Domain: lakeanne.net
Stories and comments across the archive that link to lakeanne.net.
Comments · 7
-
Re:Block egress port 25!
The harder it is to find an open relay or other means of injecting spam, the better. It makes spam busting technology work better (e.g. blacklists and other filters) and life more difficult for spammers.
In any case, as the story made clear, if your IP addresses are the source of spam, prepare to be blacklisted. Is being blacklisted so bad? All it means is you will have difficulty running a mail server. Why does everybody have to run a mobile mail server?
I run a non-profit wireless ISP, we make no mistake about our policies. We NAT to private address space, block everything, then open up selected ports that we feel are not subject to abuse. Sorry, but it is, after all, free access. A few people have noticed (not complained) that they cannot access their older e-mail systems (not using SSL, using port 25 for initial mail submission). However, VPNs, and most encrypted connections (including SSH!) are permitted. We don't care what you do on our network, but we're not willing to accept responsibility for innapropriate activity.
-
Re:Block egress port 25!
The harder it is to find an open relay or other means of injecting spam, the better. It makes spam busting technology work better (e.g. blacklists and other filters) and life more difficult for spammers.
In any case, as the story made clear, if your IP addresses are the source of spam, prepare to be blacklisted. Is being blacklisted so bad? All it means is you will have difficulty running a mail server. Why does everybody have to run a mobile mail server?
I run a non-profit wireless ISP, we make no mistake about our policies. We NAT to private address space, block everything, then open up selected ports that we feel are not subject to abuse. Sorry, but it is, after all, free access. A few people have noticed (not complained) that they cannot access their older e-mail systems (not using SSL, using port 25 for initial mail submission). However, VPNs, and most encrypted connections (including SSH!) are permitted. We don't care what you do on our network, but we're not willing to accept responsibility for innapropriate activity.
-
Re:Block egress port 25!
The harder it is to find an open relay or other means of injecting spam, the better. It makes spam busting technology work better (e.g. blacklists and other filters) and life more difficult for spammers.
In any case, as the story made clear, if your IP addresses are the source of spam, prepare to be blacklisted. Is being blacklisted so bad? All it means is you will have difficulty running a mail server. Why does everybody have to run a mobile mail server?
I run a non-profit wireless ISP, we make no mistake about our policies. We NAT to private address space, block everything, then open up selected ports that we feel are not subject to abuse. Sorry, but it is, after all, free access. A few people have noticed (not complained) that they cannot access their older e-mail systems (not using SSL, using port 25 for initial mail submission). However, VPNs, and most encrypted connections (including SSH!) are permitted. We don't care what you do on our network, but we're not willing to accept responsibility for innapropriate activity.
-
Re:What about the price? What about T1?
I am doing exactly that-- I have a cage with a T1 from the cage to my house. I am also supplying access for a local community WISP, so my costs are covered. I ran into some problems because my location is outside the LATA of the co-lo facility. So even though it is only 10 miles away, I would have to pay a very high local loop cost.
Then I got in touch with some folks at BTN, they got me set up with a MPLS connection. It is somewhat similar to a frame relay connection, in that it is not distance sensitive. My advantage is that BTN has a connection at my co-lo, so everything fit nicely into place.
So see if you can get a frame relay or MPLS T1, with a little research there might be a very cost effective solution. YMMV
-
Re: block IP ports
This is exactly the approach I took when setting up a similar hotspot. I published some of the technical details here. We use mostly Netgear wireless routers, and a FreeBSD box for the core firewall/gateway.
-
Loss leader
One of the most efficient deployments, in terms of billing, is as a loss leader. By this I mean where you deploy it for free, with the hopes that the increase in traffic (foot traffic) will more than make up for the cost. This model works for coffee shops, hotels, some restaurants, and perhaps even housing or office complexes.
Example (and shameless plug):
I have set up just such a network in the plaza where my office is located, Lake Anne (in Reston, Virginia). We have a T1, and have wired up four of the restaurants with access points. We are using 802.11b, no encryption, no signups, just come out and connect. The restaurants pay us for the access and to maintain the equipment, which goes a long way to defraying to cost of the T1. The restaurants have "WiFi Zone" stickers in the windows, and we are trying to get some local press coverage.Most days, I see at least a few people with their laptops in the various restuarants (one of them is, in fact, a coffee shop). I can hardly wait for the spring, since the access extends to the benches surrounding the dock (the plaza is at one end of a small lake).
For the curious, we use a combination of Netgear wireless routers, Apple Airport Extremes, and a FreeBSD gateway/firewall (with a Sangoma T1 adapter in it-- no router necessary). Our F.A.Q. (a work in progress) covers the most common questions people have to hook up, and the restaurants all have a printout of it just in case . The best part is, it works!
-
Loss leader
One of the most efficient deployments, in terms of billing, is as a loss leader. By this I mean where you deploy it for free, with the hopes that the increase in traffic (foot traffic) will more than make up for the cost. This model works for coffee shops, hotels, some restaurants, and perhaps even housing or office complexes.
Example (and shameless plug):
I have set up just such a network in the plaza where my office is located, Lake Anne (in Reston, Virginia). We have a T1, and have wired up four of the restaurants with access points. We are using 802.11b, no encryption, no signups, just come out and connect. The restaurants pay us for the access and to maintain the equipment, which goes a long way to defraying to cost of the T1. The restaurants have "WiFi Zone" stickers in the windows, and we are trying to get some local press coverage.Most days, I see at least a few people with their laptops in the various restuarants (one of them is, in fact, a coffee shop). I can hardly wait for the spring, since the access extends to the benches surrounding the dock (the plaza is at one end of a small lake).
For the curious, we use a combination of Netgear wireless routers, Apple Airport Extremes, and a FreeBSD gateway/firewall (with a Sangoma T1 adapter in it-- no router necessary). Our F.A.Q. (a work in progress) covers the most common questions people have to hook up, and the restaurants all have a printout of it just in case . The best part is, it works!