Slashdot Mirror
Wireless APs in Homebrew Coffee Shops?
An anonymous reader writes "Having seen lots of complaints about the overpriced T-Mobile Wireless APs in Starbucks ($10/hr) got me thinking about setting up a wireless AP for the small, family-owned coffeeshop in my town under the tip jar model. I'm assuming ~$100 for the router, ~$500 for a PC to use to control quotas (to prevent over-zealous Kazaa users, block spammers and script kiddies and other would-be abusers) - but what software should I be using? Do enough people have 802.11a/g cards that it would be worth it to invest in that rather than an 802.11b router?" Has anyone considered making a Linux distribution for use by cybercafes, to handle wireless access and anything else such an outfit might need?
"Since this is a medium (50,000-ish) size town, and pretty much everyone in the coffee shop is a regular, would a tip jar model work? I'm figuring suggest a donation - what should I set that at?
Finally, keep in mind that the owner is not a geek - I'd be doing this when not studying (I'm a college student), so this would be set up over the summer, and most of the maintenance would be done on the weekends and/or via SSH.
Any other thoughts would be appreciated."
http://www.austinwireless.net/cgi-bin/index.cgi
T hey've got several low-cost setups all around the Austin area.
Print the WEP key on the receipt, and change it daily.
You can get 802.11b routers for 20 bucks AR now (and why bother with g if it's a tip-jar method).
Further, it probably doesn't even require $500 for a PC capable enough to do the job...if you have any computer shows in your area, you could probably just pick up an old (but reasonably loaded) PIII box for ~$100-$150.
With those kinds of prices, the coffee shop should go for it!
Well....figure on it this way. Each router or access point does not give 11mb (more like 3-6mb in actuality) to each node, but they end up sharing it. I suggest you invest in a switch, a regular router and some access points.
Try without the quotas and stuff first, perhaps bandwidth hogs won't be a problem. This way you don't have to buy a PC. Or perhaps there are routers with these functions built in?
Martin
this is not exaclty what you asked for but if you start to add more internet stations to the mix maybe you will need something like this:
http://www.baspe.com/baspecafe.html
Bluetooth at the local crack den?
I would consider g because of the higher bandwidth support. That higher bandwidth should translate into supporting more simulatneous users in the coffee shop. Assuming of course that the ISP connection is relatively high.
http://www.sputnik.com/ has more of what they are doing now, but 18 months ago I was using their boot-cd linux distro on a laptop to create an AP.
As seen on Wired: Get a free desktop PC
The later versions even do throttling.
Speaking as a small-town WISP, I'd recommend that the coffee shop owner look at it as an advertising expense, and don't bother charging. And from a technical perspective, don't bother with bandwidth throttling, either. Just stick with 802.11b at first, too. See if it makes any difference to the shop's bottom line. If the owner thinks it's valuable, they'll keep it. If you fiddle with it endlessly, they won't see the value.
I'd block Kazaa altogether. Freedom of whatever, blah, blah, but you're setting yourself up for legal action if you're knowingly letting your customers do this... and they're eating YOUR bandwidth for free.
Personally, I'd use OpenBSD to do the firewalling/routing.
HOWEVER, DO NOT USE AN OPEN AP --- FORGET WEP KEYS TOO!
Set up a proxy server for all net access. Rotate the UN/PW combo and as someone else similarly suggested, PRINT THE PROXY SERVER PW on the receipt. This way you'll be protected from MALICIOUS WARDRIVERS.
Even if a lot of people have 802.11a/g cards, you'd probably be best served with 802.11b equipment. It's compatible with the most systems, and serving up broadband to multiple users, you'll probably still have a hard time saturating it to a noticible degree in a coffee shop setting.
Just my $0.02
Even people that believe in pre-destiny look both ways before crossing the street.
$500? Heck, you should be able to get a 500 MHz machine with onboard ethernet, which companies are throwing away these days, for $150. Pop in a $10 ethernet card and install IPCop and you're good to go.
Java Desktop System is taken, I believe. :)
You can do what you are looking to do very inexpensively (not counting time) if you get a Linux supported PCMCIA card and a Toshiba SG-20. The SG-20's are available for ~$200 (Cheaper on ebay I'm sure) and they have a built in 7 port hub, 1 external interface, and a PCMCIA slot which you can put the wireless card into and setup an ad-hoc network for wireless users.
I currently use the SG-20's for a managed firewall solution for small businesses which I run Gentoo on. (You can substitute your Distribution of choice of course)
Do you Gentoo!?
Just get an older computer (200-500 mhz), setup IPCop with some bandwidth shaping and throttle those ports down. Heck, I'd even firewall it to maybe web, mail (pop3/imap, no smtp), aim/icq/msn/irc, and possibly ssh. The next version of IPCop will be even better for wireless setups. For hardware, consider something like the Netgear WAG311 "dual band" adapter, and cover all the bases.
Get a decent dual-mode A/G or tri-mode A/B/G access point, and skimp a bit on the computer hardware.
I would be surprised if you couldn't bring the price down to around $300 in total.
You can set up a NAT/firewall easily enough using iptables on any 2.4 kernel'd linux, but I'm not sure how you could handle quotas and I've never ever figured out traffic-shaping in linux--and I doubt many have.
20 people sharing a single dsl/cable line would not be very practical, so you would have to factor in the cost of a faster internet connection.
Do enough people have 802.11a/g
If you go with 802.11g router it will support both b/g and if you go for a 802.11b router, almost all 802.11g cards will support it.
Although, 802.11g built in cards, (most new notebooks) from my experiance have a hard time connecting to 802.11b. As for 802.11a, forget it, because no one will have a card for this, and it's rare that there is any compatability, because it using the 5 ghz frequency
"After I'm dead, I'd rather have people ask why I have no monument than why I have one." - Cato the Elder, aka Marcu
I have not read the book, but I have looked at the table of contents and the index. The book looks to be a designed to answer many of the questions that you have asked. Hopefully someone on Slashdot has read the book and can tell you if it will help you in your effort to set up a wireless network at your local coffee shop.
Get a WiFi card (I got a Netgear MA311 refurb from Fry's for 30$), an old PC, configure it running FreeBSD to serve as an access point for your wireless network. Here's a great HOWTO:
Configuring a FreeBSD Access Point for Your Wireless Network
CB
free ipod and free gmail!
NoCAT is a nice tool that is available for exactly that kind of project.
See the Linux Journal article at http://www.linuxjournal.com/article.php?sid=6887
Those that go over, you auto-reroute all their requests to tubgirl or goatse.cx
Forget about making a Linux distro for this, everything you want to do is available within OpenBSD 3.4 and it's pf software. Basic packet filtering, NAT, user quotas and general bandwidth managment. OpenBSD 3.4 also comes with BIND9 and ISC's DHCP daemon for serving up IP addresses. Best of all, you can do it for the cost of a $100 PC you pick up at the local computer show (say a pentium pro or an earlier pentium II).
kinda reminds me of people who plan to make a profit giving software away for free...
The prevention of bandwidth hogging would likely require usage of a packet shaper. The only ones I am aware of, are large, expensive rack-mounted boxes for use in corporate environments. I wonder if anyone has a simple, similar solution for use in "Every-Day Life".
I'd start with b, and if the service pays for itself (ie, if people are cool about the tip jar), upgrade to g later, and put a sign up like "the program's a success, so I upgraded!" That way people'll feel like their tips are really contributing.
c-hack.com |
seems like in a smallish town where most/all customers are regular you aren't going to see people in there bogging down the network w/ KaZaA. am i hopelessly optimistic? if this is pro bono work, too, you probably could get folks to donate parts if you really want a PC to be part of the package.
Though this might not be EXACTLY what you are looking for your router pc might want to run a NoCat server, at least force people to authenticate via a "yes I won't do stupid stuff" model and give them the ability to even possibly paypal you the money as well as a tip jar somewhere for it?
Just an idea, and NoCat really isn't all that hard to setup and it can "control" as many waps as you have on the network (mind you it will control EVERYTHING on the network not just the waps) worth a look as several companies and government entities have/are setting up nocat control boxes in the town I live in to control wifi access either so they get paid or so you are forced to accept a certain TOS.
Why spend $500 on a noisy, failure prone PC when you can buy a small embedded computer that acts as an access point and a router? A Soekris net4521 is an excellent choice at $235. You can even get a high power 802.11b PCMCIA card, pigtail, and antenna kit
The OS work is already done for you as well, check out m0n0wall for a complete FreeBSD solution with a fancy GUI config system, or one of the small Linux AP distros, or roll your own. I run OpenBSD on mine.
I see a lot of people already recommending elaborate setups. But really, a simple 802.11b router will do the job. Sure, it maxes out at maybe 6Mb/sec for consumer gear, but how fast is the Internet connection? If you have a 2Mb/sec cable modem it doesn't matter how many users are in the shop, the bottleneck is still the Internet.
I also don't think you'll have a big problem with Kazaa users and the like. It's a small coffee shop, right? Think someone is going to sit for hours and hours just to do that? If you're worried you could throttle bandwidth or block ports...but that's sort of a hassle. If you block say, everything but 80 and 25 I'd hate it when I couldn't VPN to the office.
I would take a survey of the customers to see if this is even in demand or if it would be used by more then a few people.
If there are lots of people interested, you will need to figure a price that will be able to maintain it over time, a bandwidth price/#of customers.
Also in the survey find out what these customers think is a reasonable amount to pay for the service.
If it is in demand and not a financial burden, I would look into getting a Wireless B AP...we don't want the 'creative' customers going crazy with that 54Mb pipe (11Mb should be more then enough for the average customer). Just be sure you have a big enough pipe to handle a bulk load of people and small enough where it's not a waste if money.
"Some things have to be believed to be seen." - Ralph Hodgson
In there is some pretty good information on what NoCat Internet is using for their network, and how to setup you own.
just look at yesterday's slashdot story for proof.
What is the point of offering this service for free? To get more people in the door and buy more coffee?
All this hardware and maintenance costs money and it has to come from somewhere. I've seen tip jars in coffeee houses, it barely pays for more than a few more cups of coffee. Thinking this will cover the cost of this expensive service is lunacy.
Slashdot Moderation: From positive to terrible in 2 "insightful" posts.
We've been looking at approaching coffee shops in our town to expand on the community wireless network. I'm not sure what the atmosphere over there is in relation to wireless but there are several benefits or it like being cheap to set up, publicity if it has internet (eg email over coffee, access work etc etc) and just generally a service to people. Also see if your local wireless group is interested in helping out as it could provide content while you provide coverage. Tip jar idea is good, if it's not effective and you are making a loss on the project increase prices to match paying it off over the very long term. (Even 5c pieces add up.)
I'd say go for it.
I ate your fish.
Brilliant idea! I would make the coffee shop eat the up front cost - and tell him it'll be reimbursed by the first 90 days worth of tips or some such. This gives the owner incentive to help push the service. You also have the problem that, being on the honor system, who's to say that the 5 dollar an hour staff don't see the 'tips' as theirs... Might be worth having a flat rate of 2 bucks a session or something (not enforced, but rather a recommended donation...), but that does cause you problems as a student, being able to service that if there's a problem.
NoCatAuth will do everything you want, check out http://nocat.net/. Also try Sputnik, they have a bootable disto that is basedon NoCat that will also meet all your needs http://www.sputnik.com/
First, if you don't pay more money per month for "resellable bandwidth", then you are in a legal gray area. Your generic office class DSL service is not resellable, so I'd avoid actually charging. You might be able to get away with a tip jar, but I'd forget about charging for the service.
Giving it away free also simplifies administration, and can be seen as an easy and cheap promotion to attract customers.
Secondly, with 802.11g routers costing $79, cost isn't much of an issue. This is a business expense, go ahead and pony up the $30 extra bucks for a decent piece of equipment.
Setting up a wireless access point is easy, as long as the coffee shop is located in a neighborhood where 50% of the residents will have left their 802.11 networks unsecured.
I don't know about you, but I go to coffee shops to get wired!
provides alot of free nodes around Seattle. I would check out their website, as well as the NoCatNet authentication software...
Overzealous Kazaa users? There is some amount of Kazaa usage you'd allow in your coffeee shop? You don't really need a PC to do sophisticated packet filtering... why not just block the ports that Kazaa uses? I also don't know how you could "filter" vaguely defined script kiddie activity.
My wireless-basestation-included broadband router cost $55 with a $20 rebate, and you can block ports and ban MAC addresses with it (you have to assign the MAC address to a certain ip range, and then block that ip range), btw.
A lot of what your talking about has been deployed to over 20 buisness locations and a horde more home sites here in Portland Oregon by a group called the Personal Telco Project.
http://www.personaltelco.net
We use NoCat on linux based boxes and it covers most of what your looking to do. You can set up Auth or simply a Splash, you can do throttling, shaping and the like, you can set up local content areas for biz and community use.
Its amazing what older PCs and low cost APs can do. Most of the stuff is easy to install, the few rough spots, like NoCat, have been feild tested and methodologies have been crafted to make it easier to set and and maintain.
Come on over to the url posted above for more information or head to #ptp on irc.freenode.net and ask for more info.
Poor little clams! Snap! Snap! Snap! Poor little clams! Snap! Snap! Snap! Poor little clams! Snap! Snap! Snap!
In my old neighborhood the local indi coffee house is Common Grounds. They have set up something similar (free access, tip jar to help pay). It couldn't hurt to drop them an e-mail and see how they've set things up.
NoCat is a very good way to go, software-wise, if you are looking for a stable and well supported mesh network authentication system.
Even for just one AP and a cafe.
http://www.nocat.net
IRC channel: #wireless on www.freenode.net
"Don't worry about the problems you have in mathematics, I assure you mine are much greater." - Einstein c.1919
I know this may not be what you expected the answer to be...
