So we just replaced the comcast router with a motorolla surfboard. I want to get a switch hooked up to it so I can have 2 or 3 wifi networks set up. At the moment I only have Wireless G routers available but I’ll be able to find N ones (but we only get 35 mbps down on average anyways so this is mostly for connectivity TBH).
So the first router I want to have for family to hook up to. I want a PFSense box hooked to it and my parents able to do all their shit and for me to even have servers hooked up to it. I only have 2 machines as actual servers, so its not like I’ll need another switch.
Second router is basically just mine. Something to play with DD-WRT, install some i2p tools to it maybe, and play with it some.
Third router has no password and is set to 1mbps with a limit of 4 connections. Its purely for old computers that I put a wireless card into, a DS, and a PSP. I might even be a dick and put it on wireless A, but just make it something to be available because its always a pain in my ass when I can’t hook up a handheld from 10 years ago because it doesn’t have WPA2.
Is this a good idea? Would I be better off with multiple routers hooked up to the PFS machine? Let me know!
I’m not a fan of running open wifi without a password of any kind with access to the internet. So many ways that can go wrong, even if you put it on a separate VLAN. At least use WEP combined with MAC filtering to keep out the lazy opportunists you might otherwise attract.
I’d set the PFSense box as your main firewall/NAT router to the internet with a smart switch to split out your various VLAN’s you’ll want to have. Put the wireless routers in AP mode on the various VLAN ports you set up for them. I’ve heard that wifi performance on PFSense isn’t great (though if you are only using N networking it may be fine), I’d just set up external APs for each of my wireless networks myself. This would provide greater flexibility in placement of the antennas away from where the internet enter’s the home if need be.
Edit: Might also be a good idea to make a whitelist of services/IP that you will need to access on your “open” wifi network and only allow connections to those, could also help security somewhat.
Motorolla Cable Modem: Put this in “Bridge Mode”. You want it to do as little as possible.
PFSense Router: Plug this into the cable modem and use it as the router/NAT/firewall/dhcp. It sounds like you have all the ports you need on this, and you don’t have/need a separate switch. If that’s the case, plug your wireless routers, servers and other hosts into the LAN ports on the PFSense router.
Wireless Routers: Configure these as wireless hotspots only to avoid double NAT. I recommend mac address filtering if possible.
If you’re going to have an open wireless network, put it on it’s own vlan and lock it down.