Slashdot Mirror
Wireless APs in Homebrew Coffee Shops?
An anonymous reader writes "Having seen lots of complaints about the overpriced T-Mobile Wireless APs in Starbucks ($10/hr) got me thinking about setting up a wireless AP for the small, family-owned coffeeshop in my town under the tip jar model. I'm assuming ~$100 for the router, ~$500 for a PC to use to control quotas (to prevent over-zealous Kazaa users, block spammers and script kiddies and other would-be abusers) - but what software should I be using? Do enough people have 802.11a/g cards that it would be worth it to invest in that rather than an 802.11b router?" Has anyone considered making a Linux distribution for use by cybercafes, to handle wireless access and anything else such an outfit might need?
"Since this is a medium (50,000-ish) size town, and pretty much everyone in the coffee shop is a regular, would a tip jar model work? I'm figuring suggest a donation - what should I set that at?
Finally, keep in mind that the owner is not a geek - I'd be doing this when not studying (I'm a college student), so this would be set up over the summer, and most of the maintenance would be done on the weekends and/or via SSH.
Any other thoughts would be appreciated."
http://www.austinwireless.net/cgi-bin/index.cgi
T hey've got several low-cost setups all around the Austin area.
Well....figure on it this way. Each router or access point does not give 11mb (more like 3-6mb in actuality) to each node, but they end up sharing it. I suggest you invest in a switch, a regular router and some access points.
You can do what you are looking to do very inexpensively (not counting time) if you get a Linux supported PCMCIA card and a Toshiba SG-20. The SG-20's are available for ~$200 (Cheaper on ebay I'm sure) and they have a built in 7 port hub, 1 external interface, and a PCMCIA slot which you can put the wireless card into and setup an ad-hoc network for wireless users.
I currently use the SG-20's for a managed firewall solution for small businesses which I run Gentoo on. (You can substitute your Distribution of choice of course)
Do you Gentoo!?
I have not read the book, but I have looked at the table of contents and the index. The book looks to be a designed to answer many of the questions that you have asked. Hopefully someone on Slashdot has read the book and can tell you if it will help you in your effort to set up a wireless network at your local coffee shop.
Get a WiFi card (I got a Netgear MA311 refurb from Fry's for 30$), an old PC, configure it running FreeBSD to serve as an access point for your wireless network. Here's a great HOWTO:
Configuring a FreeBSD Access Point for Your Wireless Network
CB
free ipod and free gmail!
See the Linux Journal article at http://www.linuxjournal.com/article.php?sid=6887
Might as well stick with b, if a b/g radio sees a b signal, the speed drops for all. Unless you hard set it to "g-only" then you lose most of your "customers".
Unless you want to put in 2 radios, but this is tip jar.
A lot of what your talking about has been deployed to over 20 buisness locations and a horde more home sites here in Portland Oregon by a group called the Personal Telco Project.
http://www.personaltelco.net
We use NoCat on linux based boxes and it covers most of what your looking to do. You can set up Auth or simply a Splash, you can do throttling, shaping and the like, you can set up local content areas for biz and community use.
Its amazing what older PCs and low cost APs can do. Most of the stuff is easy to install, the few rough spots, like NoCat, have been feild tested and methodologies have been crafted to make it easier to set and and maintain.
Come on over to the url posted above for more information or head to #ptp on irc.freenode.net and ask for more info.
Poor little clams! Snap! Snap! Snap! Poor little clams! Snap! Snap! Snap! Poor little clams! Snap! Snap! Snap!
Further, it probably doesn't even require $500 for a PC capable enough to do the job...if you have any computer shows in your area, you could probably just pick up an old (but reasonably loaded) PIII box for ~$100-$150.
One caveat, however, which has bitten me on the ass before. Some wireless cards (esp. ones made by D-Link) are designed for use with PCI 2 compliant motherboards. Unfortunately, most Pentium III motherboards are based on PCI 1, and won't even "see" a PCI 2 card. Accordingly, before you shell out on a 802.11b PCI card, check that it will work in your "legacy" machine.
Tubal-Cain smokes the white owl.
Traffic shaping is available by default and pretty easy to set up, and it runs well on cheap old hardware. You could invest a lot of effort hardening a Linux install to match what OpenBSD has by default.
There's provision for requiring authentication on wireless connections. Even with a tip jar model you may want that.
