Re: [LUG] routing - cutting off a zone

To: list@xxxxxxxxxxxxx

Subject: Re: [LUG] routing - cutting off a zone

From: Daniel Robinson <manipula@xxxxxxxxx>

Date: Wed, 26 Aug 2015 20:38:22 +0100

Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx

Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1428397562; h=Sender:Content-Type:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Reply-To:Subject:To:From:Message-ID:Date:References:In-Reply-To:MIME-Version; bh=xP7wfCmG3DSE4EnUuG8CJue8PNdRCOWVUxC2uyI1sDA=; b=a1dQAC4evBEOuxkvic9OVRqoDD1z5Ys+1aickO8EyHlhDqtdLSN1lfcmhH+09z+ad9gf9ivgNRWXLlSA80edXCfa0rzvWU2k+v22g4PXE6XV+tsrX41Lc0UG87TdlK30gcwR/Xj1EnE5WPZcY+tz+i+z7p9CxVAWAGlNO96vYJw=;

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=nTzetO/nEzllmFD1tnes4RK+38TMQLvAQjSXjja+eB8=; b=Gc00dzK0v9NXLJrn+rsfrsWr59VnMvOfmzVM4dzbJY/ckXG7JPhcTpWnYFVim7RBit uRg/9qs8P25wYfuJSwCt6NwPbmNGII1JDwpvttypH3wrBN8eUNajxdTY/r8YmQZq+nB5 rb6ue3vOdTtOJEZLda1T22WiTKwTGo8TDIV4sIW1MYNql9r4ZjYubIqMqARL5uCr+okf kicL6ALKl2kdqRdJRf9OP0n5kd4VMw1UZkXsOOHua1sqkic5MyRFqIQrSxRnGwvVGPRv /WOK+DRVs79JHAtp/jfNOd1DSxm7dDK/8IFf8FXOgMsOyuJ4RPcQ5ejdueJOhuxsT67p vgjg==

Why not write in your software firewall a rule to deny any packets from that local ip pool.
Repeat for each device you want to protect.

On 26/08/15 19:51, mr meowski wrote:

On 26/08/15 18:57, Tom wrote:

I've managed to get a RaspberryPi to act as a hotspot for my holiday
cottage guests to connect to the internet.
My adsl router is 192.168.2.254 and the guests work from 192.168.10... .
I want to prevent them accessing the 192.168.2 network other than the
router - how can I get this to just sink anthng other than the nat
traffic ...
Tom te tom te tom

VLANs.

Does your router support them? Or potentially check "traffic isolation"
in your SSID settings, but that doesn't work as well as you think it
might (unless your guests are evil hackers, still probably not worth
bothering about it to be honest). Does your router support separate SSIDs?

There are a million ways to do this to be honest.

My router doesnt - its just a BT jobbie. I was hoping to just drop
anything from the holiday guests aimed at my network from 'their' wlan.
Just to clarify I have a BT router connected to the internet doing wifi.
A pi with 2 usb wifi cards a lot nearer our holiday cottages connected to the router on wlan0 (static ip ) and wlan1 doing isc-dhcp-server and hostapd which seems to connect ok and route to the router fine: tested it on a couple of machines and it seem as fast as the ADSL!
My brain has been washed out by the weather though!
Tom te tom te tom

--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq