New here, Intro, Thanks and a couple questions
-
First off I would like to say a big thanks to the devs and the helpful community here. It's nice to see an open source project with very helpful people, rather than a lot of "holier than thou" people who complain when someone asks questions, when the time/space could have been used just as easily giving a tip. I won't mention those projects here, but I'm sure you are familiar with those sorts of replies.
Just thought I would drop a note saying hello and say a little bit about why I'm here, etc.
I'm not a newbie to computers and networking, but I am by no means an expert. I've been meaning to check out an open source, more robust solution of a gateway than the average SOHO router for some time. I've recently landed a great ebay deal on a few components and figured now would be a great time to dive in. I did check out several other projects before coming here, and none of them seemed as "friendly" in community, documentation, and ease of use.
I'm in the planning stages of a small business and every thing I learn here will be carried along when setting up my network there. In fact this was the final driving force behind why I wanted to start learning now, as the business project is still several months away. My home network through these experiments will generally reflect what I want to accomplish with my business network except for actual hardware which will be more robust in the business.Here is what I have now…
PF Sense = 1 IBM 2ghz workstation PC with 1GB ram (sadly maxed out, but the computer was nearly free). Onboard LAN is the WAN port, Realtek based NIC x2, one for LAN one for opt1 which will be the "public" lan, including wifi.On the lan right now I have a 5 port unmanaged switch connected to two computers, a laser printer, and a label printer
On Opt1 I have a Netgear FS108P ($3 shipped on ebay) powering a Versa VX-AP400 pro ($10 ebay) and another computer to act like my "public terminal" in the small business setup. (Those are my ebay deals I couldn't pass up)One of the computers on LAN is running Open ERP as that's what I have decided to use in my small business for accounting, work orders, etc. The Open ERP server may eventually have to be carefully public facing if I need to review data from home once the business is running, but I might be able to do this with VPN.
What I hope to learn is this.
1 Setup wireless with captive portal so that customers have something to do while waiting. Limit the bandwidth in some way, except for a couple of known MAC addresses that are my equipment.
2 The public terminal will be so guests can register their repair. I may eliminate this and just enter everything myself as it is more customer friendly.
3 Allow my personal wifi connected devices to print to the network printers inside the LAN
4 Allow my personal wifi connected computers to have connectivity to the OpenErp server, but disallow wifi connected guests from access.
I think that's basically it. This will by no means be a heavy use install, and all my current components should be able to handle the traffic that I'm going to generate. Eventually once business funds are available, I would like to build the PF Sense box on some modern hardware that is power friendly.So far I am able to access the internet from LAN, and Wifi. I can print to all of my printers from LAN, but not wifi yet. I've been hitting my head against the wall with the captive portal setup, but I haven't spent much time trying to get it to work yet.
What I ask of the friendly community here is if you see any issues arising from my stated goals, and for any tips or pointers to more information so I can learn those things I would like to learn. I'm not asking to be spoon fed the information, because I would rather learn it and intimately know my setup so I can quickly find and fix problems that may arise. Also any suggestions to make my setup better on a shoestring budget would be greatly appreciated.
The one thing I could do to make things a little easier, is get a managed vlan capable switch because the Versa is able to serve several SSIDs and have them segregated onto different virtual lans. Would I need a new NIC to be able to use vlan? -
The Open ERP server may eventually have to be carefully public facing if I need to review data from home once the business is running, but I might be able to do this with VPN.
Always go the VPN route.
So far I am able to access the internet from LAN, and Wifi. I can print to all of my printers from LAN, but not wifi yet. I've been hitting my head against the wall with the captive portal setup, but I haven't spent much time trying to get it to work yet.
For your Wifi needs, use an external Wireless Access Point that will allow you to setup two WLANs / SSIDs (one for your own use and the second one for customers/CP) and pass them two separate VLANs. Unless you're doing this for educational reasons, you might consider avoiding the setup of a CP, and just change the password on the customers' WLAN once every few weeks.
-
The Open ERP server may eventually have to be carefully public facing if I need to review data from home once the business is running, but I might be able to do this with VPN.
Always go the VPN route.
So far I am able to access the internet from LAN, and Wifi. I can print to all of my printers from LAN, but not wifi yet. I've been hitting my head against the wall with the captive portal setup, but I haven't spent much time trying to get it to work yet.
For your Wifi needs, use an external Wireless Access Point that will allow you to setup two WLANs / SSIDs (one for your own use and the second one for customers/CP) and pass them two separate VLANs. Unless you're doing this for educational reasons, you might consider avoiding the setup of a CP, and just change the password on the customers' WLAN once every few weeks.
I will go the VPN route, thanks for confirming that's the best way.
The Wireless access point is http://www.versatek.com/products-and-solutions/wireless/indoor-access-points/vx-ap400pro-high-power-400mw-wireless-ap.html
So I guess I should source a cheap managed switch from Ebay and figure out how to use it after all.Major problem is that finding a reasonably priced wall wart for that access point is proving to be a challenge, and POE injectors I can't seem to find anything but very expensive ones that say they are fully 802.3af compliant. All the cheap ones I can find don't seem to list their specifications. And of course my POE switch isn't managed, so I don't think I can run multiple vlans through that for the access point.I'm almost hell bent on using the captive portal to limit bandwidth usage, terms of service agreement, hard time limit, device logging, and so on so they would have to reconnect, etc. just to help prevent abuse and help limit my liability if someone managed to do something nasty over my network. It will also be instructional for me, in case further business ventures require that knowledge such as a net-caffe or something like that.
Sorry I'm all on about "cheap" but right now my financial situation calls for that, because business funding is not available at the moment.
(Edit: I probably should have checked Versatek's site before saying that about the POE injectors. They have one that will work for my needs at a very reasonable price)