Best conf for public/guest wi-fi network
-
I finally got around to setting up our public wifi network. It's not really public, it has a WEP key on it, but it's what we give out to guests when they come in and we don't want them on our same network.
I set up OPT1 to go to a Linksys WAP on a different subnet and created a single firewall rule that allows all traffic from OPT1 to anywhere except the LAN. So, it's working well, because the networks are independent of each other and behave as two separate LANs. But I'd like to tighten up the security more.
I'd like to block all outbound traffic on OPT1 except for a few ports. But, I don't know what a good set of ports is. I tried searching on Google for "open firewall wifi ports" with the intent of looking for a how to article on setting up a wifi hot spot but because of the search terms I didn't find anything useful.
Other than 80, 443, 25, what would you recommend? Where can I find a list of protocol numbers? I'd like to have AIM open and other things, but what are other port numbers you guys have found people want open when they're on a restricted network?
Thanks!
-
I have also used OpenDns to filter categories and prevent port 53 except to Opendns servers and set DHCP to use Opendns for dns addresses. Just filtering ports does not fit it all since many apps transmit there data optionally over port 80. You could also use traffic shaping to prevent users using p2p apps from bringing your internet connection to a crawl. I also perfer to use the portal page (https)+ username and password and have the user be presented with a disclaimer which at the bottom they must type I ACCEPT or the button stays greyed out. I can show you an example of Java script if interested about the I ACCEPT function.
-
Hi,
How about ports for IRC , say 6667?
OTOH, if you decided to open ports for *IM and, you may not consider to deploy upnp so that *IMs would not get fully functional, normail chats(typing) are okay but voice/video and/or file transfers will suffer.
That's my only .02$ worth. :)
cheers,