Slashdot Mirror
Ask Slashdot: Best Way To Leave My Router Open?
generalhavok writes "I read the story on Slashdot earlier about the EFF encouraging people to leave their WiFi open to share the internet. I would like to do this! I don't mind sharing my connection and letting my neighbors check their email or browse the web. However, when I used to leave it open, I quickly found my limited bandwidth dissappearing, as my neighbors started using it heavily by streaming videos, downloading large files, and torrenting. What is an easy way I can share my internet, while enforcing some limits so there is enough bandwidth left for me? What about separating the neighbors from my internal home network? Can this be done with consumer-grade routers? If the average consumer wants to share, what's the easiest and safest way to do it?"
It's absolutely possible and fairly easy these days with out of the box router firmwares, or if yours doesn't support QoS (Quality of Service), then you can potentially put on an open-source firmware -- DD-WRT to provide that ability and much more. QoS lets you designate classes of traffic, such as streaming, gaming, and other protocols, or particular devices on a WAN or plugged into the router itself and set priorities for them. Doing this, you can share your WiFi AP (good for you!), but also get the lions' share of your bandwidth when you are wanting to use it.
Be very, very careful what you put into that head, because you will never, ever get it out. -Thomas Cardinal Wolsey
Here's the way we do it
We have an old router which is plugged into a spare port on our optical switch (fiber to the home), and has an open wireless G for anyone to use, configured to assign DHCP addresses from 192.168.200.x where x is 175-200, and with SSID of "All Connections Logged". Our newer router is plugged into a different port on the optical switch and assigns DHCP addresses in the range 192.168.100.y where y is 100-125, and our home net is connected to this one by cat6 cables and encrypted wireless N (MAC filters, hidden SSID, long key, blah blah). Each of these routers has a different public IP address assigned by the ISP, and they both maintain logs of MAC addresses connecting to them, so we don't worry too much about misbehaving outsiders - there have been none so far.
FWIW, we have no usage caps on our 100Mbps fiber connection, so leaving a 54Mbps wireless-G open to passers-by does us no harm economically. In principle we could set it to 11Mbps Wireless-B, but we have never had a bandwidth hog connecting. Incidentally, our ISP gives us up to 8 public IPv4 addresses, of which we use 3-5: the IP-TV box uses the third, and work-related laptops sometimes use one or two more (via cat6 to another port on the optical switch).
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
In any sharing setup, which is the advice the poster is looking for, non-authenticated traffic should always be on a distinct VLAN, with no access to the network used by authenticated traffic, or any ability to access the router config interface(s). All they need to see is their own system and the public internet. Segregating each non-authenticated user from other non-authenticated users isn't a personal security imperative; but it is polite.
To deal with the bandwidth issues, that non-authenticated VLAN should, naturally, have a QoS priority below any authenticated traffic(possibly with a small slice of guaranteed bandwidth, if you are a really nice guy and your authenticated traffic frequently saturates the line..)
Most consumer routers won't let you do that with stock firmware; but openWRT can likely help you out, with the right firmware.
Worst case, it is often possible, with better stock firmwares, to at least set up the VLAN and QoS side of things, and then just hang a $20 cheapy router off the VLANed port on the primary router. Ugly; but cheap and easy and doesn't require any software support for multiple SSIDs or the like.
That's a contract with your service provider (and a rather weak one, at that, since it's probably a "contract of adhesion"). It has nothing to do with the legality of sharing your connection.
Violating your contract with your ISP -- if you have -- is purely a civil matter, and has nothing to do with anything else being discussed here. And it definitely does not make you a criminal.
In your Firefox profile there's a file called
, which has a table with a list of visited URLs. Writing a script to extract those URLs, filtering the domains, removing duplicates and formatting the list in a way that can be read by the filter shouldn't be too hard.
Dilbert RSS feed