[OPLINTECH] Wi-Fi ports

Ed Liddle eliddle at marysvillelib.org
Thu Jul 3 08:50:26 EDT 2008 

We are using Public IP's premium service to manage our wireless hot spots. We have a cable modem with a built in 4 port switch. We have a firewall with a static ip address plugged into it, that allows the library's computers to get internet access. The cable modem has a dhcp server built into it and hands out a 192.168.1.x addresses. We have the public ip box plugged into the cable modem so it gets a 192.168.1.x address. This seperates the wireless from the library network since the static IP address of the firewall is different than the ip address of the cable modem and there is a hardware firewall in between them.
We started out allowing port 80, 443 and 110 ( the defualt open ports for the defualt class of users in public ip). Over time patrons would need more ports opened up for vpn access to work or for students to be able to log into their college website to do online class work, etc. We also require users to create a user name and password to use the wireless service. We do not require a library card to use it ( useful for out of town people). This allows us to get an idea how many people are using it on a monthly basis.
Now we have pretty much open access to all ports for new users and I adjust it on a as needed basis for exhisting users. Hotspots at coffee shops and other places I have found usually aren't very restrictive on what ports are opened and which ones are closed. Most wireless users are accustomed to this which allows most applications and sites to just work for them.

I hope this helps.
-Ed
________________________________________
From: oplintech-bounces at oplin.org [oplintech-bounces at oplin.org] On Behalf Of Avery Shifflett [shifflav at oplin.org]
Sent: Wednesday, July 02, 2008 10:04 PM
To: oplintech at oplin.org
Subject: [OPLINTECH] Wi-Fi ports

I’d like some opinions from library techs operating a Wi-Fi hotspot.
After receiving a suggestion from a patron who thought our wireless was
too ‘restrictive’, I’m curious what ports others leave open or closed.
Any reasons why you've chosen to close or open specific ports would be
appreciated.

In case you’re curious, here’s my current setup:
I’m running a Linux (SUSE) server with DansGuardian (a *great* filter,
amazingly fast and reliable, and of course…free).  On the wireless end, I
currently only allow http(80) and https(443) traffic.  Https traffic is
transparently forced through the filter (via wpad.dat & Squid) so I can at
least block by website name, since secure content cannot be analyzed.

99% of our patrons are quite satisfied and don’t feel restricted in the
least.   It may be restrictive to the other 1% who want FTP, VPN, etc.,
but I don’t want to needlessly compromise security or allow the filter to
be bypassed.

Thanks for any input.

Avery Shifflett
Technology Coordinator
Carroll County District Library
70 Second St NE
Carrollton, OH  44615
330-627-2613 - PHONE
330-627-2523 - FAX





_______________________________________________
OPLINTECH mailing list
OPLINTECH at oplin.org
http://mail.oplin.org/mailman/listinfo/oplintech

More information about the OPLINTECH mailing list