Most routers now include "Guest" access that limits their access to the Internet only. That way you can temporarily setup an open WAP just for the guests and turn it off when the holidays are over. Basically firewalls the intranet.
I didn't find DD-WRT to be very difficult, mostly because it was supplied by the manufacturer as the alternate firmware. I used the DD-WRT forum rather than depending on the manufacturer.
The problem with proprietary firmware is the manufacturer eventually gets bored with supporting it because they rather you bought something new, which in turn makes them money. Supporting the old hardware costs them money. With DD-WRT (or similar), you can get upgrades until the thing breaks.
All these proprietary firmware are a bit different. With DD-WRT, many people are running the same firmware so getting help via the internet is easy.
I've set up a few Linksys routers for people. What I don't like is they try to automate the installation. I rather RTFM. I'd also prefer the modem manufacturers made models without firewalls or other stuff in them.
I was recently going to try and install a small wi-fi network, with just two smart HDTVs on the wifi and another two devices hardwired. However the network was to be isolated - i.e. no connection to the internet. The Linksys N300 I bought would not even configure without an internet connection, leaving me to redesign the system entirely!
Cisco/Linksys had this grand scheme to "attract" users to Cisco Connect, their internet cloud and security service. As part of the scheme, the initial release of their routers required internet access in order to configure them. Cisco has admitted that this was a truly stupid idea and offers a firmware upgrade that eliminates the requirement. I'm not sure which model is the N300. The N300 defines the capabilities of the router. The real model number is E900 thru E4500. Go to the web page for the router, download the latest "Classic" firmware, install, and configure offline happily ever after.
"How to roll back the Cisco Cloud Connect Firmware Update" "Rolling back the Router firmware to the Classic Linksys Smart Wi-Fi Router web interface"
-- Jeff Liebermann jeffl@cruzio.com 150 Felker St #D http://www.LearnByDestroying.com Santa Cruz CA 95060 http://802.11junk.com Skype: JeffLiebermann AE6KS 831-336-2558
No. It will not configure without a NETWORK connection. It does NOT "require" an Internet connection at all.
When you open your browser to access it, you point it toward a local address, not an unavailable Internet address.
There was no need to 'redesign the system' at all.
I found DD-WRT to be a bewildering array of versions for different versions of the WRT54G. And extremely detailed flashing tutorials that conflicted with one another. Generously sprinkled with warnings that if you didn't flash this before you flashed that, you'd brick your router...unless you'd flashed that other thing which also bricked your router...unless you had version 6 which always bricked your router...
Tomato was one file that worked on any version and just worked with one click.
The advantage to DD-WRT was that it claimed to be able to support isolated simultaneous wireless subnets with different security levels. That's what I really wanted. But reports suggested that it didn't work yet...Haven't looked in a few months.
If anybody has made that work, I'd like to hear about it.
Not adequate if they download something with a trojan, which kids always do.
Put the wireless outside your firewall, in a DMZ.
You need another wireless router.
Your ISP goes into its WAN port. One of its LAN ports goes into the WAN port of your existing router. Your PCs are connected to the existing router. All other ports in the house that somebody might plug into are on the ports of the wireless router, which is ouside your LAN.
For absolute isolation between 2 LANs you need a Y configuration, with 3 routers, but the kids aren't going to mount that kind of attack.
-- Reply in group, but if emailing add one more zero, and remove the last word.
I'm all password-protected as well, so I'm good.
BTW, This Medialink device (b/g/n) is the cat's meow. The house is stucco over very heavy mesh, with my office area almost surrounded by that stuff, but no connection problems what-so-ever. ...Jim Thompson
--
| James E.Thompson, CTO | mens |
| Analog Innovations, Inc. | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| Phoenix, Arizona 85048 Skype: Contacts Only | |
| Voice:(480)460-2350 Fax: Available upon request | Brass Rat |
| E-mail Icon at http://www.analog-innovations.com | 1962 |
I love to cook with wine. Sometimes I even put it in the food.
That won't stop trojans. You need a gateway router between the 'public' LAN and your LAN.
-- Reply in group, but if emailing add one more zero, and remove the last word.
LAN
You can firewall it with a dual port Linux router.
Most high end routers are just embedded Linux or BSD (better networking) ma chines. So, why not just build one yourself. An old PC with 128M or 256M ram should be more than enough for it. Most PC comes with ethernet port fo r up stream and all you need is a WiFi adaptor for down stream traffic.
I am using a Ralink RT5370 USB 802.11b/g/n, which is widely avaiable for le ss than $10. The driver source is available on Ralink's site, which should be compiled as a module (around 700K binary). The kernel (i use 2.4.31) i s available everywhere in Linux mirrors. It should be compiled with suppor t for wireless modules. I have it running on a 1G compact flash drive.
Once you have the "ra0" interface ready, you can run DHCP and serve any WiF i devices. I also have Apache web service and Samba file service on it, so it can stream multiple video files on an external USB drive. The local vi deo files keep the kids occupied and away from killing the internet bandwid th.
For the same reason I don't use a PC running DOS in 512k as an alarm clock, even though it would make a very good alarm clock.
-- Reply in group, but if emailing add one more zero, and remove the last word.
Neither: Buffalo.
So, you just had to show up to sling more shit. That's so sad.
Suffer the poor village idiots, for they shall inherit the patty >:-} ...Jim Thompson
--
| James E.Thompson, CTO | mens |
| Analog Innovations, Inc. | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| Phoenix, Arizona 85048 Skype: Contacts Only | |
| Voice:(480)460-2350 Fax: Available upon request | Brass Rat |
| E-mail Icon at http://www.analog-innovations.com | 1962 |
I love to cook with wine. Sometimes I even put it in the food.
Hopefully before it's dry.
I apologize for not responding earlier, but I've been busy.
The simple solution is add a WiFi router to one of you spare ports. Configuration would be simple and would keep you present network intact. Given you seem to have a relatively large house, you might want to add two WiFi's and them have for the "kids" that they could go outside ans still play with whatever "toys".
Larry
If your present router is secure, you need not worry about whatever hangs off the end. Just as your provider does not concern itself about your equipment nor your neighbors equipment, you need not worry about whatever router security hangs off your present router. Thus, just give the WiFi a good secure password, configure your various relatives equipment when they visit and leave your present secure system alone. When the visitors leave, unplug.
Larry
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.