Topic: Block net access

[versa]

Hi guys, I know this has been asked many times before but i have not came across something that works for me. I have SME running on my home network but i have a long range wireless network connecting to other networks through a WRAP board,I want to control internet access by blocking all ip's and only allow acess to the ones I want in a list (I dont want the whole wan pulling net acess from me). I have tried this contrib from vanhees http://no.longer.valid/mylinks/singlelink.php?cid=169&lid=359 but it seems to work to a certain extent but when I allow a particlar ip to get access it allows everything  in that ip range, I know it was designed for 5.6 but I was wondering if anyone has got it to work on 6.0.1-01 or has there been an update for it to work on 6.0.1-01. It is a clean install with only system monitor and fetchmail added. Any help would be very welcome.

Will

[electroman00]

Hi versa

Which WRAP board?

[versa]

Hi electroman00
The WRAP board is from PC Engines at http://www.pcengines.ch/wrap.htm
but this only acts as a router for the network and for me to acess the network and give others access to my server i have to add a route through the server manager, clients on the network can access the ftp server on my server but I do not want to give everyone net access that why I want to block access to most as only a few that I have an agreement with can get net net access.

[electroman00]

Versa

What kind of range are you getting and what nic's are you using?

Also you might want to look at a radius server on sme.
Search for freeradius or radius.

[versa]

I have 2 relay nodes one on a hill running off batteries and a windcharger connecting to a link 20miles away then I have the other node at home 5 miles from the first node I am running agere hermies chipset cards 11b (i think they are orinoco clones), I was thinking about radius but it is a bit above me, it is easier to allow or deny an ip.

[electroman00]

I have 2 relay nodes one on a hill running off batteries and a windcharger connecting to a link 20miles

20 like in TWENTY wow!....
I'm just looking to get 3.

away then I have the other node at home 5 miles from the first node I am running agere hermies chipset cards 11b (i think they are orinoco clones),

Cool

 I was thinking about radius but it is a bit above me,

There's no fun in swimming in shallow waters.

 it is easier to allow or deny an ip.

Don't know much about it haven't had the time to test,
I was just watching it's dev closely.

[electroman00]

Veras

I assume your using a good size dish PTP.
I'm trying to get 3 miles with omni antennas.

I saw this setup here, where by they have
3 wireless nic's working together and their
getting a solid 3 miles omni.

Needless to say I wasn't able to get much info from him,
other then there are 3 nic's working together
and a look at the antennas. Short about 6" long.
He did let me go with him on a test drive to check the system.
It was an exellent signal (11mb 70db min) to 3
miles then it started to drop off.
We found a weak spot and he tweaked some setting at
the host and it filled the gap.
He had the road warrier tied into a GPS and entered
the coordinates and it filled the gap a little the first
time then he did it again and filled the gap right up.
The road warrior was a laptop w/usb wireless and GPS.
I wish I had more information on the host.
I know you can get 20-60 miles PTP with dishs and
stay legal, but omni is a total different story.

[versa]

We are using a mix of omni's and directionals the omni's are more for local access and even the 20mile link is to an omni at the moment but we have to put up a directional on the other side to get a better signal on that node as what we are getting useless not enough to do anything, directional is http://www.wi-pipe.com/2.4GHz/Specs/24%20SD27.pdf

[jgr]

What about trying ZoneCD from PublicIP?   http://publicip.net/   This allows various authentication and access arrangements. It would go on another (very minimal) box between your home access point and SME Server. After authentication, the users can set up a VPN tunnel to the SME server.

jgr

[versa]

Thanks jgr, that looks intersting I will have a closer look at it again, however I dont really want another pc in the attic, I'm sure that someone has had a need to do what I'm looking for.