Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Setting up a router/firewall. Not sure where to turn
New Posts  All Forums:Forum Nav:

Setting up a router/firewall. Not sure where to turn

post #1 of 3
Thread Starter 
Hello OCN Networking Gurus.

I have a location with a Netgear WNDR 3700 router that covers the whole building with WiFi. We have a machine running Windows 7 Ultimate w/ an i7-2600 and plenty of system resources that is wired in and always-on. The building also has a number of RJ45 ports scattered around.

We have a 25/5 line from ATT to the building. I need to create a system that can do the following:

1. Throttle bandwidth based on which SSID the user joins. We have two SSIDs: "NETWORK" and "NETWORK-Guest". I need to throttle NETWORK-Guest to only consume up to 10mbps of our 25 mbps down speed
2. Block certain websites from certain users. Facebook and YouTube need to be allowed for machines on our secured network but blocked for all those on the Guest network
3. Those on the guest network should NOT be able to see the rest of the network

The end result should be that those devices who join NETWORK should get unlimited access to the internet and all the bandwidth available. This network should be protected by a WPA2 password. The second network should block certain sites and be limited to 10mbps and have no encryption.

DDWRT, OpenDNS, and Tomato can NOT do these things. I've spent most of the day hunting around to find out how to create this with those options. It won't work, unfortunately.

Obviously, free solutions are better, but it it's cheap, i'll look into paid options.
Heisenberg
(10 items)
 
Redemption
(18 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core 2 Extreme @ 2.8GHz (upgrade) Intel GMA 950 2 x 2 DDR2 667MHz (upgrade) 120GB Mushkin ECO2 
Optical DriveOSMonitorPower
Replaced with 42 W/hr aux battery Mint 17.3 1280x800 Dell 65w Dell Adapter 
CaseOther
Latitude D630 Chassis Intel 7260-802.11ac 2x2 
CPUMotherboardGraphicsRAM
Not telling AsRock something Pixel Pusher 2 x 8 GB AMD Radeon RAM @ 1600mhz (All the VM's) 
Hard DriveHard DriveHard DriveOptical Drive
Crucial M4 128GB (8 second boot) Western Digital RE4 1TB Western Digital RE4 2TB Pioneer Blu-Ray Reader/Writer 
CoolingOSMonitorKeyboard
Cooler Master Hyper 212 Evo Windows 8.1 Pro x64 Dell U2713HM IBM Model M (CLICKY!!) 
PowerCaseMouseAudio
Antec HCG-900 NZXT Source 210 (it was cheap) Logitech G502 Schiit Modi 
AudioAudio
Sennheiser HD 598 M-Audio AV40's 
CPUMotherboardGraphicsRAM
Intel Core i5-4200U Microsoft BGA1168 Intel HD 4400 8 GB LPDDR3 Dual Channel @ 1600mhz 
Hard DriveOSMonitorKeyboard
SK Hynix 256GB SSD Windows 8.1 Professional 1920 x 1080p IPS Display Microsoft Touch Cover 2 
Power
48w PSU 
  hide details  
Reply
Heisenberg
(10 items)
 
Redemption
(18 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core 2 Extreme @ 2.8GHz (upgrade) Intel GMA 950 2 x 2 DDR2 667MHz (upgrade) 120GB Mushkin ECO2 
Optical DriveOSMonitorPower
Replaced with 42 W/hr aux battery Mint 17.3 1280x800 Dell 65w Dell Adapter 
CaseOther
Latitude D630 Chassis Intel 7260-802.11ac 2x2 
CPUMotherboardGraphicsRAM
Not telling AsRock something Pixel Pusher 2 x 8 GB AMD Radeon RAM @ 1600mhz (All the VM's) 
Hard DriveHard DriveHard DriveOptical Drive
Crucial M4 128GB (8 second boot) Western Digital RE4 1TB Western Digital RE4 2TB Pioneer Blu-Ray Reader/Writer 
CoolingOSMonitorKeyboard
Cooler Master Hyper 212 Evo Windows 8.1 Pro x64 Dell U2713HM IBM Model M (CLICKY!!) 
PowerCaseMouseAudio
Antec HCG-900 NZXT Source 210 (it was cheap) Logitech G502 Schiit Modi 
AudioAudio
Sennheiser HD 598 M-Audio AV40's 
CPUMotherboardGraphicsRAM
Intel Core i5-4200U Microsoft BGA1168 Intel HD 4400 8 GB LPDDR3 Dual Channel @ 1600mhz 
Hard DriveOSMonitorKeyboard
SK Hynix 256GB SSD Windows 8.1 Professional 1920 x 1080p IPS Display Microsoft Touch Cover 2 
Power
48w PSU 
  hide details  
Reply
post #2 of 3
You could effectively rig something with a managed switch and using VLANs. Disallow traffic from between internal VLANs and use a separate access point to facilitate guest access, with the switch port to the AP turned down to 10 mbit. You should be able to use something like OpenDNS just to facilitate the filtering, if you're more paranoid you can disallow outbound traffic on UDP53 except for toward the OpenDNS servers for hosts on that VLAN.