Keep WEP turned off (yes, you just heard that from a security consultant!). WEP doesn't match your security model 'cause it assumes everyone using the same key trusts each other. Since it doesn't do what you need, it's not worth the cost in inconveniencing the customers.
Turn the power down on the access point. No need to provide service to people across the street or down the block.
I don't think the tip jar will pay for the setup, but I suspect customers may come and drink more coffee, so it'll be worthwhile even as a learning experience.
Go with 802.11b. Your internet connection isn't nearly fast enough to saturate 11Mb/s. Use an access point that goes to an ethernet card on the computer, which has another card that goes to the internet. If you want to run a wired or private network as well, hang a third card off the computer and make sure no one can go from the public network to the private one, only to the internet.
Then go wild with the linux. Be aware that the more programs you run, the more vulnerable you are to attacks. You'll be ssh'ing in every month to update the software if you use any new software that hasn't undergone the rigors of years of public internet testing.
Alternately, use an AP/Router combination. Make sure you don't skimp. Many have ability to block ports, limit usage, etc. You won't be able to prevent spammers as easily, but your ISP will tell you if that' becoming an issue. If so, put in a box later.
-Adam
you can do it with far less hardware.
... this is a freebie most anywhere... no hard drive needed just get frasierwall or freesco single floppy firewall distros... you MUST firewall off your wireless from you and your internet... consider it more hostile than the internet ever could be.
802.11b is the absolute maximum you should go. it's silly to go higher when your Internet access is slower than 802.11b with 10 users on that same access point.
next you need a firewall, a P-1 166 will do it perfecly and handle twice the load that you will ever see
now go to here and get their system that works great and will solve most all your worries.
Oh and be sure to survey your entire area to be sure there is good access in every sitting location but not much available outside your desired coverage area.
basically, if you already have a commercial T-1 or other business level internet access in your building you can get it installed and running for less than $200.00 in hardware and a couple of weekends of time.
Do not look at laser with remaining good eye.
http://www.linuxjournal.com/article.php?sid=6887
Modern 802.11g equipment, i.e. everything made or flashed after the standard was finalized, will support CTS. In a mixed b/g environment, this ensures that any device being cleared to send will be able to do so at its full speed.
What's more detrimental to speed is if someone talks on a 2.4GHz cordless phone or nukes something in the microwave.
Regards,
--
*Art
I would agree with you if the customers could benefit from the encryption, but since WEP doesn't support per-connection keys, they gain no security. A WEP key is (registration key kind of) long, so even if the customers know how to set it, it is an unnecessary burden. I'd hand out short simple one-time passwords with every beverage. Then redirect new/expired MAC addresses to a webpage where the customer enters the password (use HTTPS), upon which the webserver grants access for a limited time. This way you keep complete freeloaders and people who would make camels proud out. Don't use WEP, it creates a false sense of security.
This is exactly the approach I took when setting up a similar hotspot. I published some of the technical details here. We use mostly Netgear wireless routers, and a FreeBSD box for the core firewall/gateway.
Don't block UDP/500<->UDP/500 (ISAKMP), UDP/4500<->UDP/4500 (NAT-T), IP protocol 50 (ESP) and IP protocol 51 (AH). Same goes for TCP/1723 and IP protocol 47 (GRE). You don't want to keep out business people who need to access the company (IPSec/PPTP) VPN.
I don't think the tip jar will pay for the setup, but I suspect customers may come and drink more coffee, so it'll be worthwhile even as a learning experience.
Go with 802.11b. Your internet connection isn't nearly fast enough to saturate 11Mb/s. Use an access point that goes to an ethernet card on the computer, which has another card that goes to the internet. If you want to run a wired or private network as well, hang a third card off the computer and make sure no one can go from the public network to the private one, only to the internet.
Then go wild with the linux. Be aware that the more programs you run, the more vulnerable you are to attacks. You'll be ssh'ing in every month to update the software if you use any new software that hasn't undergone the rigors of years of public internet testing.
Alternately, use an AP/Router combination. Make sure you don't skimp. Many have ability to block ports, limit usage, etc. You won't be able to prevent spammers as easily, but your ISP will tell you if that' becoming an issue. If so, put in a box later.