The company I work for(in no way represented by this posting, or any other I make.) sells firewalls made by Zyzel, so we get their ads in the mail too.
Recently we recieved once for a simple hotspot setup: it was a wireless ap and a small bill printer. You walked in and pressed the button, and then could access the network, when you were done, you pressed the button again and it gave you your bill to pay(or free if wanted). I don't know the details on it, but look it up: Zyzel ZyAIR it's not too expensive and should "just work".
Enjoy!
On Arrakis: early worm gets the bird. Magister mundi sum!
Traffic shaping is available by default and pretty easy to set up, and it runs well on cheap old hardware. You could invest a lot of effort hardening a Linux install to match what OpenBSD has by default.
There's provision for requiring authentication on wireless connections. Even with a tip jar model you may want that.
Keep WEP turned off (yes, you just heard that from a security consultant!). WEP doesn't match your security model 'cause it assumes everyone using the same key trusts each other. Since it doesn't do what you need, it's not worth the cost in inconveniencing the customers.
Turn the power down on the access point. No need to provide service to people across the street or down the block.
incorrect, he stated that he wanted to build it himself, and then do troubleshooting via SSH whenever it was needed. If you follow a simple HOWTO on how to make a Linux or FreeBSD accesspoint, you can make it work. Once it's working, it'll "just work" from then on. If you don't have faith in a solution like that, then go another route, but I've been running a similar setup at home for 1 1/2 now, with no downtime -OR- administration needed. I'd like to see a MS solution that could do that...
CB
free ipod and free gmail!
Seems to me that the PC is just another expensive thing to break. Look for a high-end wireless router that will supply whatever functionality you need in a self-contained box, and leave the PC out of it, at least until some need actually presents itself. You can probably find a decent router for under $100 at current prices; still much cheaper and simpler than $20 router + $200 PC.
More like Notooth.
Slashdot - where whining about luck is the new way to make the world you want.
How about just setting up some terminals for people to use? Remeber, not everyone has a laptop.
The 500 bucks would be plenty for a server if you want to set up 10 - 20 terminals on old junk hardware.
I recommend using Icewm with the XP theme (for familiarity) and mozilla. Open office would be nice too if you want to let students do some homework on them.
This is extremely simple to setup using K12LTSP and for the most part you don't have to worry about people hogging bandwith with p2p apps.
"If they have both, tell them we use Linux. And if they have that, tell them the computers are down." -Dave Chapelle
I don't think the tip jar will pay for the setup, but I suspect customers may come and drink more coffee, so it'll be worthwhile even as a learning experience.
Go with 802.11b. Your internet connection isn't nearly fast enough to saturate 11Mb/s. Use an access point that goes to an ethernet card on the computer, which has another card that goes to the internet. If you want to run a wired or private network as well, hang a third card off the computer and make sure no one can go from the public network to the private one, only to the internet.
Then go wild with the linux. Be aware that the more programs you run, the more vulnerable you are to attacks. You'll be ssh'ing in every month to update the software if you use any new software that hasn't undergone the rigors of years of public internet testing.
Alternately, use an AP/Router combination. Make sure you don't skimp. Many have ability to block ports, limit usage, etc. You won't be able to prevent spammers as easily, but your ISP will tell you if that' becoming an issue. If so, put in a box later.
-Adam
I assume that you are doing this to bring more people into you shop or keep them there longer, rather than trying to make a killing selling the net access...
I would suggest changing the password daily, and giving it away free to people who spend $5+ (?) when they come in. Anyone else can pay 50 cents extra for it. It would be sort of an honor thing for people to not pick up a slip laying around and surf free.
I think anything that requires you to give out individual passwords would require you to raise your price on access by $1 just to cover the administration. If you don't change passwords regularly, people in neighboring businesses are likely to start using your connection.
Keep in mind that you will be providing a connection that could be popular with people trading kiddie porn if you are not careful. I would recommend putting a bandwidth cap of 128/16kbps or 256/16kbps to keep the roaches off you net.
Hopefully you already realize that you will be violating the TOS for any household internet account. Buying a business account will likely double the ISP cost.
I set up a wireless system at the Brew House in Cincinnati, which gets a fair amount of use and which has helped bring new customers into a neat neighborhood bar. When we first set the system up, we had all sorts of rules and regulations, and we were putting considerable effort into keeping track of who was allowed to use the system and making sure that users were "registered". We dropped all that, because it just wasn't worth it. Our costs for the connection are fixed, and the more people who use it, the better we like it. Now there are just four rules: keep it legal, keep it clean, keep it civil, and have fun. And we rely on the honor system to enforce those.
With regard to 'g' vs 'b' standards, the only purpose for the wireless router in a pub or cafe is to connect to the Internet, and a faster network doesn't improve that connection. Even at cable modem speeds, the Internet connection is still considerably slower than an 802.11b LAN.
For the Brewhouse system, we scavenged a couple of old PCs from customers and loaded Linux on them, and we got a wireless router on sale at MicroCenter for $40. The cost of a business connection to our local cable is the most significant cost we incur, and the proprietor thinks that is worth the buzz it creates, even if it didn't attract new customers.
Richard
Everything possible to be believ'd is an Image of Truth - Wm. Blake
I set up these types of systems for hotels. I've found that Nomadix and Colubris both make access points with authentications servers built in, perfect for your goal here. They both support limits on a per session basis, etc. Probably in the $500 - 1,000 range for the entire project.
I have a Centrino notebook and it has no problem connecting to my LinkSys WAP11b at home or the Cisco (don't know model off hand) b at work. I was under the impression that almost all g/b can connect to each other...
"Some things have to be believed to be seen." - Ralph Hodgson
I'm using one of those old, flatish, 66MHz gateway desktops (bought from the local used computer store for $60) running OpenBSD with a wireless card and an ethernet card. I've been running 128 bit encryption VPN, NAT,ssh, etc. on the same box without a problem for a year or so now.
A lot of 802.11g networks will automatically downgrade if there's a single 802.11b on the network. So you might was well go with b. Besides, you're talking about basic internet connections (POP3,SMTP,FTP,HTTP, etc.), not peer-to-peer applications or client-to-client filesharing. 1 Mbps should be enough for anything but downloading ISOs or DiVX files ...
The end result of this is a small integrated PC with no moving parts, and mounts it's file-system read-only so no worries about corruption, with a built-in access point. These work great, and are a bit larger than the size of a VHS casette.
I've deployed a number of these, and they are rock solid. Plus, they have advanced routing capabilities thanks to Linux, and the ability to block infected or abusive users from re-associating with the AP.
As far as going with 802.11 a or g... You must be pulling in some pretty mighty bandwidth to need to use something faster than 802.11g. Pebble includes "MadWiFi", a driver for some a/g cards, but I haven't used it.
Sean
why not get a wireless router that will handle all of your DHCP, DNS, Firewall etc...
that way you don't have to have any operating system or anything that will just confuse "mom and pop". if they've got this box that just plugs into their ADSL line and if things go wrong they turn it off and on again?
something like this should do the trick nicely.
For the quota support, you could use a FreeBSD firewall with ipfw/dummynet traffic-shaping for the entire subnet. Granted, you'd have to slice it up on a per-IP basis for good quota support, but it still works great for me. You could set up WEP for security. If you are really anal about security, you could set up the firewall or another computer as a VPN server for the extra encryption.
Oh, and my opinion on the wireless stuff.. Stick with B or G. I always hated A. It never worked quite right for me, but I've had few negligible problems with the B/G stuff.
Is there any reason for a 'free', public setup like this to allow any traffic besides http and smtp? Maybe some of the ports used for AIM-type chat services?
Set up a proxy server for all net access. Rotate the UN/PW combo and as someone else similarly suggested, PRINT THE PROXY SERVER PW on the receipt. This way you'll be protected from MALICIOUS WARDRIVERS.
:)
Does this mean you go war-driving without coffee??! What are yo thinking?!!?
If your uplink is limited to some variety of broadband/T1, then the 11Mbps provided by 802.11b will saturate your uplink 10x over. The only reason you'd need 802.11a/g is if you have some uber uplink, or you'd be doing a lot of in-coffee-shop file transfers.
Seen the price tag on Win2k3?
To debunk the metaphysicist, one needs only to take him outside and throw a rock at his head. If he ducks, he's a liar.
My local coffeeshop (which I visit often) has free 802.11b, no keys, no starbucks T-Mobile bullshit, none of that. They already had a computer because they are playing music a la winamp... Free is the only way to go, for less than 100$ you can pick yourself up a cheap ass 802.11b setup, and really if anyones abusing, just walk around and see whos got a goddamned laptop and whats on their screen. This is a coffeeshop we are talking about here, not a S&P 500 corporation... Keep it simple and free, after all it costs next to nothing anyways.
future shocked
As for access control, I heartily suggest mac address whitelisting. I don't know how this would most easily be done, if you use an AP then you have to use its web interface (I don't think you can use SNMP sets for this) but if you just stick a wifi nic in your router PC then perhaps you can do it with firewall rules like anything else; block all traffic on the wireless interface by default, and "manually" add mac addresses. They're easy enough to find through hardware if they are external/removable or through software if not. (On Unix use ifconfig, on Windows use ipconfig or on older windows, winipcfg, I have no idea on Mac, but you might be able to ifconfig there too if the user has installed the BSD system.)
WEP gets to be a pain in the ass. Easier to just avoid it and whitelist macs. Clear all the whitelist entries when you close automatically, and start again on the next day.
For home use I advocate VPN as the solution to wireless access control; just block all non-VPN traffic but DHCP requests. (I'll probably allow ssh to the local subnet also, but maybe not.) The only way someone can really hurt you then is a DOS attack based on acquiring all of your available DHCP leases. This way you never have a chance to send unencrypted data. But, this won't work so well in a coffeeshop, because everyone has to have VPN installed (which happens by default on windows but you can't count on it) so the mac tables are a better solution. Meanwhile people should not be counting on wep for security anyway, so it's sort of irrelevant if you use it or not.
Of course, someone might be able to sniff and spoof MACs but if you expire them at closing time then they're going to have problems doing so.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
My broadband proider prohibits connection "sharing". While this would be easy to hide in your home (proxy, IP sharing) I think a business would be a different matter.
I would ask what the "extra" charge from a provider would be.
www.thejulingtoncreekplantaion.com
NoCatAuth is all you need. Throw security out the window when thinking about this setup. Unless you're using WPA with AES-256 encryption, in addition to being locked down by MAC address, security doesn't matter. Figure out a way to deny a few ports that do nothing but cause trouble (TCP 135, 137, 138, 139, etc etc), and you should be fine. This is a FREE service for customers. If they are all regular, and this is a small town, why would anyone care about wardrivers, bandwidth smokers, etc etc? The service is probably being offered to get people to come in and buy more coffee on a regular basis. If I could sit in a coffeeshop all day and do my coding with access to GOOD coffee vs sitting in a cubicle all day doing my coding, where do you think I'd be? Making the setup overly complicated when it comes to security doesn't allow anyone easy access or whatnot. What kind of moron is going to sit outside in their car on some street just to get free internet access?...in the middle of the winter? You all smoke crack.
Our non-profit uses a simple b router to a dsl line, with the overall speed throttled down for each user via the routers own internal software. There is also a PC plugged into the router. The PC is $2.00 an hour with a penny jar for printing.
The number of customers that use it is amazing, and the draw of clients far exceeds any need to charge. We hung a sign on the building that says 'Free Wi-Fi' and people starting coming like mad.
It is an awsome way to add value to your business.
Also if your bent on charging, do what we did.
On our PC we let people use it for free for 3 months. Got them hooked on it and then we put up a sign warning people about a nominal fee that would start soon, then we started it.
Worked out fine.
Good luck!!
Rick
--Still waiting for that awsome sig to just leap out at me..--
My suggestion would be to speak with Eje at www.wisp-router.com
:)
He is great at helping out with this kind of setup.
I suggest you use the MikroTik, or StarOS solutions for this.
Eje can tell you how to do a lot of things such as making something print out on the receipt.
I would say you could do all of this for under $300 installed and operational.
MikroTik can limit all the stuff you said, and it is a linux distro. Even comes with a decent windows gui. Checkout the www.wisp-router site though for pricing and etc. He is in the USA and the folks from MT are in Latvia..needless to say its not always easy getting in touch with them or getting parts. But www.wisp-router.com has ALWAYS been a great solution.
As for the tip jar, well I just don't see that working very well. But setting up a hotspot authentication system and charging a few bucks will help out.
I am a WISP so, looking at this I see a lot of ideas.
I found a homebrewed KIOSK that the guy says has a hotspot in it. Also he said that the kiosk itself is making like $800 a month...doubt you would see that kind of return but would be nice
Over 50 comments so far and not one person (above my threshold) has mentioned the obvious issue of the service agreements that come with most DSL and cable service. Namely, you can't resell it or use it for commercial purposes without permission.
Everyone's going on about the hardware and software configurations. Ways to make it cheap. Ways to make it easy. Ways to make it reliable. However, they're missing a very key point. You've also got to make it legal.
Talk to the ISP first and make sure you can use your connection in this way. Also, I can't stress this enough: Get it in writing! Yeah, you'll have to pay a bit more for a commercial account (my cable company starts commercial service around $80/month) but it's better than spending 6 months building up a wireless customer base only to have your service shut off without notice.
But we're not charging and the isp (covad) requires email authentication through their servers for any smtp traffic- it would be very difficult to control web based mail.
we basically set it up as a free spot, as the owner didn't want to take any time away from the bartenders serving beer.
it's just a 1.5/384 adsl line from covad with a zyxel prestige 645 and a linksys wap54g- g is easy because it's fully compatble with b and only a slight price increase, I wouldn't mess with a.
zyxel makes a great 'hotspot in a box' that features the reciept printer and seems to do a great job overall. I think it was about $600 at that time.
funny, I submitted a very similar 'ask slashdot' in july and it was rejected- I don't even attept to submit stories anymore, I know someone else will eventually and it will be accepted.
