1

I'm tinkering with IoT (arduino + wifi shield) and I'm also for an open (read free) internet. Both these things would be helped if I could create a free (no password etc.) wifi hotspot (my IoT thingies would connect nicely and strangers could use it too).

My actual network setup is a DSL-box which comes with an integrated router (and 4 ethernet ports, FWIW it's a French "freebox"), I have connected a switch to it and everyone jacks into that switch:

-----telephone line-----DSL_Router---Switch <-everyone connects here

Now if I attach (say) a Raspberry-Pi with a wifi hotspot to it, my security will be compromised as any anonymous person connecting to the free wifi hotspot can access my private network.

I know I can buy 2 routers (say 2 Raspberry) and create two local networks behind the DSL router, one private and one public but it's obviously more work/hassle/expensive/error prone/... so is there some way to make the Raspberry send all it's requests towards the DSL-Router and not into the local network?

Thanks for your time!

Julian Knight
  • 14,749
  • 3
  • 31
  • 46
Valmond
  • 153
  • 1
  • 7

1 Answers1

1

The common answer to this issue is to create Virtual LAN's (VLAN) to segregate the traffic. If your router supports this feature, it is fairly easy to set up. However, normally you would use the WiFi feature of the router or a dedicated WiFi AP to provide the entry to the unsecured VLAN.

In your case, you need to ensure that all unsecured traffic is encapsulated and sent straight out of the router. You can do this by using the Pi as an internal router. All traffic from the WiFi interface will be routed to the DSL router and, as you've commented, all other internal routes will be blocked.

You can make this a little easier to maintain by using a non-Internet routable address range on the WiFi network outside of the 192.168.x.x range. 10.x.x.x would be suitable.

Julian Knight
  • 14,749
  • 3
  • 31
  • 46