It's misleading to quote this $10 number for Starbucks. Monthly all-you-can-eat is $30 ($20 for T-mobile cell phone subscribers). For this price, you're getting the use of every Starbucks and Borders hot-spot out there and you know there are a few around. If you're in any place of a reasonable size, you know you can find one pretty easily, and you know you can hop on with no hassles. If you go by the hour, then sure you're going to pay more, but unless you surf like once a month, you're not going to go that route. That'd be for people on travel and it's worth more that $10 to the business for the connectivity.
There are many things family-owned coffee-shops are good or better for, but let's not knock *$ gratuitously. And there are things definitely lacking in *$ HotSpot service, but clearly you're not interested in addressing connectivity issues, you're interested in a business model for hot-spot service. And to qualify that, the issues with HotSpot service are mainly due to it being platform-independent (read "works with Linux").
Whatever else you do, change the default password on the router.
Glonoinha the MebiByte Slayer
I used to hang out in a coffee shop called Bean Trader's in the Durham area, which has had free Wi-Fi at two locations for about a year and a half now. You should definitely check it out if you're in the area. Or, if you just want advice, call the owners, Dave and Christy, they are very friendly, and I'm sure they would be happy to tell you about their real-world expierience with this. (Tell them David and Amber say "hi.")
The owners are NOT techies, and installed Wi-Fi in their forst location basically as a favor for me and another customer (since then I moved, and he went to jail, but that's another sotry). Since then, however, thay have had no trouble maintaining it themselves, and have found it so successful, that they are planning to make it a permanent fixture at every store they open in the future.
Here's the formula they have found sucessful: A DSL connection for broadband internet (though a cable connection should work as well), and a combination wireless router/access point (they use Apple AirPorts, but there are cheaper models which would work fine too). That's it.
Yup, you heard me right - they don't even have a computer! The Wi-Fi is wide open, 24-7, for everyone to use for free. If the connection drops, they unplug the router and plug it back in, and if it that doesn't fix it, they call the DSL company and have them fix it. It cost them about $100 to start (for the router), and $50 a month for the access. They've told me that the increased business has paid for those expenses MANY times over, so even while their customers see it as a gift, the truth is it makes them lots of money. They have had almost no trouble at all with people hogging the line, or any of the other things which you might expect to go wrong.
And that business model actually makes sense if you think about it. Consider McDonalds playlands, for example. McDonalds is ALL about making money, yet the playlands are free. Why? Wouldn't it be more logical to charge a small fee to cover the cost of the playland? Logical, perhaps, but not profitable. Making the playland free brings more customers into McDonalds, and they make far more moneyu selling food to those customers than they ever would if they charged admission to the playland. It's the same deal at a coffee shop. Just think of Wi-Fi as a playland for adults, and the business model is identical.
Also, making it free has other perks for the business owner. When people pay for something, they expect a certain level of service. But it's not reasonable to expect coffee servers to do tech support of any kind. When the service is free, if someone has a technical problem, the server can say "sorry, its free, so we don't support it - try asking one of the other customers." I know it sounds odd, but it actually works well. When I used to hang out there, just a customer myself, I probably helped someone new configure their laptop wireless card at least two or three times a week. And it was a great way to break the ice and meet new people too.
Trust me, just throw a router/access point on a broadband connection and call it done. I've seen it first hand, and it works better than you think.
Hell block everything except http,https,ftp and DNS.
Great, so you can browse the web and transfer files to insecure sites. But then you can't send or receive mail, make secure file transfer (scp) or shell (ssh) connections, or use any kind of instant messaging client. In other words, if your idea of internet access is limited to passively absorbing web pages, you're covered, but if you were thinking of actually doing anything, it's useless.
If you want to avoid abuse of a tiny wireless network, what you're mostly going to be concerned about is bandwidth consumption. There are quite a few tools for controlling bandwidth consumption under Linux; check them out. If you aren't providing all available bandwidth to the first user who tries to hog it, neither Kazaa abusers or coffee-swilling part-time spammers are going to cause you much grief.
If you want to get a bit more fine-grained than that, there are a buttload of tools to help you monitor what your users are doing, and many of them are scriptable and can set off some kind of alarm if someone is behaving badly.
In any event, you'll offer a much better service if you block only those things which you want to always avoid from the outset, and install tools to help you detect and interrupt the occasional abuse of otherwise innocuous services.
Proud member of the Weirdo-American community.