Setting a different subnet for Wireless clients



  • Private Lan = 192.168.0.x , one of my PC needs to have an open share ( read and write access for workstations )

    problem Is that we also give wifi access to other people , sometimes they got infected systems which automatically infects the server…. ( last week got infected by w32.Sality.AT)

    is there a simple way so that clients who connects thru the wifi gets a different Ip range ? without using additional NIC ?



  • To do it properly you have to put the guests on a different interface+subnet. Then they can infect each other as much as they like, and you can control what they can access on the main LAN (or block all access to the main LAN). For that you have to have another NIC or a VLAN-capable switch (to securely use a NIC  to share 2 interfaces/VLANs).

    You can do messy things with subnet masks, so that some groups of devices on the LAN don't actually talk to each other successfully. But anyone with their own device can set their own IP address/mask to get around that. So it can be a poor-mans kind-of solution that helps stop casual user devices from messing your real network. But it is never secure against people who actually intend to attack you.

    Of course the other advice is don't have open writeable shares!


Log in to reply