Posted: 3/18/2011 10:51:27 AM EDT
|
I am going to set up a public wireless access point at some small retail locations, and I wanted to check with you guys that have dealt with these before to get some best practices. These are going to be run on dedicated DSL or cable connections that are in no way related to my LAN. Here are the three sections that I am concerned with, let me know if there are any others please:
Disclaimer I know when I go to other public wifi locations, there is always a disclaimer to accept before you can function. I imagine there are some legal ramblings that users have to sign off on in order to protect the businesses. Is there anything I should be concerned about here? Ports/traffic to block It seems that bit torrent traffic should be blocked, and I often hear of people throttling or outright blocking SMTP on port 25 to prevent spamming. Anything else you would do? Hardware I'm really not what router/AP to buy. I know I need something that can support the above features like the "accept" page. Are there any best in class devices or recommendations? Thanks guys I really appreciate it. |
|
Consult a lawyer for a small fee to know what you can be held liable for if/when people start doing bad things on your link. And don't be fooled that by putting a disclaimer that is has any legal merit. I'd spend a little cash on a lawyer to find out all the details. police and shape the line too. The above poster who mentioned the content filter has the right idea. ETA: http://www.dd-wrt.com/wiki/index.php/Chillispot It's free firmware that supports a multitude of routers/ap's. This is the hotel-style setup that greets with a screen before surfing. |
|
To continue..
3. Log Everything. Notify users that this is being done. 4. The FreeBSD built in firewall (IPFW) supports a system called 'dummynet' that lets you do traffic shaping. Do this. Limit connections(*) to 64 or 128kbit each. This will prevent people from abusing the bandwidth. (*) This is done on a TCP connection by connection basis, not on a per-client basis. Basically you're giving them 128kbit per site, not 128kbit total for their connection. The browser will use up to 4 or so (default) connections per site to download the text content and images, and the number resets to 0 for each site you're on if you're using multiple windows/ tabs, so its faster than it sounds. It will limit people trying to download music, movies, etc very effectively though. |
|
their are some services that you can get. I have used OpenDNS for content filtering. Depending on your lawyers point of view you might need a wireless lan controller for a terms of service redirect. I know most places around here have it. If not a cheap Net gear 3500L router should do it. make sure your account names and passwords are changed on all of your devices and change the IP addresses if you can.
Thier are many services out thier also that can manage it for you. http://www.pcmag.com/article2/0,2817,1883666,00.asp |