[ale] Putting wifi in the house
Joe Knapka
jknapka at kneuro.net
Tue Jan 31 11:29:45 EST 2006
Philip Polstra wrote:
> It isn't totally pointless. It will detour the casual bandwidth leach.
>
> For those of you that think it is fine to let your neighbors leach off
> your bandwidth consider this scenario: Your neighbor leaches off your
> network with his Windoze laptop. Your neighbor visits porn sites.
> Your neighbor picks up adware/spyware/viruses/worms. Your neighbor's
> laptop starts spewing spam. Your ISP shuts down your e-mail ability,
> and perhaps all your access.
>
> I don't care if others freeload on my network, but I don't trust them
> not to cause problems.
One thing you could do to possibly alleviate the "porn sucking by
outsiders" problem is to
force all wifi traffic that isn't from known MACs through a transparent
proxy. They will appear
to have free access via your wifi segment to the internet, but really
they will be going through
Squid or something similar. This can be accomplished using iptables to
transparently redirect
selected incoming traffic to the proxy.
Also, to prevent freeloaders from sucking all your bandwidth, the
"ultimate traffic conditioner"
<URL: http://lartc.org/howto/lartc.cookbook.ultimate-tc.html> can come
in handy.
I use it on my wireless segment, and also give bandwidth priority to a
couple of specific MAC
addresses (those of the machines I use for "work") -- any other machines
get limited to about 25%
of the available bandwidth when my prefferred machines are actually
using the wireless segment.
I don't restrict access to my wifi net to particular MACs, though, so
freeloaders don't have
any a priori reason to try MAC spoofery. And of course, anything
sensitive that goes
across wifi is wrapped in either IPsec or SSH.
Cheers,
-- JK
More information about the Ale
mailing list