Adding wireless router to domain (only for internet access, no other resources)

emajin

Distinguished
Oct 13, 2008
2
0
18,510
I have a domain with active directory that I would like to add a wireless network for guests and coworkers to connect to.



I only want to have internet access through this wireless connection, and no network resources able to be accessed.



We have a proxy/web server that our hardwired workstations connect through for web browsing.



Could someone give me some guidance as to what I need to put into the router to allow people to browse the web wirelessly?



We have class B - 172.16.x.x network, with static business DSL for additional information.
 
If you plan to replace your main router that has direct internet access you can get a router that has "guest" ssid ability. Many of these have a option to only allow access to the internet.

Now if you are just going to add a wireless device to your network you are going to have to use security filters. In your case you would want to only allow connection to the proxy server. You would then have to instruct people how to set the proxy. There are many routers that have security filter ability.

The second option I would tend to prefer since it is not wide open internet and you have a proxy server to prevent most abuse. Problem will be if someone wants/needs to run a IPSEC based VPN.
 
So do you I put the web server/proxy IP in the "Internet Setup" portion of the router and then give the LAN side of it a static IP?
 
The method I know will work would be to put a router in as normal. Put the WAN ip as some ip in your current subnet with a proper gateway. You would then create a new lan say 192.168.200.1/24 and set the DHCP server to give out 192.168.200.xx ip to your "guest" network. You then put in a security rule that says only allow traffic to the proxy server. You then must configure each pc to use that proxy. From the proxy viewpoint all the users will come from the same IP that of the router.

A second method that may work would be to define the router as a AP. This makes it transparent. The users would get their IP from your main dhcp server...ie they would be on the same network as all your devices. The key part I do not know if you can do is put security filters in that restrict traffic to go only to the proxy. Many of these devices can only filter traffic wan-lan traffic. In addition you would have to put in a couple of other security rules for example you would have to allow the devices to talk to the DHCP server to accept the ips they were offered.