Creationists are a lot like zombies. Slow, but powerful and numerous. And they all want to eat our brains.
Wow. Let the hate roll. According to your logic the massive cost and unreliability of ms windoze will make it unappealing to the average user also. So why should anyone bother to do anything because it is all too hard....
When the only tool you have is an ax, every problem looks fun.
Wouldn't easy to use Free with Purchase wireless bring in more business? Seems to me, if a coffee shop in my area had wireless access for paying customers, I would certainly visit their often. The only coffee shop in my town that offers wireless has a subscription based deal sponsored by Intel Centrino that charges your credit card for your usage. When I heard that they were setting up wireless, I was planning on visiting there very often. But when I found out how much of a hassle and that there would be credit card charges, I have never tried it out, and I have yet to seen a single person using it. If someone where to setup a free with purchase wireless setup that would generate a 30-min bandwidth limited temporary username/password, Im sure that the extra business would over the cost of the equipment in no time.
The way I see it, you should just forget about WEP keys, filtering, tip jars, and all of that crap. You are in the coffee shop business, not the cybercafe business.
Here's what I think you should do:
1) Get the cheapest DSL connection you can find in your area.
2) Buy as few low-end 802.11b AP's as it takes to provide coverage to your shop and store front (assuming you have tables out front or something).
3) Configure the AP's for public access, and use your shop's name for your SSID.
This will provide a decent level of Internet service for your customers with the minimum of maintenance and effort on your part. Most importantly, it will let you focus on your core business, which is coffee and sundries. Think of the Internet service purely as an amenity, like piped-in music or a TV in the corner, and treat it as a cost of doing business, not a profit center. Don't worry about how good the Internet service is, just concentrate on the coffee. Most people won't complain (loudly, anyway) about the quality of an amenity they are getting for free. Just set the appropriate expectations. The key phrase is... "best effort".
This will accomplish the real objective: bringing people into your store to buy your product, and keeping them there as long as possible (because hopefully, the longer they stay, the more product they buy), while at the same time minimizing your cost and overhead of providing the amenity.
Why don't use a WLL router like DLink DL614 with 4 Eth ports, WAN port and WLL AP. This one have its own firewall so you can disable some ports to avoid Kazaa, etc
Why pay $500 for a PC?
An Xbox modified to run only Linux is $100, and is a Celeron 733. Surely this would be fast enough for your needs. It has 4 USB ports also as well as built in 10/100MB ethernet. I use one here as a NAT router/webserver etc, with a 100MBit USB ethernet card for connection to my DSL modem.
Don't overlook them, they are cheap, small, and make good servers!
See http://xbox-linux.sf.net for more info.
David
ask these guys for tips, pointers, and experiences: Traverse Community WiFi It sounds very identical in city-size and aim to what you want to do, and they seem to have made it work.
It's relatively cheap, and your local coffee shop won't need a geek on-site to set up and maintain it.
Fight Spammers!
Havn't you ever noticed that there's only ever one or two comfy chairs in starbucks? When people are only dropping 1-5 bucks, you can't have them sitting there taking up real estate for 3 hours. Turning customers over is a huge challenge for coffee shops - you want to maintain the appearance of being a friendly place to come and have a coffee, but dont want 20 customers sucking up your seats for the entire day either. Being that you are in a smaller locale though - this may be less of a problem than for a coffee shop in a major metropolis dropping thousands a month in rent for 800 square feet.
While it's cool to have a PC running Linux to do other stuff (accounting, monitoring, perhaps even authentication in the future) I'd be loathe to make it a mission critical component of the infrastructure since there's nobody around to fix it if for example it had a hardware failure. That $500 (or $150 as someone else suggested) would probably be better spent on a backup Access Point/Router.
http://www.linuxjournal.com/article.php?sid=6887
We have a few in the UT campus area already. Mojo's, JP's Java, Flightpath, and Lava Java all have setups, and there may be more. They all either signed up for a cheap business cable modem or DSL (speakeasy.net has a good policy - we don't care what you do), put a sub $100 linksys router, and don't charge extra for access. Initially, Flightpath was the only one with wireless. JP's was second afaik. The other ones had to install 802.11b just to keep their business up - free markets at work! At times it does get slow because of people abusing kazaa, etc, but I don't think its worth enough effort to warrant QoS or other traffic limiting. Even when its bogged down with filesharers, I can still browse ./ and check my email, run ssh sessions, etc.
Most HP/Compaq notebooks (2100us, 2500us) are just a couple I've delt extensivly with.
Although some people I've talked to have had the same dificulty with their dell notebooks
"After I'm dead, I'd rather have people ask why I have no monument than why I have one." - Cato the Elder, aka Marcu
When deciding if you're going to bother with 802.11b or g, you need to ask yourself what you're going to use it for. It is unlikely that your inbound pipeline will be more than 12mbps, and it's also unlikely that the users will want to spend a lot of time swapping files. Intranet gaming also takes much less bandwidth than this for the ten or so machines that the typical router will support. With that in mind, 802.11b should be more than adequate.
A warning, though. Don't go into this assuming that it'll be maintenance free. I run one of these for the local neighbors, and they're regularly calling me up to find out what's wrong with the connection. Run it for a month or so without charging people. This will both hook your customers on the idea of having it available, and give you the time to figure out the best location of your router, how much regular maintenance your system will take, and if it's worth your effort.
Wake up - the future is arriving faster than you think.
Even if you only get 2MB, why does it matter. It is still much faster than dial-up and still as fast or faster than many DSL and cable modems.
Fight Spammers!
Get access point, router and quota capability in one machine.
Start at IdotPC Which appears to be down now.
Add a wireless card, and install software from here:
Mesh AP site
Use Linux skills to setup whatever routing or traffic shaping you need.
My wife saw the ads (targeted toward your average laptop-toter, it seemed) for wireless access at Starbucks, so, deciding it might be a nice break to work from there instead of the house, she went only to change her mind when she discovered the price. My point is that if she was handed a receipt and told "Here's your change and your WEP key", she would have said, "Uh... what?"
So long, michael. Don't let the door hit you...
This is no longer true. I went to a comedy show at a local coffee house and there were at least six "stylish" females there with laptops. [No males with computers.] They weren't there for the show. They were there to write papers and socialize while they did it.
This is not a political statement. This is not legal advice. It's a frick'n Slasdot post. However: I'm Running For
There are multiple coffee shops in my area (Amherst/Noho, MA) that just let people hop onto the network. Most people just want to check their email and/or surf the web. Sure, there may be the occassional kazaa user, but for the most part, the activity seems pretty innocent. They've been up and running for a while now, and I haven't heard anything negative. Is is completely safe? No. But, most of your regulars probably aren't looking to participate in illegal activities...
A small coffee shop I do side work for was looking for a similar solution, but wanted to be able to sell time to people without having to buy in to one of the larger deals (T-Mobile, etc.).
We found the ZyXEL ZyAIR B-4000, which has all that they need. It has (built-in) a four-port switch, NAT router/firewall, and wireless AP, and includes a thermal printer that does a one-touch purchase of wireless time by communicating with the AP over the LAN.
The AP is configured to isolate the wireless network from the LAN (DMZ mode), and authenticates the users through an SSL encrypted access page.
While the unit was rather pricey ($600ish), it's a no-brainer both economically and time-wise as there is nothing to really maintain...no computer to die, software to be corrupted, maintenance, etc. I find that it is a much better decision for them to pay a little more up front to have something that requires little to no intervention and will just run...
------------------ D. A. Davenport: http://www.firebin.net
first off, long term maintenance will be a problem. once you move on to a better job, the owners will have to deal with the networking themselves. so build them a system that's hands-off (ie. doesn't need patches :), or that then can administer themselves.
:)
:(
:)
i'd stay away from deploying your own linux-pc-based solution for as long as you can. a hardware box that includes all functionality would clearly be best, even if slightly more expensive. eg. a wireless router with bandwidth management. something that, once set up, remains easy to use. unfortunately i don't know of any specific models that would do exactly what you want. you could always talk to the manager of some starbucks, or borders bookstore, and ask them what they use.
second, i like the idea of not going with the subscription model. my local coffeehouse just deployed wifi (using facefive), and when they did a test run for free, it caused quite a stir - a lot of people were coming in for the internet, and i think buying more. then they switched to the subscription model (only barely cheaper than starbucks), and it stopped.
and while anecdotal evidence proves nothing, i just mean to say that a tip-jar model, even if it doesn't bring explicit income to cover wifi costs, should cause increased traffic, especially from students. this should translate to higher sales, and most likely also longer table occupancy. you should do a test run for three months, and see whether it pays off.
and when you do that, please post the results!
My other car is a cons.
This may affect your decision.
Weird, mine is a Dell (600m with a PRO/Wireless 2100, the non-Centrino ones use the Dell TrueMobile cards) the most problems I've had was getting the card working with Linux
Do you know what the cards/APs were that gave problems? I would think it's a manufacture/software problem some how
"Some things have to be believed to be seen." - Ralph Hodgson
Just get a broadband connection and put in an AP. Leave it wide open and don't give it a second thought. You're running a coffee shop, dude. Not a computer lab. Concentrate on your core business. Your customers will be more than happy to respect you and there fellow users.
I wouldn't mess with an 802.11(a|b|g) router. I'd go with a basic access point and use a Linux or FreeBSD box for the router. You can run DHCP to hand out addresses, one of several Radius servers for authentication and accounting if you want to use individual accounts with passwords, and the rate-throttling features in the Linux/FreeBSD firewall to prevent hogging and lower the boom on the problem protocols (eg. SSH goes full-bore but the Kazaa ports are limited to 1K/sec).
We've had this discussion SO many times - it isn't illegal, and xbox-emulation.co.uk hasn't been sued out of existence.
I believe there is a patch for the Linux kernel to make a box act as a Traffic Shaper. http://sourceforge.net/projects/l7-filter/ Here is how I would design it: Buy an old PIII or Celeron Box, hook it directly into the internet connection, have another NIC plugged into the rest of the network. Buy a wireless access point and hook it into the network. Configure the Linux box to be a router, DHCP Server, and also shape down P2P traffic. Or, another suggestion would be to use a transparent proxy, something like DansGuardian (www.dansguardian.org). That should keep the P2P stuff out, and keep the kids from surfing porn. I like the idea of the "tip jar" this way, the cable or DSL company can't charge you for a business account, since you wouldn't be "selling" the bandwidth.
I just bought a new wireless / dsl router from netgear at compusa. 99 bucks plus a 20 dollars mail in rebate. It's G and B compatible.
I go to one of these places listed (JPs Java House) - they have free unlimited 802.11b access for anyone. Very nice.
Overall, I think that your idea is great. I think you are making a bit more complex than it needs to be. If you want to have quotas that is fine, but why not just put up a 802.11g router (they are cheap) and allow open access. If you want to make sure that people buy stuff to get access - they do what another post says - WEP key on reciept, changed daily (sure, not hard to get around, but more of an honor system). And sure - put up a tip jar - clearly labeled with something like "FOR THE SUPPORT OF OPEN INTERNET ACCESS" or something like that. Heck, with this setup, you could be ready to go tomorrow (not next summer).
I say just go simple. If you make access easy and pretty much open - people will come in just for that. Especially in a college campus area - simple and pretty much unlimited will probably draw a solid crowd.
RonB
It is human nature to take shortcuts in thinking.
Meant xbox-linux.sourceforge.net
I agree with the ones who say to turn off WEP. In fact, I'd go one step further and say that you don't even need to traffic shape given your small town/regular customer base. In all likelihood people aren't going to be downloading porn in an open/public atmosphere. Start small, with only the router/access point - this keeps the cost of equipment practically negligible. Your main cost will be the ISP connection. You can always scale up later. Just remember that once you offer the service, it may be difficult to take it down. Your customers may not like it.
If you're really concerned about people downloading illegal stuff, then you should let your customers know that you're prepared to unplug the service if this should happen.
I'd say that the only thing that you should be concerned about is that some people may plant themselves in front of a station for a dollar coffee and not move the entire day. Unless if you're going to charge for access, there's not much that you can do in this regards (with the minor exception of not offering power outlets).
Good luck!
Sticking with a lower speed card helps limit the "over agressive Kazaa" users.
What kind of popularity are you expecting?
20 people sharing a single dsl/cable line would not be very practical, so you would have to factor in the cost of a faster internet connection.
20 People sharing a modest DSL/Cable line is entirely practical.
I used to run the computers for a schoold district, just not so long ago. Several high schools (4 to be precise) and 5 middle schools all shared the same T1. Realistically, a maximum of 80 people would be using it pretty well at any given time. That's 10 students per lab, with a few in the library, per school.
Unless they are abusing the system (which we pretty much didn't allow--very tight restrictions, and everything went through a good proxy), and bandwidth shaping was in place, it worked perfectly. Average speed downloading even large files was more than adequate (30KBps+ at peak times), and latency was generally very low.
A cable link for 20 people who are just searching or reading and surfing is more than sufficient. Heck, a few of them could be streaming 128Kbps MP3s and, there would still be more than enough to go around.
The local coffee shop I visit has there Internet service provided by Air2Lan. Basically, Air2Lan drops a connection to them and they have a 802.11b/g AP on their end, open to anyone wanting to use it.
It's one of the cheap linksys ones. There is no big deal to use it, you just come in and connect, or sit on the patio, or whatnot. They even put a few six-outlet strips around the room.
They now attract many more customers than they did in the past, and for the most part, people don't have to be forced to buy in order to do so. After all, you sort of feel obligated to have a mocha or whatnot on the table next to you.
