[ale] Putting wifi in the house

[Joe Knapka]

Philip Polstra wrote:

> It isn't totally pointless.  It will detour the casual bandwidth leach.
>
> For those of you that think it is fine to let your neighbors leach off 
> your bandwidth consider this scenario:  Your neighbor leaches off your 
> network with his Windoze laptop.  Your neighbor visits porn sites.  
> Your neighbor picks up adware/spyware/viruses/worms.  Your neighbor's 
> laptop starts spewing spam.  Your ISP shuts down your e-mail ability, 
> and perhaps all your access.
>
> I don't care if others freeload on my network, but I don't trust them 
> not to cause problems.

One thing you could do to possibly alleviate the "porn sucking by 
outsiders" problem is to
force all wifi traffic that isn't from known MACs through a transparent 
proxy.  They will appear
to have free access via your wifi segment to the internet, but really 
they will be going through
Squid or something similar.  This can be accomplished using iptables to 
transparently redirect
selected incoming traffic to the proxy.

Also, to prevent freeloaders from sucking all your bandwidth, the 
"ultimate traffic conditioner"
<URL: http://lartc.org/howto/lartc.cookbook.ultimate-tc.html> can come 
in handy.
I use it on my wireless segment, and also give bandwidth priority to a 
couple of specific MAC
addresses (those of the machines I use for "work") -- any other machines 
get limited to about 25%
of the available bandwidth when my prefferred machines are actually 
using the wireless segment.
I don't restrict access to my wifi net to particular MACs, though, so 
freeloaders don't have
any a priori reason to try MAC spoofery. And of course, anything 
sensitive that goes
across wifi is wrapped in either IPsec or SSH.

Cheers,

-- JK