[kwlug-disc] OT? Running Wifi hotspots sanely

John Kerr jkerr0102 at rogers.com
Tue Mar 23 23:16:00 EDT 2010

Hi gang

OK I can't program worth a hoot but .....

Could an  OpenWRT program be written modified to use / read the same user database as a CMS like drupal?
Or yank out of Drupal the code that handles the registration and e-mailing of a password and put it 
into an openWRT program. this would be a way of handling user registration.

Just thinking.


We act as though comfort and luxury
were the chief requirements of life,
when all that we need to make us happy
is something to be enthusiastic about.
John Eddie Kerr | Guelph, Ontario 

From: Paul Nijjar <paul_nijjar at yahoo.ca>
To: kwlug-disc at kwlug.org
Sent: Mon, March 22, 2010 6:34:04 PM
Subject: [kwlug-disc] OT? Running Wifi hotspots sanely

I am trying to figure out sensible settings for a wifi hotspot, and I
am having trouble finding out what the best practices are. 

Technologically I want to use a router (pfSense) to handle DHCP and
so-called "captive portal" functionality that makes you click through
a page to access the Internet. I also want to have some OpenWRT
routers plugged in that actually provide access to the network. I
think I have some of this figured out, but I am stumbling over how to
run this hotspot sanely: 

- Do I want to have any kind of encryption (WPA/WPA2) on the wireless
  routers? Or should I be leaving the access unencrypted and have the
  portal page do all the authentication?

- Do I want to bother with usernames and passwords for the hotspot?
  For now I don't think we are bothering to charge for Internet
  access. We still could have usernames and passwords for the day, but I
  don't know whether this is worth the effort.

- What kind of privacy concerns do I have to worry about? I am running
  quite a bit of logging for the rest of our users -- with the
  firewall logs that already exist I can identify a computer by MAC
  address and go so far as to see what websites are being accessed. 
  As a user I guess I feel a little uneasy about this. As an IT 
  admin I want to know what is happening on my network so I can
  stop/troubleshoot problems. I don't know whether there are rules 
  prohibiting me from logging certain things, and/or what kind of 
  forewarning I need to provide. (I would like to provide some heads
  up warning that we do record activity on the network.) 

- Because I am a terrible paranoid person, so far I am only allowing
  traffic out on DNS and HTTP/HTTPS ports (which I understand may not
  be DNS/HTTP/HTTPS traffic exclusively). Is this standard practice? Do
  public access locations generally permit traffic more liberally? 

- What else am I not considering? 

If you have answers to these questions or pointers to best practice
documents I would be grateful. This is new territory for me, and
wireless makes me squeamish at the best of times. 

- Paul


kwlug-disc_kwlug.org mailing list
kwlug-disc_kwlug.org at kwlug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20100323/a23fea65/attachment.html>

More information about the kwlug-disc mailing list