The only thing they do in the line of security is to cut it off each night when they close. To simplify that, they wired the AP's power to the same switch that controls the "open" sign.
Don't over-think what you're trying to do here. You want it to be easy for new customers to come into your store and enjoy your main product. Drop the obsession with "securing" everything and "limiting" what goes on. It's just a waste of your time.
-- Mark Lyon http://www.marklyon.org
The coffee house I've been frequenting (Mudhouse in Springfield, MO) has free WiFi for anyone that comes in. No WEP, no fees, no nothing. In fact, they just have a consumer SMC access point, and I'm guessing that whoever set it up was a non-techy. Anyone can access the admin functions by using the web interface, and while there is an admin password, if you know the name of the coffeeshop, you could change that too.
So how does this work? How come they haven't been hacked or had tons of b/w leeches? I think all this works because the coffee house was a pretty decent community to start with. It serves the local college kids, is part of the monthly art walk (they act as a gallery for a local artist), and you'll usually see/hear a group of teenage/college-age church groups, and lots of people who just want to sit and chat and have coffee. There's an honor system, and it seems to work. (Case in point would be my accessing the admin functions, but not changing anything, just taking a peek to see what kind of setup they were running.)
I'd estimate the coffeeshop seats maybe 60 people, and you'll see maybe 3 or 4 laptops on a Friday or Saturday night. The model probably works cause the kind of atmosphere the coffee shop has - they have board games you can borrow, and there's almost always a group playing Scrabble, and usually a group playing Skip-Bo or some other card game. They also have two large bookshelves filled with books (it seems to be a popular site for people to release books from bookcrossing.com).
I'd imagine in a town of 50k, just plugging in a WAP would work fine. All these people suggesting traffic shaping, changing WEP keys daily, etc etc might want to consider that a social solution might work just as well as a technical one in this case.
Over Christmas, my D-Link wireless rotuer (B) died.
I had a Soekris Net4521 and a D-Link DWL-650 wireless B card laying around.
The Net4521 is a 133 MHz AMD Elan (486 compat) system with 64 Mb of RAM, a CF slot, 2 10/100 ethernet ports, a mini-PCI slot and 2 PCMCIA/Cardbus slots. It is small (10" x 6" x 1/2") and not very expensive ($235 for 1).
Pebble Linux is a Debian-based distro designed for the Soekris line of boxes. It includes NoCat Auth, Mad WiFi and HostAP tools for making your own WAP.
You'll need a minimum of 64 Mb CF card to load it on, though it boots read-only and runs in RAM. You'll also need a wireless card that supports Host AP mode.
The whole setup cost me less than $300, and it is more than just a WAP. It is a real linux box with SSH, auditing tools, logs, etc.
Soekris also makes the VPN 1211, which is a mini-PCI crypto accelerator. From what I've researched, OpenSSL supports it for offloading SSL/TLS transactions. I'll be testing this out over the rest of the week.
The Net4521 also has a hardware watchdog, for resetting itself in case of problems AND supports power over Ethernet (802.3af) for those hard-to-find-juice locations.
If you're really ambitious, plug in a B/G card and an A card (second PCMCIA slot) and provide the whole spectrum of coverage. Let me know if you find a G or A card that Linux can put into HostAP mode, though.
Good luck.
-Charles Hill
Learning HOW to think is more important than learning WHAT to think.
I used a Pentium MMX 200 with a PLX-based adapter and a normal PCMCIA Card to do wireless service at home. Total cost now is probably under $100-$200.
Look at NoCatAuth for wireless handling.
--
# Canmephians for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.net";
This doesn't address the issue of hardware but...
o /map_tok yo.html]
In Tokyo there are many local coffee shops that provide free wireless to their customers. The Japanese have taken the term "Freespot" to distinguish between those hotspots that require you to be subscribed to some service, like YahooBB [http://bbpromo.yahoo.co.jp/] for example, and those that you can just jump on.
These FreeSpots usually don't have any security on them at all, just walk in (or hang around outside), open your laptop, and off you go. I lived in Tokyo last year, and didn't even have my own ISP, as you can always find a coffee shop to grab email and get some work done when you really need it anyway.
Here is a list of some freespots in Tokyo.
[http://www.freespot.com/users/place/kant
You've only considered capital expenses, not operational expenses... like bandwidth. Even if you get a low-end business grade DSL link, you're talking around $100/mon. In the long run, that will dwarve your capital expenditures.
Here is *exactly* what you need :i nde x.html
http://www4.tomshardware.com/network/20031016/
According to the review, it is a "802.11b Hotspot router aimed at the wireless-with-your-latte Mom 'n Pop store-owner. Includes receipt printer"
Shouldn't the title have read "Homebrew Wireless APs in Coffee Shops"?
The coffee shops aren't "homebrew".
Dlink has a product, DSA-3100 that would take a DSL connection and provide a "trusted" network segment, and an untrusted segment. Toss any AP into this "untrusted" network and attach the reciept printer, and there you have a "push a button" reciept that would have login and password info, so as to limit someone to a time you determine.
;)
ZyXel's solution is a lot less configurable, but a little cheaper.
In the end, you need io ask yourself to what level do you want to support this coffee shop, and what would happen in the event that the PC running this place died the night before a final
This is exactly the approach I took when setting up a similar hotspot. I published some of the technical details here. We use mostly Netgear wireless routers, and a FreeBSD box for the core firewall/gateway.
I don't get it. Why is the "Ask Slashdot" questions always stupid? If you are capable of running your own business it seems like you are capable at doing your own research instead of going to a bunch of people who will just "shoot from the hip".
"Linux distribution for use by cybercafes?" What kind of insane crap is that? Yes. we need yet another distribution that won't be maintained properly. What is wrong with getting RedHat or Debian or SuSE and putting your cafe's logo on the desktop. If that's all you actually need.
Also a computer to manage your wireless network isn't going to cost you $500. You've obviously not done any research what-so-ever.
I don't blame you, but I blame whoever decided to move your post up to the front page of the site. Of course 100 morons will throw in their 2 cents to this post and feed you tons of misinformation, you should probably ignore all the "answers" and move on.
“Common sense is not so common.” — Voltaire
50,000 people isn't a huge customer base. Is there any demand at all in this town for such a service? I assume they've at least seen people in the shop using laptops? I think it's a great idea but if there's nobody to use it they'd be dumping some VERY hard earned cash away on it.
This might be a little off-topic, but the ZyXEL ZyAIR B-4000 has come in handy for a number of small wireless POPs I've talked to. Basically, it's a self-contained AP / billing / access control system that's available for ~$700. There's a Tom's Hardware review here detailing a bit about how it works. In short, you program the buttons on the front for whatever time/price you want, and the receipt printer spits out a serialized receipt containing a password which will allow the user's machine to access the network for X period of time. Nice and simple for non-techies to operate.
/week this way, the price would remain cheap, the hardware would be reliable, and easy for anyone working the coffee shop to use.
I'd imagine that if you did a $5/day or
Just use the MeshAP software from Locustworld, register your box's hardware key with WIANA and under the administrative menu there set the traffic shaping the way you want for the over-zealous P2P users.
Seastead this.
We're doing just what you've described, although the cafe pays for the hardware as opposed to a tip-jar model.
We have lots of documentation at our WIKI. The NodeSetup page might be exactly what you're asking for.
One thing to consider is that there is a problem with using a 802.11g card in that the backward compatibility with 802.11b works such that only one standard can be in use at a time. So, a single 802.11b NIC on the wireless network will make the router drop to 802.11b standard and all of the 802.11g NICs will be stuck with the slower speed as well. This means you only get the added speed gains for 802.11g if every single device in range is using that standard. I believe the manufacturers are looking into addressing this with a possible firmware upgrade, but I'm not sure where that stands currently.
Are customers paying per cup? If so, the tip jar should be sufficient. Why? The goal is to keep customers there buying more cups of coffee. Increased coffee sales should offset what the tips don't cover.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
Use ipfilter, which has a nat module built in. Works like a champ. I've used this setup on FreeBSD and OpenBSD, even on older hardware (200Mhz Pentium Pro) it can handle 3 zones on a (almost) saturated T1.
This shouldn't be too hard. Let's look at the issues:
PC (FOR CONTROL) - the owner probably already has one. spreadsheets for payroll etc. Many ap's can be controlled with just a browser.
TECH SUPPORT (FOR CUSTOMERS) - don't do it. free internet access, but customers must set themselves up. Besides, if someone is lost, they could always ask someone else with a laptop to give a hand.
SECURITY - two options. As many have pointed out, WEP Key on receipt. Or, just have open access (sounds crazy, but so is anybody who submits sensitive information to a non SSL page). Either way, have a disclaimer posted.
QUOTAS (referencing the Kazaa statemnt) - port blocking would be easier. Still, I would wait and see if this is really an issue.
MONTHLY COST OF INTERNET ACCESS - That's the real cost that matters to the owner. That and whatever you charge him to support the thing.
-t
http://unmoldable.com W:"No one of consequence" I:"I must know" W:"Get used to disappointment"
A little bit of time searching tech support revealed that the card needed a mobo that supports PCI bus mastering
Roughly, "bus mastering" means that a card can read and write RAM and perform I/O on its own without CPU help. More details: FOLDOC definition of bus master. Some motherboards may be able to turn this on and off in the BIOS setup screens.
One coffee shop I go to, A Fine Grind, has free Wireless(b) AND ethernet ports. I love it. The internet access there is flaky sometimes, but has worked for me each time.
Another cofee shop, The Spyhouse, has an Airport on it. they have an SSID of "spyhouse" and a password of "coffee".
It works fine on Macs, but everyone I talked to with a PC coudln't get it to work due to a password. One linux user reported getting it to work.
My question for Spyhouse is WHY have a frickin' password in the first place? Maybe they are just biased towards macs. No following the KISS principle. Needless to say, they don't get my business. Not worth the hassle.
As for your wireless routers, don't use A or G. I have yet to meet one person with either of those cards. Stick with b, which will save explaining to your customers why their "wireless card" won't work with your 802.11a/g equipment.
Don't charge anything for it, not even a tip jar. Advertise the service and encourage them to stay longer and buy more coffee and invite friends to switch from StarBucks to your shop.
Have them give you their MAC address and add them to the access list. Block those who abuse. Of course publish the rules first and give them the rules when they give you the MAC.
e-smith is a very easy to setup/use/admin firewall/gateway/router/etc that will run on little hardware and do all you want (plus more) for free. You could even add a printer to the e-smith box to really attract the business users. Put a tip jar next to the printer.
Check it out.
www.star-os.com
I don't use commercial wireless internet and I wouldn't I don't want to be bombarded with ads, either.
Bandwidth is pretty cheap, especially if you aren't reselling it. Dump $100 into hardware up front, another $50 a month for the bandwidth, and leave it be. Don't go putting all kinds of crap in front of me to slow me down. Just let me sit down, drink my coffee/tea/beer and surf in peace.
My initial response is to say to use nocat auth on a wrt54g with ipchains modified to block TCP 25 outbound and nocat hacked so the owner can set a daily password if they desire.
funny munging
I don't think the tip jar will pay for the setup, but I suspect customers may come and drink more coffee, so it'll be worthwhile even as a learning experience.
Go with 802.11b. Your internet connection isn't nearly fast enough to saturate 11Mb/s. Use an access point that goes to an ethernet card on the computer, which has another card that goes to the internet. If you want to run a wired or private network as well, hang a third card off the computer and make sure no one can go from the public network to the private one, only to the internet.
Then go wild with the linux. Be aware that the more programs you run, the more vulnerable you are to attacks. You'll be ssh'ing in every month to update the software if you use any new software that hasn't undergone the rigors of years of public internet testing.
Alternately, use an AP/Router combination. Make sure you don't skimp. Many have ability to block ports, limit usage, etc. You won't be able to prevent spammers as easily, but your ISP will tell you if that' becoming an issue. If so, put in a box later.
The enterprise grade Orinoco APs have the ability to authorize in a number of different ways. Even via Radius Server for packet shaping, MAC based authorization, maintenance, more. That's how they do it at Higley's Coffee in La Canada. (Los Angeles foothills area. Google.)
Heck, you could even use a consumer grade AP like the perfectly reliable and functional D-Link 614+. I use this AP at home and it's insanely reliable, quite secure, and feature-filled. (Just make sure you reset the passwords, turn remote admin off if you're not going to use it, etc...) I have yet to see that box freeze, crash, or allow spurious packets to my LAN. Amazing box. (The new firmware might suck. I don't know about that. Mine's a tank.)
Free WiFi with a reliable connection and bandwidth is one of the metrics by which I judge a coffee shop these days. (Tolerable or better coffee is still on the list.) I'm willing to travel farther for a shop with WiFi.
Yeah. Free. Not as in beer. As in free. I would figure in this day and age a coffee house is going to have some sort of broadband for business use anyway. APs aren't that expensive, and you can usually find trustworthy geeks at a coffeeshop more than willing to set it up for you. (To protect your internal network from inside, to protect it from outside, etc.)
That and good placement of power outlets, including outside for us smokers.
Check out these folks. They have everything you need for your purposes. Here is their wiki for some more info about the actual softare involved..
It's my understanding that 802.11a/g is backwards compatable with 802.11b. However, you won't get full speeds unless all connected clients are utilizing 802.11a/g.
That's a trick a local coffee shop uses here. Free network so you'll stay an hour or two, but you can't charge your laptop to stay longer than that!
I've NEVER seen a Starbucks charge $10/hour in the U.S.
Where are these locations? The ones I've been to (Spokane, Seattle, D.C., Orlando, San Francisco, Dallas, Chicago) all charge $10 / DAY or $30-40 unlimited monthly.
If you have a T-Mobile account you can get it added on for like $20 a month (unlimited).
