Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm trying to figure out a solution that will make my tenants lives a bit easier, and at the same time, I don't want to put my network out in the open.
Here's my "idea"...
I have one outbound internet connection.
I currently have it tied to my router, and about 10 devices are attached to it. (printers, servers, vmware servers, machines)
Since I'm such a nice guy, I am going to be sharing my internet with some of my tenants.
Of course, this will be filtered content, and they are aware that porn and the like is forbidden.
I do NOT want them to be able to connect to my lan infrastructure.
I have another AP, and want to have them connect to it. It's a router/firewall all in one. Plug it in, configure it, allow access, done.
I do not want them to be able to access MY lan at all, and would like a way to be able to throttle their bandwidth usage. The router I have does not allow for bandwidth restrictions.
I'm thinking I might be able to pull this off with some sort of a VMware solution, but I don't know.
I really really really need to be able to throttle the bandwidth coming from that network segment, but I'm not really sure what will do the job. I'm willing to purchase a hardware device, if it will let me throttle the wireless. I don't want to spend a bunch of money tho.
Hopefully this makes some sense....
I guess the easiest way to describe it is I'm building two separate networks, on two different subnets, but they use the same gateway to the internet. I just don't want anyone to be able and look at my side of the network.
need to be able to throttle the bandwidth coming from that network segment, <snip> I just don't want anyone to be able and look at my side of the network.
That could be done relatively easily with OpenBSD's pf.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
You don't want them to be able to view your network because... they'll find your pr0n?
Ahh, but seriously... This is a very typical network deployment. All you need is a flexible firewall with 3 network interfaces. You plug one interface into your Internet-connected device (cable modem, DSL router, etc), and each of the other two interfaces plugs into a separate switch. You could attach a wireless AP to either switch and configure them with separate SSIDs, separate authentication keys, etc...
The key is that the firewall in the middle allows you to write rules such that no connections from interface B is allowed to go to interface C (assuming B is your guests, and C is your LAN). You can also configure separate QoS rules on each interface.
What allows you to do this? Well there are plenty of pre-built Linux and BSD OSs out there that are dedicated firewalls, or you could build your own solution from scratch by installing your favorite OS and writing the firewall rules by hand. The firewall OS could be installed "on bare metal", or on a VM, but either way you're going to want a box with 3 NICs in it. Most motherboards come with one built-in, so you'd install two more as expansion cards. Typically the built-in card has the lowest performance, so you'd use that for your Internet link since that's limited to the bandwidth of your cable/DSL connection any way. Use the two "good" cards for your LAN connections.
Well, I have business related stuff on my array, and I just don't want some jackass trying to sniff out my lan. I don't possess a single piece of porn on any of my machines. I happen to have a girlfriend. And a child. lol.
Anyway, I figured that would be the way to go about it. I have a stack of dual compaq netellegent lan cards, some old machines laying around too, so it sounds like i'll be pulling one of those out of the box and putting it to work.
They're the first firewalling distro that I'd heard of (back in 2001 I think) - of course it doesn't mean they are the first or even the best, but my buddies all swear by them.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.