If you were using more enterprise-oriented gear, you could get away with using a single AP and trunking to it (also specifying specific VLANs to specific SSIDs).

Ideally you'd need:
Another AP
A managed or smart switch and/or a layer 3 device to route between VLANs and the WAN.

A DD-WRT device can route between subnets (I have one set up in my lab towards a 2960G with a few layers of broadcast domains). I'm not particularly well versed in IPtables though so it may involve a lot of googling and be more complex than a device made specifically for these types of deployments, such as an ASA 5505.
Edited by beers - 5/13/13 at 1:54pm
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
post #3 of 3
Thread Starter 
Thanks for the reply Beers. I have an older router that I could feed 10mbps only from the switch and point it at OpenDNS. Then blacklist everything I don't want and I would, in theory, have my solution....

I'll look into this further.
Heisenberg
(10 items)
 
Redemption
(18 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core 2 Extreme @ 2.8GHz (upgrade) Intel GMA 950 2 x 2 DDR2 667MHz (upgrade) 120GB Mushkin ECO2 
Optical DriveOSMonitorPower
Replaced with 42 W/hr aux battery Mint 17.3 1280x800 Dell 65w Dell Adapter 
CaseOther
Latitude D630 Chassis Intel 7260-802.11ac 2x2 
CPUMotherboardGraphicsRAM
Not telling AsRock something Pixel Pusher 2 x 8 GB AMD Radeon RAM @ 1600mhz (All the VM's) 
Hard DriveHard DriveHard DriveOptical Drive
Crucial M4 128GB (8 second boot) Western Digital RE4 1TB Western Digital RE4 2TB Pioneer Blu-Ray Reader/Writer 
CoolingOSMonitorKeyboard
Cooler Master Hyper 212 Evo Windows 8.1 Pro x64 Dell U2713HM IBM Model M (CLICKY!!) 
PowerCaseMouseAudio
Antec HCG-900 NZXT Source 210 (it was cheap) Logitech G502 Schiit Modi 
AudioAudio
Sennheiser HD 598 M-Audio AV40's 
CPUMotherboardGraphicsRAM
Intel Core i5-4200U Microsoft BGA1168 Intel HD 4400 8 GB LPDDR3 Dual Channel @ 1600mhz 
Hard DriveOSMonitorKeyboard
SK Hynix 256GB SSD Windows 8.1 Professional 1920 x 1080p IPS Display Microsoft Touch Cover 2 
Power
48w PSU 
  hide details  
Reply
Heisenberg
(10 items)
 
Redemption
(18 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core 2 Extreme @ 2.8GHz (upgrade) Intel GMA 950 2 x 2 DDR2 667MHz (upgrade) 120GB Mushkin ECO2 
Optical DriveOSMonitorPower
Replaced with 42 W/hr aux battery Mint 17.3 1280x800 Dell 65w Dell Adapter 
CaseOther
Latitude D630 Chassis Intel 7260-802.11ac 2x2 
CPUMotherboardGraphicsRAM
Not telling AsRock something Pixel Pusher 2 x 8 GB AMD Radeon RAM @ 1600mhz (All the VM's) 
Hard DriveHard DriveHard DriveOptical Drive
Crucial M4 128GB (8 second boot) Western Digital RE4 1TB Western Digital RE4 2TB Pioneer Blu-Ray Reader/Writer 
CoolingOSMonitorKeyboard
Cooler Master Hyper 212 Evo Windows 8.1 Pro x64 Dell U2713HM IBM Model M (CLICKY!!) 
PowerCaseMouseAudio
Antec HCG-900 NZXT Source 210 (it was cheap) Logitech G502 Schiit Modi 
AudioAudio
Sennheiser HD 598 M-Audio AV40's 
CPUMotherboardGraphicsRAM
Intel Core i5-4200U Microsoft BGA1168 Intel HD 4400 8 GB LPDDR3 Dual Channel @ 1600mhz 
Hard DriveOSMonitorKeyboard
SK Hynix 256GB SSD Windows 8.1 Professional 1920 x 1080p IPS Display Microsoft Touch Cover 2 
Power
48w PSU 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Setting up a router/firewall. Not sure where to turn