-Charles Hill
Learning HOW to think is more important than learning WHAT to think.
It's misleading to quote this $10 number for Starbucks. Monthly all-you-can-eat is $30 ($20 for T-mobile cell phone subscribers). For this price, you're getting the use of every Starbucks and Borders hot-spot out there and you know there are a few around. If you're in any place of a reasonable size, you know you can find one pretty easily, and you know you can hop on with no hassles. If you go by the hour, then sure you're going to pay more, but unless you surf like once a month, you're not going to go that route. That'd be for people on travel and it's worth more that $10 to the business for the connectivity.
There are many things family-owned coffee-shops are good or better for, but let's not knock *$ gratuitously. And there are things definitely lacking in *$ HotSpot service, but clearly you're not interested in addressing connectivity issues, you're interested in a business model for hot-spot service. And to qualify that, the issues with HotSpot service are mainly due to it being platform-independent (read "works with Linux").
In Austin, there's a handful of coffee shops (and a few bars) that offer free wireless access. The hardware is dirt cheap; administration is minimal, and $50 per month for internet access is not much to cover for a larger coffeeshop.
:) ). Your experiences may vary; Austin is a rather tech-friendly town with a high population of laptops, but I encourage you to try and keep it free.
Their premise is that the cost of the DSL and hardware is far outweighed by the number of people that come in to use the internet, and feel obligated to buy coffee. For the most part, this seems to be true. People are more likely to frequent these homebrew coffeeshops (rather than starbucks, etc). Even a few bars have jumped on the bandwagon, hoping to attract the lunchtime tech-friendly crowd. These free access points have the added benefit of forcing large coffeeshops to reconsider their dreadful "T-moblile" $10/hour business model.
In short, the free model has been very benificial for everyone involved (except T-mobile
I certainly would put five bucks in the jar if I used it once. Of course, I'd like to see A/G used, my laptop has support for A/B/G and I think we need to see more A access points around because I find the overall experience to be better with A than with G. And B is just sooo 2003 ;-)
This one seems to work with exactly your concept in a large city: http://www.live.com/danastreet/
Whatever else you do, change the default password on the router.
Glonoinha the MebiByte Slayer
The College Perk coffeehouse in College Park, MD, has free wireless.
Another place in the area told me "we don't have wireless because I don't want people coming in and just using the Net and not buying anything."
OK, well, guess where I buy my coffee now?
Also at College Perk, I organized a Chat with the Baghdad Internet Cafe that brought in many customers.
I think the controlling factor would be the bandwidth of the business connection to the internet itself - which is also probably the biggest recurring cost - probably $100/month or more - but the big question is why bother with a gigabit ethernet? Typical fast ethernet is 100Mbit/second (~$20/card) - much faster than most pipes (but a practical cap in a multi-user system is probably closer to 80-90Mbits/second due to high collision and packet loss). The only reason you would need this is if you're having lots of local sharing between people in the coffee shop (say, games). Even then, standard ethernet is usually fast enough.
Without a monitor, you could even build a cheap micro-ATX with video/sound/ethernet built in (adding a cheap case at $50-$60, 512MB memory ($50-$70), a 40GB drive ($55), floppy drive ($12), CD-ROM ($20-$30) and a 1.5-2GHz CPU ($30-40)) for about $250 - I did it for $189 last year for my wife's computer (she already had Windows and all drives). You then add your $25-100 for the local ethernet routing, depending on type.
Also remember that all of this would be a deductable business expense for the shop (if they paid for it).
I'd stick with the advice of others re: do it with just a decent router, and don't bother with traffic shaping etc.
Here in the UK the best value small routers I've found are the Draytek range, sold by Seg, and quite highly reviewed.
The 2600G should be all you need for 179 quid (199 including a card of your own ), it does wired and wireless, the firewall is solid, and if you end up needing to filter you can do so quite easily.
Plus the user forums show that whilst there is the odd glitch and imperfection, but at least you can find other UK users to help when your ISP goes a bit weird.
I have no connection with them, but I'm a happy user of their products in the UK
I spent a lot of money on booze, birds and fast cars. The rest I just squandered. - George Best
BTW, the T-Mobile service (i.e., the Starbucks wireless) isn't $10/hour; it's $7 for one hour, $10 for a one-day pass, or $30-40/month if you sign up for the monthly plan (for $30 you're limited to one geographic area, i.e., "the Bay area" or "the Seattle area"; $40 gives you roaming).
Unless your MAC number is on my "paid up list" everything else was blocked, except for port 53 and 80. Port 80 was redirected to a local webserver that would allow a user to log in and register his/her presence with the system. Port 53 is left open so you can resolve "gateway".
If figures I was going to link to my website, but something has just knocked out Cavalier's network. http://www.etoyoc.com
Follow the link for "wifi".
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
That's pretty braindead VPN software... If your IT department hasn't upgraded to a VPN that can handle clients behind a NAT then you need to fire them.
The "average barista" works at Starbucks who have their APs set up and managed by T-Mobile... 99% of the time, baristas dont have to deal with the APs (if they are even aware that they exist).
Be careful! Bears shouldn't consume large furry dogs.
Start simple. Just allow open access. If you start having problems (I assume that you'll be using this access point regularly), then throw in a cheap PC to do the fancy bandwidth/packet management. The most important thing is to get it up and running soon so people are attracted, then iron out the bumps out as you go along.
How about this... start out with a b access point which, as others have mentioned you can pick up for $20 or so. Have a little jar soliciting donations for an upgrade. If enough people are interested you'll soon have the cash for a new accesspoint.
As I recently discovered when I counted the change that had accumulated in the coin compartment in my car, bouncing back loose change can add up pretty quick.
like I'm gonna pay as much as I do for net access at home for a month's worth at some coffeeshop...
Yo momma has a wireless laptop.
At least, mine does. So does anyone else who has a recent Mac. She might well wind up in such a place, if she was travelling with her laptop, which of course she does -- and in that case, she would surely be able to handle a simple web proxy form, but not a WEP password.
There are actually a bunch of WiFI routers spcifically designed for hotspots; some even come with thermal printers.. This one comes to mind. There are server others as well. Do a google for WIFI HOTSPOT ROUTER. Cheers!
that there would be a lot of people sitting there for hours on end logged on to the internet and not buying much coffee?
The real cost to a coffeshop would not be in the modest capital costs for the router and computer but in lost sales vis a vis occupied tables due to patrons sitting there for hours playing quake for example.
Authentication, administration, everything you want: MeshAP. Supports authenticating against LDAP (comes in the package, or your own), MAC restrictions... everything.
It's open source, runs on commodity hardware (your PC with a WiFi card), and has a big community to help with the rough parts.
(no, I have nothing to do with it, I just like it)
-- Bill "Houdini" Weiss
First of all, how in the world did you figure $500 for a box and $100 for a router???? I would probably go ahead and figure about $150 for both since they should be the same box. $50 for a wireless PCI card and then $100 for two 200mhz boxes (for redundancy, an extra box configured the same way). Seriously, there's no need for more than a 200mhz box if you're just setting up firewalling services for a box sitting on a cable/dsl line. Then throw FreeBSD on there and set up IPFW. That is of course if you want to only spend 30 minutes installing and configuring it.
And since you have that extra $450 left over, go ahead and buy 45(!!) of these 802.11b wireless cards from outpost.com for $10 a piece, to basically give out to customers!
http://shop1.outpost.com/product/3882037
a PC with one 802.11 card and a regular Ethernet card to plug into the Cable Modem or whather you will be using.
there are 2 kinds of people. those who divide people into 2 kinds, and those who don't.
We have 2 mom-and-pop coffee shops here in Mankato that have wireless access, and it seems to work well both places. One place just has a wide open AP (not that I'd recommend this, unless it's well firewalled). The other just takes your MAC address and adds it to their access point (access is MAC-address filtered). Oddly, the one where you have to sign up seems to have more wireless users, though this may just be due to the regulars at each place.
There are improvements that could be made to either. The wide-open one doesn't have a very strong signal, and I'm not sure that they're running it well-firewalled or with the knowledge of their ISP. The MAC-filtered option really should have some automated way of signing up (e.g. when you connect to the network, you fire up a browser and are taken to a sign-up page - I've seen Cisco equipment that can do this), or the people running the shop should know how to find the MAC address through the appropriate OSes (at least Windows and Mac OS - Linux geeks are likely to know how to type 'ifconfig').
Either way, if you spring for a better AP, you shouldn't need a linux box to power anything beyond what the AP can do. That'll save you at least $400 of the $500 you have planned for the linux box. And I think abuse won't be much of an issue. Mankato is about the same size as the town you're describing, and these two shops haven't had any issues (as far as I'm aware) with abuse. Set up firewall rules appropriately to make sure, but overall, it shouldn't take a very complex setup to do it well.
Now, the better option might be to try to convince the coffee shop that it would help their business, and get them to chip in.
Also, I'm probably in a fairly small minority here, but I'd want to be able to ssh to my home computer, especially if I'm on the road. I have gotten so reliant on ssh and especially sftp - I constantly forget needed files, because I know I can just sftp home and grab anything I forget to bring with me.
I'm not sure how my school (uta.edu) does it, but before you can do anything on the internet you have to open your browser and type your username and password. Once you've done this you can use any seriveson the net you want (except all the filesharing stuff).
In your case, you could do the same thing. When they open their browser, just have them enter a password or phrase - mabye one printed on a reciept.
Sorry I don't know all the techincal details about this - but I think the idea might work for you.
ipos
We are this close (holding fingers an itty-bitty bit apart) to releasing 1.0 of our software for just this purpose. Free, based on open source (including NoCatAuth). It's what's powering Austin Wireless City project. Free software, any PC that will run RedHat, any access point, w00t.
Check it out
And you are patiently awaiting its insertion.
I'm sure you've all heard of the Speakeasy... I first heard about them not because of their internet access but rather their net cafe that popped up in the mid 1990's.
Thier pricing structure was as follows....
$1.00 for physical terminal access... $1.00 gives you the daily password.
$20.00 a month gave you dialup access.... and free dumb terminal access
More moolah for x-terminal access
In all fairness.... they made MORE money from their internet access then their cafe. But such is life... I believe the cafe helped to promte their service, rather then the reverse as intended.
This was back when they had to pay for premium lines.
----------------
Alternativly speaking... I setup one cafe in a similar way to what you did... as in laptop based internet access via wired ethernet. 16 ports and a $5.00 fee for the jacking in.
Router with port 25 blocked....
And that's it.
Access was $5.00.... $3.00 with purchace, limited to 15min depending on demand.
I proposed a monthly fee for free access and an e-mail account, but they didn't want to bother, pointing people to hotmail did the trick.
Not sure if the place is still alive and kicking.. but considering it was just base DSL access... we're talking only a $50 a month charge to get people into the cafe to buy some coffee.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
I used to hang out in a coffee shop called Bean Trader's in the Durham area, which has had free Wi-Fi at two locations for about a year and a half now. You should definitely check it out if you're in the area. Or, if you just want advice, call the owners, Dave and Christy, they are very friendly, and I'm sure they would be happy to tell you about their real-world expierience with this. (Tell them David and Amber say "hi.")
The owners are NOT techies, and installed Wi-Fi in their forst location basically as a favor for me and another customer (since then I moved, and he went to jail, but that's another sotry). Since then, however, thay have had no trouble maintaining it themselves, and have found it so successful, that they are planning to make it a permanent fixture at every store they open in the future.
Here's the formula they have found sucessful: A DSL connection for broadband internet (though a cable connection should work as well), and a combination wireless router/access point (they use Apple AirPorts, but there are cheaper models which would work fine too). That's it.
Yup, you heard me right - they don't even have a computer! The Wi-Fi is wide open, 24-7, for everyone to use for free. If the connection drops, they unplug the router and plug it back in, and if it that doesn't fix it, they call the DSL company and have them fix it. It cost them about $100 to start (for the router), and $50 a month for the access. They've told me that the increased business has paid for those expenses MANY times over, so even while their customers see it as a gift, the truth is it makes them lots of money. They have had almost no trouble at all with people hogging the line, or any of the other things which you might expect to go wrong.
And that business model actually makes sense if you think about it. Consider McDonalds playlands, for example. McDonalds is ALL about making money, yet the playlands are free. Why? Wouldn't it be more logical to charge a small fee to cover the cost of the playland? Logical, perhaps, but not profitable. Making the playland free brings more customers into McDonalds, and they make far more moneyu selling food to those customers than they ever would if they charged admission to the playland. It's the same deal at a coffee shop. Just think of Wi-Fi as a playland for adults, and the business model is identical.
Also, making it free has other perks for the business owner. When people pay for something, they expect a certain level of service. But it's not reasonable to expect coffee servers to do tech support of any kind. When the service is free, if someone has a technical problem, the server can say "sorry, its free, so we don't support it - try asking one of the other customers." I know it sounds odd, but it actually works well. When I used to hang out there, just a customer myself, I probably helped someone new configure their laptop wireless card at least two or three times a week. And it was a great way to break the ice and meet new people too.
Trust me, just throw a router/access point on a broadband connection and call it done. I've seen it first hand, and it works better than you think.
If I were you, I'd get a router that is compatible with 802.11 a/b/g. It's not too much more expensive and is worth it. I've got to say that having free wireless internet is the best thing a coffee shop can do. My local coffee shop (Caffe Roma on Columbus at Green in S.F.) has free wi-fi and it's great.
Pretty silly. What's gonna happen when something illegal is done with that connection? How are you gonna defend yourself when you did ABSOLUTELY nothing to prevent it?
Here's a simple one piece solution.
d ex .html
http://www.tomshardware.com/network/20031016/in
Access point with built in password based timed access.
A little pricey ($650). But unless the person who's setting up the theoretical linux box router is working for free, could be worth considering, as this would cover PC + AP + setup.
