Hi everyone!
I’m new here, and I’d like to ask you guys a few questions about setting up a wireless system in a student hostel.
First, i describe the current wired system:
- we have a C class public subnet (let’s call it x.y.z.0/24)
- on this subnet, we have a PC router (running debian, x.y.z.254/24)
- the same debian machine runs iptables, DNS and DHCP services
- users need to register their MAC addresses, only the appropriate MAC-IP get passed thru iptables
- static DHCP service for those MAC-IP pairs
Now, we’d like to extend this system with a wireless AP, so laptop users could connect without the wires.
Requirements:
- everyone should get the SAME IP as they get using the wired connection
- NO NAT, NO ipmasq, etc. Users need public addresses.
- some kind of encryption, or user management (plain MAC-based auth. is not enough, as MAC addresses could be easily be retrieved and cloned using wlan sniffers) Like PPPoE or Hotspot.
- radius authentication using freeradius
- static DHCP for the wlanMAC-IP pairs (by the RB itself, not the real DHCP server)
I have a RB133 with R52 card, and Level 4 software.
I think I have to bridge ether1 and wlan1 together, but catch DHCP requests from wlan before they reach the x.y.z.254 server, and answer the requests by the RB, using the Radius database (and of course configure iptables on x.y.z.254 to let pass the given IP also with the WLAN MAC)
Am I right about this? If I am, please help me, how to do this? Maybe “brouting”?
After I do this, my users will be able to connect, but there’s no security. Now, I have to set up Hotspot or PPPoE. Which one should I choose?
What about the performance? I’ve tried to bridge ether1 and ether2 together, and download large file through this bridge, and I got 35-40 Mb, instead of the normal 100 Mb. Is that normal?
Thanks for your help!
Sincerely,
Petya