Buffalo/DD-WRT Guest Wireless Access

I have a trusted neighbor that can not get broadband. No way, no how...I'm the last pole on the line and had to pay $1500 to get it there. He's too far away, as confirmed by the one provider in the area. I got it because he signed an easement allowing the provider on his property so that I could get it. (lots of land, in the woods).

If I aim a 'Cantenna', connected to one of my 3 antenna ports, at his house, he can see the signal. I have DD-WRT running. Researching the issue it looks like I would need to create a VLAN if I want to keep him off my network entirely, but allow internet. The Buffalo forums are woefully lacking in VLAN setup instructions. I searched DD-WRT forums as well, but came up with 100 different ways to 'try' it. Has anyone here setup a VLAN (or VAP...I've seen different nomenclature) with a Buffalo WZR-HP-G450H or WHR-HP-G300N with DD-WRT Chipset: Atheros AR7242 rev 1.1 (0x1101)? I have to stick with the DD-WRT as it has features I need...the OEM firmware has a 'Guest Access' feature...but it's got to able to be done with DD-WRT...

Or, if I have to go the 'allowed on my regular subnet route', are there any iptables commands, that can be entered into DD-WRT, that would prevent my personal machines from being visible/accessable? I would know which computers were his, and could assign static leases. I also assume that firewall rules on each computer could be setup.

I'm aware of all the stuff I need to wary of, I'm just looking for how *you* would do it, from best to least ways, if you were going to do it.

Thanks,

PD

 

Well, if this were legal (and it is not!) I would use a separate router for him to isolate his network (his side of his router) from your network (your side of your router). Then you can configure your router to only allow access to your networked devices.

But as this is technically called "theft of services", it is illegal for him to "steal" Internet service from you, and it is illegal for you to provide it (and together, this "plot" with your neighbor is a "conspiracy" to commit fraud. That is, assuming you have a standard "residential" contract with your ISP.

If you have a business contract with your ISP where it is understood by your Internet provider you will be providing access to people who do not live at your residence, then this is legal. But it is unlikely you have this type contract for your home.

So while I understand you are trying to be neighborly, I recommend you forget it and suggest your neighbor look at alternative solutions - like satellite access - or move closer to town.

 

Thanks Bill. Strangely, in the haste to get this working, I didn't even think about that. I was thinking about "what if I just set a VLAN/VAP as open and he hit it with a yagi (which is still probably against TOS...I wonder...see a lot of open AP's?...) But yeah, I think I'll just forget this. Thanks again.

PD