"We are what we pretend to be, so we must be careful about what we pretend to be." --Kurt Vonnegut
this coffee shop only seats 20-25 - and then it's crowded. probably have less than half a dozen folks connecting at once. mostly the folks who are always studying for college/high school anyway.
Einstein would keep it as simple as possible, but no simpler. I think your advice, while bascially good, is just a bit too simple. As has been pointed out in numerous other comments, you'd be wise to complicate things enough to cover your ass against the various risks. Burying your head in the sand won't make them go away, alas.
I know this will sound like a cable company line, but why not get two ceap standard routers, one entirely without any WEP security, but access to only HTTP, DNS, FTP, the basics. Restrict email access, and everything else that might cause problems. Setup a similar router with WEP that enables the ports required for VPN, and services which require other security to be setup: charge a small fee for access. That way ANYONE can surf while they drink coffee (even those who don't know how to change the WEP key and those who need the additional services can pay a small fee. It would be very simple to setup and maintain, no PC required.
Patrons need only pay for the access they need, and the public gets to surf for free. Probably make a few friends in the process and the business people who use the pay service will understand the need to charge to keep the service running. Simple.
"Quando Omni Flunkus Moritati" -- Red Green
If you don't have knowledge of, or benefit financially from, the illegal activity then it will be pretty hard you to be held liable for the actions of others.
-- Mark Lyon http://www.marklyon.org
Consider directing all users to a simple "I Agree" click-through agreement when they access the network for the first time each day. Make sure there's no way an idiot can try to sue you for the content they access, security issues, or any other liability. You might want to put something in there about how the shop is not responsible for any damage done to the equipment as well....just in case someone "accidentally" tips a tall cup of coffee on someone's open VAIO.
While many of the retail oriented DSL providers explicitly prohibit bandwidth reselling, it is very possible to work your way around this problem.
Smaller DSL providers are often happy to write custom deals for their customers who want to resell bandwidth. These deals usually consist of a monthly fee ($50) that covers a fixed amount of bandwidth (2GB transfer) as well as an overage charge ($0.01 per MB transfer).
If you are buying telecom products from your local ILEC in the T3/DS3 range (45 Mb/sec or ~672 voice lines), it is fairly easyto become a DSL reseller your self. In this case, you can make point-to-point DSL connections from customer sites back to the telecom hotel. From the hotel, route to your bandwidth vendor of choice.
In the case of an individual coffee shop, it doesn't make sense to be your own DSL provider. If you know a hundred coffee shops and other small businesses that would like custom DSL access, then it could be a very profitable and fun business to get into.
Guess you are looking for something like this: http://controlap.com/ I just downloaded it for the same reason. I just want our customer to logon; not the neighbor's customers. I haven't tried the software yet but it promises a lot.
WEP isn't necessary for your customers - the main reason coffee-shops use it is to restrict access to paying customers, and you're not doing that - you're selling them friendliness and coffee and chair space and pastries that aren't too sticky to eat next to a computer. If you've got an issue with one of your neighbors sucking down bandwidth, that's different, of course, but setting WEP is an obstacle for users, especially if they've got their own WEP settings for their home or office.
Security and quotas are less necessary than you'd expect, as long as your DSL ISP is good. Start open, and maybe monitor usage and see what problems you get, rather than starting locked down tight, i.e. use your router's security features rather than buying a PC to start with, unless you also want to have the PC for customers who don't bring laptops. (And if your ISP is the uptight, policy-heavy types, running free or especially paid wireless in your store probably violates their policies, plus they're probably already restricting SMTP.) For consumer DSL ISPs, I'm quite happy with sonic.net, Speakeasy's also good and has nationwide coverage, and ever Earthlink's not too bad. Business DSL providers will charge a bit more, and tend to have flexible policies. Cable Modems are a much better match technically, but are run by terminally clueless paranoids who don't understand their business models, so you can't use them except maybe with a higher-priced business-class service.
You're unlikely to have much problem with spammers - geeks hate them, and have fun imagining scenarios like drive-by spammers, but in a small town, it's more of a know-your-customer thing. If you're in a college town, or get lots of high-school kids, you may need to worry more about crackers using your system. On the other hand, you need to leave things open for gamers, and the problem there is making sure the high-school kids keep buying enough drinks to make up for chair space. KaZaa's not really much of a problem, as long as your ISP doesn't ban it, because users are transient enough that they won't be doing much uploading, just leeching.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The coffee shop's business went through the roof and it seemed that at times half the patrons had a laptop with them. What's more, the patrons who came in with their laptops would generally order the pricier items (lattes, baked goods, etc.).
It was clearly more profitable for the cafe to provide the hotspot for free. They paid a local entrepreneur to set up the network and some simple access controls and then pay him a monthly fee to maintain it and it is well worth the price. All this at the expense of Starbucks who, despite their billions of dollars and high-priced executives, haven't yet figured out a decent business model for wireless.
So I would say that no tip jar is needed. If the cafe owner knows the business, he or she should be happy to pay a reasonable rate to have it installed and maintained.
-- My choice of computing platform is a symbol of my individuality and belief in personal freedom.
Kevin Mitnick would've been happy to have this I guess. No Kinko's necessary. Seriously, what are the legal responsibilities of opening your DSL connection up to anyone? What to the ISPs require? Is their a good faith expectation that you would monitor this before you "resell" it? Of course, IANAL but could you reasonably expect a lawsuit someday?
I spent a lot of time doing some research into this, and I basically couldn't find a way to charge money without it being either really expensive (in which case, people can use tmobile at starbucks just as well), or without losing money on it. The problem was just in maintaining a PC that people have to login into, selling accounts, etc. just got to be such a headache that it wasn't worth it, not to mention, the increased cost of having a commercial DSL or cable vs. the residential one. Instead, we just went with the free access. This worked out great, as our general policy is that you can't hang out inside leeching off the access without buying something. We get quite a few people who just hang out and use the free wifi, and they consistently sit there and buy coffee after coffee. In the end, I spent $40 on a cheap wifi access point, another $50 to get the DSL installed, and $30 a month in DSL monthly fees. It more than pays for itself in people buying coffee. And we have nothing restricted, all of it is open, and have yet to have a problem with anyone sitting there and tying up all the bandwidth. It just hasn't been an issue, so we haven't spent any time dealing with it. Just thought I'd give you my experience on this.
I'm the original poster, and would like to make some comments to clear things up.
-This is a friendly coffeeshop - pretty much everyone knows each other, potential MAC or other screening is just a precaution.
-The money from the tip jar will (hopefully) reduce/destroy overhead, making the owner more open to my idea. Anyone who comes in and buys more is just icing on the cake.
-Speakeasy allows reselling, and they're available in our area cheaper than Comcast/ATT etc.
-The target audience is the customers who are studying for night school/college/high school - many of them stay there all day, or all day after school, anyway.
And since FatPort and Surf and Sip have hardened these box down for use in their own networks, they'll provide adequate protection from Kazaa zealots and the new breed of wireless spammers.
Actually, I would think they would want to block VPN. I don't know exactly the through-put requirements, but, if you are using a free/"tip jar" model, it strikes me there is potential for a coffee house to subsidize a business's remote access costs.
Allowing for some recreational web surfing or some web-accessible business tools (web e-mail, etc.) is probably the goal. Having a Citrix client, synchronizing a large mailbox (Notes, Outlook, whatever, with lots of attachments), or X session might break the bank, so to speak.
Now, if we're talking $10/hour at Starbucks, it seems more equitable.
Don't violate the terms of service of the upstrem provider. One Mom & Pop coffee shop on the austinwireless network got a big surprise when their provider (think well-known news magazine and movie studio) presented them with a very sizable bill. Seems Mom & Pop were set up with a low cost account when they really needed a higher level commercial service that would allow them to share the access with their customers. The provider back-charged them for several months worth of the higher level service.
We've done something similar here in austria, called q/spot. It's a free and anonymous hotspot. We used a Soekris net 14xx Box as a hardware basis (embedded 486) and equiped it with a prism2 capable card. Software that runs on it is a quite homebrew linux it offers us a httpd, iptables, ssh. The Accesspoint setup is done via hostap. With iptables you have full control of your users, even able to limit ip connections and set quotas (good against file sharing neighbours). In our setup the user gets a 30 Minute session. The first http request he sends is redirected to the local httpd showing him the Terms of Useage of this service. There is a log in button on this page, clicked it calls a simple cgi, wich ads the ip to a list of valid ips.
This setup is quite simple and inexpensive. Of course you pay the box and you pay the card, we got the box for free, and paid about $150 for the card. (it's an uncommon prism2 pcmcia card with the possibility to plug in an antenna).
I'd use 802.11b cause i think last meters ain't the bottleneck.
In this case, I'd say 802.11b for 2 reasons. First and briefly, the a/g cards can regress to b but not the other way around. best to cater to everybody.
But more importantly, you don't want to worry about people at the starbucks that will eventually open across the street from you using your wireless for free while drinking the competitions coffee.
So I would suggest using b for it's shorter range. You don't want to be a total-lockdown thing (if you're using a tip jar model I'm assuming that it's open and on the honor system) so this could be a way to keep people physically close to the tip jar without being a meanie about it.
"Let him go, Ralph. He knows what he's doing." --Otto Mann (simpsons)
Problem is that you could tunnel out any of the few ports remaining and get the job done....
There is no 100% fix, except perhaps application level filtering/throttling.. Which of course breaks down if they encrypt..
---- Booth was a patriot ----
Why not sell wireless cards at a slightly marked-up price from what you can get them at? It'd be a good way to spread the technology and encourage new customers to buy into your service.
10 bucks is nothing, in my eyes, for someone who is spending 5 bucks a wack for a cup of coffee. They obviously have extra money and are willing to piss it away (that is where it goes after you finish drinking it), why stop them? How about $15?
I was going to suggest the same! It's a $650 box, so it's not cheap, but it sounds really solid and it's all-in-one. Plus, I've always respected Zyxel's products.
ZyAir B-4000 web-page
To summarize:
1. Anyone who wants to use the AP has to ask permission.
2. Someone behind the counter pushes the button for New Authorization and the built-in printer spits out a quick code.
3. the user goes back to their PC and enters the code in the authentication web-page they're seeing.
The code lasts for an hour, I believe, and the coffee shop can choose to charge or not for the access.
I'm in Canada. I've seen rates from 7 to 11 bucks an hour up here. That translates to 4 to 7 bucks an hour in yankland.
OK, you don't _strictly_ need two ethernet ports, if you're doing things like running two IP addresses on one port or playing other games with one-armed routing, but it's ugly if you don't. If you want something appliance-like, get a used laptop - anything that boots from CDROM will do, and you can find them for similar prices. Router filtering isn't a job that needs lots of horsepower.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
$5 / month hosted VPS on linux = awesome!
has anyone had any experience with this? It takes the geek out of it, but it may be easier to administer in the long run. Interested to here user experience.7 3 (dlink)
http://www.dlink.com/products/?pid=1
You would more than likely be violating your service agreement with your ISP if you shared internet access for profit. I'd have to read my agreement (through Comcast) more closely, but I think technically I am not allowed to share it with others for no profit (and I technically shared my internet access with my wife).
/.) where an apartment management company got nailed for offering Broadband internet access to their tenants by ordering individual service and using an over-the-counter router to share the access with all the tenants.
So I guess you could do this, but you would receive a Cease & Desist letter from your ISP very quickly. I read recently (maybe on
Let's see... a 400 unit apartment complex X $39.95 per month for n number of months = a whole lot of money.
Ever visit Austin, Texas?
Si la vida me da palo, yo la voy a soportar Si la vida me da palo, yo la voy a espabilar
There are some great products on the market that are designed to support the small business public-access WiFi site.
e xcate=1 060053881&indexFlagvalue=1021876859
In particular, look at the ZyXel ZyAIR B-4000. It is a feature-rich hot-spot-in-a-box. Some of the highlights:
--Authentication Server (assign id/pw to users)
--Print access codes for users with the included printer
--Access codes can be set to expire after a certain time limit
--Configuration is done using a web browser, but
--No computer or monitor needed. Just a couple of buttons on the printer for the most used functions.
--Supports URL redirects including advertising
The device seems to cost ~$500. Here's a link:
http://www.zyxel.com/product/model.php?ind
I was in a hotel that offered internet access through a CAT5 jack, but you had to go to a web page to "pay" for your session before you could get on the internet. This would make a great addition to a "free" shop in that you could hand out 30 minutes of access with a code printed on the receipt. If you need more access, buy another coffee. Any ideas how this could be implemented? Is it just a bastardized version of Apache, or something more integrated since it would need to intercept ALL outbound traffic?
LOAD "SIG",8,1
LOADING...
READY.
RUN
See this Marketplace story entitled "Price is subjective at restaurant without menu."
-- Daniel Ashton - PGP key available - ICQ# 9445142
By the way, Little City also had ethernet jacks in the walls, so I generally just plugged in that way. It's great to be able to do homework in a coffee shop and still be able to access the internet. So for anyone in Austin reading this, visit Little City and Schlotsky's (the newer buildings, at least) and hopefully more businesses will offer these kind of perks to draw in customers. Quackenbush's was the place that required payment. Maybe they'll change their policy if the pay system fails.
Oh, and if you have a student ID, the entire University of Texas campus is littered with hot spots.
Si la vida me da palo, yo la voy a soportar Si la vida me da palo, yo la voy a espabilar
$5 / month hosted VPS on linux = awesome!
