or be able to access machines connected to the office router.

 

I just spoke with our internet provider (Mediacom) and they indicated that their business modems do not have more than one port. They recommended that I go buy a switch and run it off of that?

My current set up looks like this:

Modem hooked into an Apple Time Capsule then ethernets going to various computers throughout the office that are hard wired vs wireless (we have a few mac users that are wireless).

Can I take one of the ethernets off of the Time Capsule, route it into a router, and then use that router for the free wifi? Thanks for your help on this!

Bob

 

The problem will be, having enough bandwidth for not only you, but for everyone else. What you are looking to do, is along the lines of a WiSP. http://en.wikipedia.org/wiki/Wireless_Internet_service_provider Majority use a T1, or if they can afford a T3 or better.

http://www.dslreports.com/forum/wisp

 

I'd buy a Buffallo Router with DD-Wrt preinstalled. Then try this method
http://www.dd-wrt.com/wiki/index.php/VLAN_Detached_Networks_each_with_Wireless_and_Internet
or
http://www.smallnetbuilder.com/wire...uild-an-open-source-wi-fi-hotspot-with-dd-wrt

You can google around a bit and find better instructions, I can't find the page I was looking for.

Putting a switch in does not give you any protection for your private vs public network.. bad idea.

If you want to make it easier, VLAN one port on the DD-WRT router and plug it into a wireless access point.

 

Putting in a switch allows plently of protection, it goes modem - switch - two routers, each having a different wan ip, then from the router used for the business side you can plug in your business computers via ethernet. But honestly, becoming an mini isp for the town, opens many issues up that you probably dont want to mess with. I guess id like you to further explain what you want to provide, a wide area of coverage for people or just like a local im sitting at a mcdonalds with wifi kinda deal. If you want to go bigger then your building area you start running into business class equipment/high end wifi gear, and if your just talking lobby wifi you should be ok with cheap home user router/ap for those small amounts of users.

 

The problem with that, if someone uses the OP service to do bad things, the OP will be the one who gets in trouble. The best option, if they want to share inside their office, and not outside of it, would be to use something lie DD-WRT or pfsense to use a portal, that the person wishes to use the wifi, has to agree to the terms. Along with using Opendns to protect the network, from people trying to do bad things while connected.

 

A portal wont prevent issues as far as the isp goes, its still the same wan connection, and as far as a agreement for connecting off a portal, unless you have a lawyer hired to write said disclaimer/notice probably wouldn't hold up in court either. The op would still get introuble in any situation as its his wan connection. Basicly it boils down to controling access either way.

 

"Can I take one of the ethernets off of the Time Capsule, route it into a router, and then use that router for the free wifi? Thanks for your help on this!"

welcome. Yes, that's another option. If you go this route, then:

1. connect the new public router to the time capsule.
2. go into the time capsule settings and setup a dhcp reservation for the public router.
3. go into the public router settings and confirm that the wan settings are set to automatically obtain an IP address.
4. go to the Lan setup section and setup the lan ip addressing scheme. make sure that it is different from the time capsule Lan dhcp server ip address scheme. activate the dhcp server option.
5. As brownizs pointed out, you have to be concerned about bandwidth usage. so while setting up the dhcp server option limit the amount of ip addresses that can be used to something like 10-20 or so. this way only a certain amount of users can use the public at any given time.
6. while still in the public router settings, setup the wireless role as an Access Point and name the SSID different from that of the time capsule SSID. something like Public Wifi etc...
7. Don't activate the wireless security option so the connection will be open and free to connect to and use.
8. reboot, the modem and both routers.

 

I was putting the switch in a different place in my head.
We are also assuming that
1) his 'modem' will allow multiple IPs (has some DHCP service running).
2) His ISP doesn't have a rule against sharing his access.

 

Sounds like thats exactly what his isp is recommending.