[OPLINTECH] Wi-Fi ports

Bob Neeper neeperro at oplin.org
Thu Jul 3 08:15:38 EDT 2008 

We use IPCop so the wireless will bypass the internal network completely.

Our setup:
A Linksys wireless router and a Linksys access point connects to a hub.
The hub goes to ZoneCD for a acceptance page.
ZoneCD connects to IPCop (Blue) then to the internet (Red).
Internal network connects to IPCop (Green) then to the internet (Red).

No restrictions on the wireless side after the acceptance page is ack'd.
A problem is, certain companies use a VPN setup and they can't 'see' the
ZoneCD acceptance page.
I could add their MAC address to ZoneCD but generally point to the coffee
shop across the street.

Also wireless can't print to our printers. I might add one sometime.

DansGuardian can also be in IPCop

ZoneCD, IPCop (both free s/w) and our server's are mostly in a virtual host
pc.

I scan the IPCop logs for bad site visits.
May use NIMA, Wireshark etc if needed.


There is more but you should get the idea.

Level 9 Networks set up most of this for us.


R. W. (Bob) Neeper     Cell: (740)-407-3572
Community Library
44 Burrer Dr.
Sunbury, Oh 43074
Tel:  (740)-965-3901

-----Original Message-----
From: oplintech-bounces at oplin.org [mailto:oplintech-bounces at oplin.org]On
Behalf Of Avery Shifflett
Sent: Wednesday, July 02, 2008 10:04 PM
To: oplintech at oplin.org
Subject: [OPLINTECH] Wi-Fi ports


I’d like some opinions from library techs operating a Wi-Fi hotspot.
After receiving a suggestion from a patron who thought our wireless was
too ‘restrictive’, I’m curious what ports others leave open or closed.
Any reasons why you've chosen to close or open specific ports would be
appreciated.

In case you’re curious, here’s my current setup:
I’m running a Linux (SUSE) server with DansGuardian (a *great* filter,
amazingly fast and reliable, and of course
free).  On the wireless end, I
currently only allow http(80) and https(443) traffic.  Https traffic is
transparently forced through the filter (via wpad.dat & Squid) so I can at
least block by website name, since secure content cannot be analyzed.

99% of our patrons are quite satisfied and don’t feel restricted in the
least.   It may be restrictive to the other 1% who want FTP, VPN, etc.,
but I don’t want to needlessly compromise security or allow the filter to
be bypassed.

Thanks for any input.

Avery Shifflett
Technology Coordinator
Carroll County District Library
70 Second St NE
Carrollton, OH  44615
330-627-2613 - PHONE
330-627-2523 - FAX





_______________________________________________
OPLINTECH mailing list
OPLINTECH at oplin.org
http://mail.oplin.org/mailman/listinfo/oplintech

More information about the OPLINTECH mailing list