You do need a cheap DSL provider for this to be cost-effective, but you also need one with policies that will let you provide commercial shared open access like this. Some are really paranoid greedy types (cable modem companies are the worst), while others are extremely, deliberately open. The nice thing about DSL is that the people who provide the wires aren't the people who provide the upstream or set the policies - so you can get telco or Covad wire but still pick an ISP with open policies. I use Sonic.net at home, partly because they offer static addresses but largely because they let their users do anything they want with their connections (except spam, of course...) Speakeasy's also good, and even Earthlink's not bad, and if you don't need static addresses, there are probably a number of others out there. AT&T's business-priced services are good (even the $79 stuff), though their consumer policies are too restrictive. I don't know if any of the recent $29 deals let you use them this way, which is too bad because it's easier to PROFIT if you only need to sell 10 extra lattes per month than 20-30.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Go and tell it to a judge...
"pretty hard" isn't the right expression...
They tried offering service for $3 - $5 an hour and didn't have many takers. It doubt they made any money because they had two used laptops one could rent before wifi gained speed.
Recently, a few more coffee houses have opened around them and they found that offering free WiFI keeps regulars like me comming back and spending money on coffee.
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
You could use Ip cop as you gateway and run your wireless access point off that. You can run it on an absolute piece of junk box, all you would need is two nics, and PII would be over kill, plus you wireless router. It has so many useful add-INS that you could be as tech about it as you want. You could add in Dan's Guardian and block any content you would not want the customer to see. You could add Wonder Shaper and rate limit any connection to stop any "bandwidth hogging" issues that may arise. Plus it has Squid Web proxy built in and you could run an ipsec vpn to it from home or school to do your remote administration, rather than straight SSH or telnet.
Just a thought.
If it's not G, then it's not for me!
It is not $10/hour for everyone. Monthly unlimited is $30/month. I have had it for a year and it works much better than my own cable modem. I live in a very busy town (suburb in North Virginia) and I can drive to at least 5 Starbucks within 2-3 miles that have T-mobile Hot Spot installed. I never find more than one person online at a given time, and regardless of what they do, it never feels slow.
The logistics of doing this should not be complicated. You can land a T1 for less than $1000/month if you look around. The tip jar should be able to offset whatever the T1 costs. And make sure the antenna is set so it does not go beyond the outside tables at the coffee shop. Make people get close to the store in order to connect, the smell of coffee will do the rest. I would not even worry about bandwidth control.
Pedro
----
The Insomniac Coder
I've seen this in use and it's quite impressive.
Here's some info copied right off the main page:
SkyNet GNU/Linux is small distribution of GNU/Linux designed for embedded devices such as the Soekris boards. Its targeted specificly as a gateway for community wireless projects such as The Tacoma Wireless Community Network and similar projects like SeattleWireless. With some modification, it should be easily adaptable as a general purpose router, an inexpensive home based wireless access point, or a drop in solution to building temporary mesh networks.
This user account is inactive account replaced by the PDA
I'd never consider 802.11a at this point, the marketshare is all in 802.11b.
So, the next question is, should you go 802.11g (~54mbit), which is backward compatible with 802.11b?
How fast is your internet access going to be? Is it even going to be faster than 802.11b will provide (11mbit)? If users want to do laptop to laptop transfers, they should just use a crossover ethernet cable (100mbit). Hint: Most ADSL is 384kbit and will let you grab ~1mbit when things aren't busy at the ISP. 1mbit is "fast" for most folks.
IHMO, the owner should just see is as a way to increase his customer base for his existing revenue model, and have a cool thing to do when things are slow (but need to keep the other employees in check if things aren't getting done and he's not there all the time).
Futher, I'd suggest a caching engine like Squid, which can help with content filtering as well (say for employees, make them login before they can surf so you can track their time, etc.). Squidguard is my filter preference for filtering and there are many free content DBs online.
I'd be filtering porn sites, probably gambling, probably hate sites, etc., as I'd not want one customer offending another with graphic images. Of course, you could say MYOB and tell the guy to sit where no one can see his laptop, whatever...
NoCat is a good authentication model as well just so you can track folks in case something illegal is taking place.
Good ideas in this alt.internet.wireless thread titled "Public wireless hotspot software" . Some include notcatauth from http://nocat.net/
I know this isnt as geek as using linux but check out these products from D-link. You can set time limits from log in and change prices. It might be easier for the shop owner. http://www.dlink.com/products/?pid=173 http://www.dlink.com/products/?pid=282
You don't need to worry about the client's data. You need to worry about their behaviour.
What if someone sits down in your shop, connects, and starts sending spam, posting child porn, cracks systems, or whatever?
They will do so on YOUR (the shop's) DSL account.
So you will get disconnected, sued or worse, and don't know who actually did it.
The linksys WRT54-G does it all. You can compile and run NoCatSpash for it, and take credit card or other authorization. Check it out at SeattleWireless.net
http://www.solwise.co.uk/wireless-hotspot.htm
This is a rebranded solution from another company (begins with X...or something) but it does essentially what you want and is simple enough for people who work cash registers to not have to spend too much time learning new stuff unless they want to.
The rest of us use it unlimited for less than $30 per month for access all over the world. Of course, there are those that may want to pay $10 per hour for access and may also choose not to drink Homebrewed coffee. :)
A number of the independent coffee shops have set up free Wi-Fi access around here, either on their own or through our local community wireless project Personal Telco It appears to draw a fair number of users and thus more business for the shop.
One thing that I would recommend is setting up a click through usage agreement and blocking SMTP. Otherwise you're setting your self up for abuse by spammers and liable for the actions of other loser-users (blackhats, kiddie-porners, etc.).
If you're running Linux you can set up an easy click-through using NoCatAuth.m.m.
The pay WiFi coffeee shops I've used (Borders and Starbucks, along with a local one) don't enable WEP or WPA on their access points.
I assume they do this to make it easy to stroll in and sign up online. If WEP was enabled you would have a hell of a time trying to get online long enough to sign up and then you would have to reconnect using WEP.
Note that not enabling WEP doesn't mean you can't control non-paying customers from reaching the internet - they do this with a Web authenticated firewall. Still leaves open the possability that you could cause local (i.e. non-internet trouble) but that is always a possibility for any RF gear anyway.
The other thing is that bringing WEP or WPA into the picture means that people would have to do some configuration, which goes against the business model of actually getting people to pay for WiFi.
To their credit, both T-Mobile and the local place I use do put a warning telling you that WiFi is sniffable and that you should use encrption (like SSL) to protect confidential information.
It just works
I, for one, would not pay for access if it were limited by either time or bandwidth (as in $.25/MB). Granted, I also don't like coffee, but hopefully the shop offers more than that? A tip jar wouldn't hurt, of course, especially if you let your customers know how much it costs you to provide this free service.
If you're worried about abuse, you could solve it this way:
http://www.wiresnap.com
Seems exactly what you want.
Best of all, you decide how to "pay" for it- you can either gouge your customers like T-Mobile and the other gougers, or pay for it yourself (it's cheaper than you think) as a "perk" for your customers (think air conditioning).
Regards
Another poster pointed out that maintenance will be a problem when you move to a new job.
I would recommend a Cisco 1200 access point. Yes they are expensive $800 or so but they incorporate bandwidth mangement, basic ACL's, DHCP and if you buy the maintenance if it croaks cisco ships you a new one overnight also a single ap can have 2 radios 802.11b/g and 802.11a
Ile Sans Fil is a non-profit community group devoted to providing free public wireless internet access to mobile users in public spaces throughout Montreal, Canada. We use open source software and inexpensive commercial WIFI equipment to share broadband internet connections.
Here is one page describing how you can get involved, with a few specs.
I had similar ideas in my town, figuring the local shop would be proud to offer free service if only to spite the starbucks just accross the street. I was wrong. Turns out this shop is already setup with a wireless provider and on terms no better than starbucks'. It's crap, and, from what I can tell, nobody pays for or uses it.
I've heard it said that something has to be enconomically viable to exist. I say free wifi in coffee shops has long been as "viable" as the cup my coffee comes in.
"Nothing in education is so astonishing as the amount of ignorance it accumulates in the form of inert facts." - Henry A
Yeah... you make very good points, but I have to admit, I'm a bit "put off" by several coffee houses I visited in the past in my area. They seem much too interested in enforcing rules about buying drinks while you're there. I mean, let's face it. Posting signs about a "2 drink minimum" might be socially acceptable at a comedy club, but it's not something we're accustomed to seeing at a food/drink establishment. Imagine if the corner bars started pressuring the people playing darts or billiards to "buy another beer in the next 5 minutes, or you're out, pal!".
If you run a coffee house and you're having problems making ends meet because all the teens come in and play games all night and don't buy anything - the best solution isn't to make them feel unwelcome. Instead, redesign things to resolve the problem. Perhaps, set up a "gaming area" where everyone is required to pay some sort of fee for admittance, and then they're welcome to play as long as they want. (Give them a wrist bracelet after they pay or something?)
If you have crowds of people who like your place enough to come in and hang around, you're only one small step away from using that to your advantage. Kicking them out/running them off puts you back at square 1, by contrast.
There's a coffee shop I frequent that set up wireless access downstairs from my office.
/.ers will scream at this idea, but it did the job, was fine security wise (after some tweaking of assinine default settings) and only took 1 programmer half a day to setup.
In the beggining we "donated" an old machine to them with WinXP on it. After some tweaking we had it doing a satisfactory job of sharing the internet connection (DSL modem connected on eth0, wireless router on eth1) and running winamp with output to their sound system.
Of course, I'm sure most
This place wasn't even a "mom & pop", it's actually a fairly popular coffee shop in the middle of an open air portion of the Valencia mall in SoCal.
However, that solution is no longer in place. They ended up hiring a company that put in a couple eMachine terminals for $2/15 minutes or something. They were actually going to charge for the wireless. At first they were going to collect the MACs for existing 'free' users but after some whining and complications they just left the wireless free (so you only pay if you're using the terminals). This has worked out pretty well. I think they've got a mid/high end router of somesort doing most of the work now though.
Anywho, seems to be working fine. I don't know if they have any sort of quotas set up, but there doesn't seem to be a problem. Most of the patrons that use the wireless are workers from my office or surrounding offices and some college students.
Hope some of that info's usefull to you.
DONT PANIC
Seattle Wireless
They have a getting started guide. Being Seattle, I am also sure they have an idea of good coffee, too.
Around the austin area and I have to say that if a coffee shop doesn't have wireless, it will not get my business. (Sometimes they will, if I can smoke inside on a cold night.)
Alot of the college students around austin have g cards and appreciate the speedier connection when its available, but its not really important unless there are alot of people connected to the router as b is faster than your internet connection. (probably)
As far as worrying about people using it and not paying, I wouldn't be worried. While I might occasionally drop in to check my email without buying anything, I think that I and all of my friends make an effort to patronize the shops everytime we go, or we feel guilty. The hassle of a changing WEP key would be a real pain, especially since I often sit down to get online and don't go to buy for a few minutes if the line is long. Before wireless connections I would leave a busy coffee shop and go somewhere else because I didn't want to wait in line. Now I just sit down and browse for a few minutes to pass the time before I can drink coffee.
20 people sharing a single dsl/cable line would not be very practical
.11g card that has a hard time talking to an .11b card is either not compliant to the standard or is talking to an AP which is not. None of the standards compliant equipment I've tested has any problems.
Why not? I see this all the time in small/branch offices for businesses. If it's good enough for a business why shouldn't it be good enough for the freeloaders? Sure not everyone can be streaming video but with cable at least most of em could be streaming audio and certainly they all could be surfing even fairly heavy pages, especially if you use transparant squid on the PC along with the traffic shaping/blocking. And finally an
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
MESHAP
You can setup a Soekris box running m0n0wall and do everything in a single small box with no moving parts. Alternately you can save some cash using an old PC and either a CD-R or some sort of bootable flash drive.
It's embedded FreeBSD and will do all of the basic AP functions plus firewalling, traffic-shaping to keep P2P hogs from becoming nuisances, local DNS registration, etc.
Most laws, such as the DMCA have a "Safe harbor" provision for the access providers for that very reason.
Just because you offer the connection doesn't obligate you to protect it from every possible, or even any, threat.
-- Mark Lyon http://www.marklyon.org
Mac addresses are trivial to spoof.
Photos.
If you do this, you're probably setting yourself up as an ISP (after all, you are providing internet access to customers, and that's what an ISP does). Even if you don't think you're an ISP, your upstream provider might (and might have a clause in the DSL contract you signed about not re-selling the service).
Also, the description of "common carrier" says "... usually subject to regulation by Federal and state regulatory commissions". You can't claim "common carrier" immunity without also paying attention to your responsibilities.
What are you going to do when the feds arrive and say someone released the latest $1 billion virus from your IP address, and can they please see your records so they know who was connected at 22:53 on June 4th, 2004?
You would be wise to get legal advice (and not the kind you get from Slashdot) to determine what your liability is and what your responsibilities are, both to your upstream ISP and to the state and federal regulatory commissions.
It may be that the $10 that Starbucks charges is mostly to cover the record-keeping costs, the "allow the feds to wiretap" costs, and all the other legal requirements of an ISP.
Or, you could ignore the legal implications and just hope and pray that nothing goes wrong. I expect that is exactly what all the other free wi-fi providers are doing.
I hate it when I make a joke and I get modded "+5 insightful". Mod the stupid comments "funny", not "insightful", pleas
I run a few small networks, including my home network, wich have a few users and not too much bandwidth. This isn't a problems except that occationally someone want to download something big (like the newest release of Mandrake). Is there any simple application (linux, dos, or windose) that can make sure that these downloads can use full bandwidth when it's available but give the bandwidth to others when they want it. The use would be to make sure the everyone who wants to browse the net could do so at full speed without completely stopping other downloads.
-Tim Louden
Why don't you get rid of 99% of your headaches and choose another platform?
Okay but I am sorry why would anyone want to visit starbucks... they sell low grade coffee and charge an arm and leg for it...
