I live at a college dorm, and the people around here like to play Wolfinstein: Enemy Territory. Each dorm room comes with two Ethernet ports, which gave them a couple limitations:
1) Only two people could play in a room
2) Anyone playing would need an ethernet cable, which in a dorm with free wifi, is rare.
I offered to let them use my Linux Desktop as a wireless router and host a couple people. I have an atheros based wifi card with an ethernet port. I connected the ethernet cable to the school's internet, and setup a dhcp server on my PC and set it to Master mode. I will set up a WEP/WPA key later tonight, I think the school requires it for anyone to sets up a router, but I have a few questions about additional security:
1) Should I allow anyone connected to my wireless to access the internet?
2) Should I worry about setting up a chroot environment or something?
3) What other precautions should I take for their safety?
It's a pretty small dorm, and I know of only one other person here that uses linux, but he isn't too into it. Would a WEP/WPA password be adequate protection?
Also, if my linux box is connected to the ethernet port, will other PC's connected by ethernet be able to contact PC's connected to by linux box?

No, dont open your self up to that. In my state you are liable if someone uses your equipment to search out kiddy porn or hacks into something.

let them worry about their own safety. but for the safety of your box turn on the firewall and only open what you need for ports/protocols

for most end users yea


depends on how the network is setup. if you are all sharing a switch then sure. Turn the firewall on (i cant say that enough). when your on a LAN every one is assumed friendly...

For this all to work, I need to have it setup like this:
In my room there are people on laptops connecting to my PC, which is connected by ethernet to the school's router and dhcp server, which connects the users using ethernet in other rooms, as well as the internet.
Is it possible to deny access to the users in my room access to the internet, while still allowing access to PC's on the school's LAN?

So just to clairify...


wireless clients connect to your PC via Wi-Fi.
your PC is connected to the schools LAN via eithernet; effectivly acting as a bridge.
The LAN is connected to the I-net

If you wanted to limit your clients to be able to only access other wireless clients and your PC then yes I believe you could. To keep them from the internet by not setting a defauly gateway on the wireless NIC in your PC.
However they would not be agle to access the schools LAN just the private LAN that you would create.