My suggestion is to head over to your local Panera Bread... not only do they sever higher quality coffee at a lower price but you have fresh baked goods, soups, salads and sandwhiches... oh yea most important part... FREE WiFi.
For the record, I work at Sputnik.</disclaimer>
Sputnik offers almost-free ($10 administrative fee) management software for community access points. There's more on the requirements at our site. With luck, you'll be able to install our management agent on some off-the-shelf APs next month (we're testing some now), but you can also get the hardware through us.
-Scott Hutton
Visit Sputnik
http://www.sputnik.com/
You could do it yourself, or reinvent the wheel, or you could simply use Sputnik's system so that you can make it fancy or leave it at the basics.
I've got nothing to do with Sputnik, except I've played with and I know the founders--they're the same people who were behind LinuxCare--and I like it.
Were I setting up a Hotspot, or a WISP, for that matter, I'd try them first.
Good luck.
Steven
They've made it very grandma friendly. It connects automatically but you aren't allowed access to the web until you authenticate. When you fire up your browser (which every grandma ;) trying to access aol.com would) they throw up a login screen where you enter your login and password and it redirects you to aol.com or whatever. Contrast that with having to hunt for the 'control panel', finding your network connections, then finding t-mobile and setting its WEP key
Hmm, alternatively right click on the '2 computer icon' / Available Networks / tmobile / WEP (yes the grandma crowd will be using windows :)) is much easier but still not as natural as going through whatever web browser they use.
How do you kill off Kazaa's access. Seems to be a pretty persistent bugger tunneling through HTTP when you close off its default port.
These folks might be a good source of advice and information for you:
www.live.com/danastreet/
Good luck!
Somebody should produce a Wifi Hotspot Live CD that has all of these settings by default. I imagine a lot of small business owners wouldn't mind setting up their own services, so long as it didn't require much of their time to set up and maintain.
Check out Mesh wireless i don't know if anybody has mentioned it but it is a cool idea
http://www.facefive.com/
They are an ISP for small coffe shops, you get access by purchasing a card for $3/1hr, $8/24hr, $20/1mo. Its anonymous and doesn't require a credit card. They run linux and apache on most of their servers that I looked at.
I would contact them and ask their advice. I use them quite a bit at various locations with various platforms (linux, OSX, winblows, etc.) and have never had any technical difficulties so their systems seem to be fairly admin-free.
http://www.lessnetworks.com/ provides free wifi for coffehouses etc, with volunteers as admins.
It may just be what you need.
KnutCoward
You might have restrictions from your ISP, particularly if it's a cable or traditional DSL (e.g. "baby bell") provider. They won't like you "sharing" your connection, nor is it ethical. Some ISPs don't care. Some will sell you a "business class" service that allows this. You might also talk to the many "freenet" (I support Austin FreeNet through United Way) communities mentioned before - they might have "co-op" services that you can use, so long as you are acting as a "free access point" (all my terms).
Just don't toss a WAP on a consumer cable subscription and expect to be compliant.
Good luck with the idea! I have told Little City more than once that their free WiFi access keeps me coming, despite there being a handful of good coffee shops in proximity.
There exists no way of exchanging information without making judgments. --Bene Gesserit Axiom
Hmmm. I've got a few different types of wireless routers in my place, and setup a few for friends. Naturally they're the lower-end commercial brands, i.e. linksys, netgear, dlink, etc.
:P)
Now I was wondering if anyone knew of a good wireless router or access point that had a really nice telnet interface, complete with bandwidth throttling, etc.
Having spent about $200 bucks for my first wireless router and having had them drop down in price to...well about free after rebate, I'm at the point where I really want complete control over the darned thing and don't mind paying several hundred dollars again.
Does anyone know of any good wireless routers or access points for less than a grand, that have:
1) All the goodies that most modern home cable/dsl wireless routers have
2) A good command-line interface
3) bandwidth throttling
4) and lots of other crap that a wireless router should have, like control over power-consumption and signal boosting (i should be able to "over-clock" my router dammit
Realistically, there is no reason I should HAVE to setup an additional box for throttling bandwidth and doing other things that a router should be able to do.
01100111 01100101 01110100 00100000 01101111 01110101 01110100 00100000 01101101 01101111 01110010 01100101 00101110
Things have come quite a long way and the latest firmware one enterprising individual has created has stuff like:
- Option to give wireless interface a separate IP/network address
- NTP timeserver time update
- Wondershaper bandwidth management
- Command Shell access via the WWW interface
- Client/AP mode select to WWW interface
- Enabled IP forwarding on boot
- Power adjustment and Antenna selection via the WWW interface
- sshd (dropbear) and telnetd (busybox 0.60.x)
- sshd, telnetd on/off controls to web interface
You can also run No Cat Splash to give an initial access disclaimer/user agreement. If you are going with the tip jar model, then between this and the Bandwidth shaping, you should be all set.Also, you have a single box solution that is easy to maintain and will preserve its settings on a power cycle/reboot (assuming you have a version of the firmware with NoCatSplash built in, which I think is out there somewhere, or you could compile a firmware yourself if you have the skills).
DaveC
There are no stupid questions...just stupid people.
This may fit the bill: an Apple eMac with an Airport card. It can be setup as a router, you have bandwidth control, you can monitor what's going on and you can restrict access very effectivly I believe. Best would be if you could borrow one to try out.
Otherwise the Neatgear consumer routers can exclusive acces to entires in tables of MAC addresses - you could allow access on a subscriber basis, to be renewed once a month or so. I would also display the current password on the menu and change it daily.
Actually some links :7 720.html!d ist_en.html
http://www.linuxdevices.com/, especially
http://linuxdevices.com/news/NS771366
http://www.pengutronix.de/software/ptx
http://leaf.sourceforge.net/ and
http://nocat.net
Oh, yeah, that is what I am doing this week, too, If you want to exchange ideas, etc.
Whatever you do, get the money first (from the coffee shop). I was going to set up wireless access for a local coffee shop, bought a (really inexpensive) PC to set it all up with, started work on the PC (software configuration, etc), and then the owner never went through with her half of the deal, which was to get the DSL installed (I even have her the number to call and the plan to ask for). Eventually, it ended up I never got the money for the PC (but I sold it to someone else for what it cost me, so no huge loss except time) and the system never got installed. The coffee shop still has no wireless access, and the coffee's become more expensive than anywhere else in the area so I no longer go there.
Moral of the story: Get money first. Make sure the owner is really going to follow through with the idea. If they aren't comfortable giving you money first, make sure you have some kind of written agreement showing they know how much it will cost and agree to pay you that amount.
WEP isn't necessary for your customers - the main reason coffee-shops use it is to restrict access to paying customers, and you're not doing that - you're selling them friendliness and coffee and chair space and pastries that aren't too sticky to eat next to a computer.
I disagree. I wouldn't want to do company work on a non-WEP network. Even some WEP is better than none,
and a daily-changing key helps. Looks like an opportunity for an interactive DHCP client that ca n do challenge dialogs...
WRT the bandwidth, just block most protocols at your firewall. I would think HTTP, POP, and some IM protocols would keep most people happy. You certainly don't need to allow Kazaa and friends, and FTP is not really needed either.
I don't know if you want to attract the gamer crowd. If you do, you could let some of those through.
Most people cant be faffed with entering WEP keys etc. just to check a few sites. Kinda negates the convenience aspect of dropping into a coffee house and checking email/news.
Would it be possible to have some sort of transparent proxy sitting on the coffee house internet connection and make it so the proxy feeds back a coffee house branded "login page" regardless of which address (ie. hotmail.com) is entered into the customers laptop browser?
Once the daily / hourly password is entered (printed on the receipt for them?) it then will passthru access to the web (and email etc.).
This seems to be a much nicer (and branded) method to authenticate users than fiddley WEP keys. Probably reduce coffee house tech support too.
Presumably this could work on either the IP they got assigned when they came into range or their mac address automatically?
Any brainy people think this would work?
None of the locally owned coffee shops in Nashville that have wi-fi charge a dime (or even ask for tips) for wireless internet access. There is also no authentication or encryption and I haven't heard of any problems. I installed the Linksys wap11 right after it came out ( I think it cost ~$300 at the time ) at JJ's Market & Cafe. The coffee shop owner paid for half and I paid for half. They already had DSL. Wireless Access Points are so cheap now that they are nearly free (www.justdeals.com). No bandwidth bottle-necks, nothin. No problems.
I would not call what was developed a "distribution" in the formal sense, although it was quite easy to install what was developed. The system, based on Red Hat 6.0, was quite secure, and provided two levels of use, as well as a control sation, which kept track of billing and printed receipts on demand.
The project team was talking about how to support wireless access when the Cybercafe was sold.
This project raised funds for LUG activites, got many people exposed to Linux, and even got a couple of articles in the local newspaper. Also, several people learned networking and other skills by working on the project.
A win-win-win-win situation!
802.11b would be more than fine for casual web surfing. G/A at this point would be an unnecessary expense, although the prices are so low it's almost a moot point.
This is my sig. There are many like it, but this one is mine.
I think that restricting the maximum amount of bandwidth a user can gobble up under load is absolutely mandatory. Otherwise you are going to have problems with people leeching and consuming all available bandwidth.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
go find a cheap older computer
drive around on trash day, no one wants 350Mhz anyway
ask local businesses for donation of old pcs
go to used computer store, salvation army
search google for mesh networking software, that will work for you
I laughed, but they were completely serious. Apparently libraries have been sued before because of the content of the internet! But if the library installs filters, they violate first admendment rights.
I know this doesn't help with your decision, but you might want to have some sort of disclaimer up stating the cafe is not responsible for the content of the internet.
my karma will be here long after I'm gone
I am looking into this for a friend.
ClarkConnect (clarkconnect.com) has a couple really good distros with wireless support. It provides a web interface to easily configure most routing issues. You can use it as a gateway, webserver, fileserfer (earn carma by distributing open office and your prefered linux distro) Plus it has wireless support so you could use a couple wiress PCI cards and tether long antena cables or use some ustra cheap Wiress Routers with all the features turned off.
I am using it a home nice little product.
Why would you block IRC? I would expect that to be a perfectly reasonable use for a PC in a public space.
It sounds to me like you simply want to provide casual access to coffee shop patrons. With this in mind, you need only 2 things. The router, and a net connection.
You don't need to manage quotas or anything, just block everything but the ports you expect most frequent use on. Web, e-mail, maybe ssh for those working on remote systems, and a couple other low bandwidth ports. You don't need to help people build their Mp3 collections, they can do that at home.
I recommend 802.11b even if you can afford G. Here's why:
802.11a is very nich/expensive/who the hell came up with that anyway. 802.11g is pretty cheap, but you're providing casual access, and the net connection will be 3Mbit/s if you're feeling generous, which is still slower than 802.11b.
Which leaves your cost at about $100 or less, plus $100 or less a month. If you can make $4 a day, you cover your costs, and there's virtually no maintenance. Just keep it all on a separate network from your internal network, if you have one.
Keep It Simple. Should be a piece of cake.
--Not to be worried, Pitr fix.
We thought about this one. In my experience, IRC is used as a conduit for zombies, viruses, and the like far more than it is used for people chatting. To be specific, I have noted blocked IRC traffic (ingress and egress) in the firewall logs, yet never once had anyone complain that something was not working. This includes several office environments where I have set up the network, including the firewall. I figured the one or two people who need (or even want) it would shout about it and I would let their machine through. But to date, not one such request.
In the situations where I could examine the internal computers that were attempting to connect via IRC ports, I always found them loaded with spyware and/or viruses. Always. A round with an up to date anti-virus tool, as well as Ad-aware or Spybot, and the IRC traffic ceased.
I have nothing against IRC, but my experience has been that not many people use it. If you come down to Lake Anne, let me know and we'll see what we can do. I opened up the VPN ports and protocols after someone requested it, and it made sense.
There was an article in Linux Journal a few months back about something similar to this, where the people set up a wireless access point and mp3 server in a boombox.
Basically, you set up a DNS server that has a wildcard entry to point every domain to your web server, which redirects all requests to a "registration" script.
The registration script grabs the source MAC from the connected machine's IP. Once you have that, you have a script that redirects outgoing DNS requests to your "real" DNS server, and adds their source address to the list of machines that are allowed to access DNS (other than the fake) and that are allowed to get outside of the network.
You could tie the registration script on your machine in with something like paypal's system, possibly by using a script to serve an image on the "thanks for paying" page - so you can get the client's MAC and do the allow-access thing after they pay. If you want to take cash payments, I'd suggest having the registration script generate a random string that they can then take to the payment location. The payment collector then enters that string, which is associated with their MAC, and then the magic script from above adds that MAC to the access allowed list.
Finally, you need some kind of cron job that clears the day's entries, or that expires access rights after so many hours, or whatever. I'd probably make the "allow access" rule a seperate chain, and then flush that chain every night.
Either way, that should take minimal programming, minimal intervention from management, and generally Just Work without any real hassles other than running a pair of DNS servers...
But if you're connecting to your company machines from a coffee shop, you need to be using IPSEC or at least SSH tunnels, and WEP doesn't really add anything to your security. It's strictly a tradeoff of limiting access to the coffee-shop's paying customers vs. inconveniencing potential customers, and if your model of "paying" is "keep them around so they drink more coffee", you want maximum convenience and minimal limitations.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I 2 was really into the idea of hosting and did it with a simple wireless server all in one appliance TOSHIBA S-20 wireless server. . . .
it does all that is needed for routing firewall mail and such and picked it up new on e-bay for $200 + sh
now people in my small town got the option to wifi in the local coffee shop not starbucks for free
The strain on my network - cable is minimal and i get alot of great mail from happy people
I get to use my lappy there 2 so its a win win deal.
The highest priced unit was a external antenna $39. so it wasnt a big investment.
The college kids are greatfull for a place to get coffee and browse at the same time.