A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

How many subnets in a typical McDonalds?



 
 
Thread Tools Display Modes
  #1  
Old July 16th 17, 10:08 PM posted to uk.telecom.broadband,uk.comp.homebuilt
Adrian Caspersz
external usenet poster
 
Posts: 49
Default How many subnets in a typical McDonalds?

If I wander in there with n devices connected to their wifi, can the
interfaces talk to each other as well as the net?

I'm hoping the answer is no... as I'm dreaming up a shared internet
facility trying to keep student users roughly isolated on a simple
switch (no VLAN support).

Current plan is multiple DHCP leases, all individually on their own
local lan subnets, each subnet connected to the internet but nowhere else.

Does anyone do an out-of-the-box software build for this DHCP that runs
on a rPI? Extra points if it has a nice GUI....

.... or I'll have to sit down and script one for DNSmasq

--
Adrian C
  #2  
Old July 16th 17, 10:21 PM posted to uk.telecom.broadband,uk.comp.homebuilt
Graham J[_2_]
external usenet poster
 
Posts: 566
Default How many subnets in a typical McDonalds?

Adrian Caspersz wrote:
If I wander in there with n devices connected to their wifi, can the
interfaces talk to each other as well as the net?

I'm hoping the answer is no... as I'm dreaming up a shared internet
facility trying to keep student users roughly isolated on a simple
switch (no VLAN support).

Current plan is multiple DHCP leases, all individually on their own
local lan subnets, each subnet connected to the internet but nowhere else.

Does anyone do an out-of-the-box software build for this DHCP that runs
on a rPI? Extra points if it has a nice GUI....

... or I'll have to sit down and script one for DNSmasq



A 32-bit subnet mask should solve the problem ...

-- Graham J



  #3  
Old July 16th 17, 10:26 PM posted to uk.telecom.broadband,uk.comp.homebuilt
Andy Burns[_5_]
external usenet poster
 
Posts: 151
Default How many subnets in a typical McDonalds?

Graham J wrote:

Adrian Caspersz wrote:

If I wander in there with n devices connected to their wifi, can the
interfaces talk to each other as well as the net?


A 32-bit subnet mask should solve the problem ...


But how's he going to control what subnet mask McDonalds issue to their
customers?
  #4  
Old July 16th 17, 10:49 PM posted to uk.telecom.broadband,uk.comp.homebuilt
Graham J[_2_]
external usenet poster
 
Posts: 566
Default How many subnets in a typical McDonalds?

Andy Burns wrote:
Graham J wrote:

Adrian Caspersz wrote:

If I wander in there with n devices connected to their wifi, can the
interfaces talk to each other as well as the net?


A 32-bit subnet mask should solve the problem ...


But how's he going to control what subnet mask McDonalds issue to their
customers?



It's not MacDonalds that is the issue - it is his own DHCP server. He
needs one that is properly configureable so that IP addresses are issued
from a defined scope but with a 32-bit subnet mask. Unlikely he can do
that in a basic router, so he needs a proper DHCP server.

I don't know what MacDonalds do, but most PC or Mac devices need
something other than the TCP/IP stack to actually make themselves
visible to applications; and these are often disabled by default on
networks defined (by the user, usually by default) as public.

But ultimately network security is a matter for the user, not for the
provider of the internet connection.


-- Graham J

  #5  
Old July 16th 17, 10:50 PM posted to uk.telecom.broadband,uk.comp.homebuilt
Adrian Caspersz
external usenet poster
 
Posts: 49
Default How many subnets in a typical McDonalds?

On 16/07/17 22:26, Andy Burns wrote:
Graham J wrote:

Adrian Caspersz wrote:

If I wander in there with n devices connected to their wifi, can the
interfaces talk to each other as well as the net?


A 32-bit subnet mask should solve the problem ...



But how's he going to control what subnet mask McDonalds issue to their
customers?


Nope, that was a badly put example.

Mcdonalds would be giving each user a publicly allocated IP address. No
NAT and hence 32-bit mask.

I'm (cheapskate) using NAT from an single issued public IP address, and
trying to fit multiple users to that. So multiple subnets with a 30-bit
mask as I'll need the broadcast IP as well as the host/client.

(If I've understood this right..)

--
Adrian C
  #6  
Old July 17th 17, 12:26 AM posted to uk.telecom.broadband,uk.comp.homebuilt
Andy Furniss
external usenet poster
 
Posts: 50
Default How many subnets in a typical McDonalds?

Adrian Caspersz wrote:
If I wander in there with n devices connected to their wifi, can the
interfaces talk to each other as well as the net?


I think they would use client isolation on their access point which
probably works at mac level rather than IP.

I'm hoping the answer is no... as I'm dreaming up a shared internet
facility trying to keep student users roughly isolated on a simple
switch (no VLAN support).


Not wireless then? So they won't really be isolated if one of them wants
to subvert your set up.

Current plan is multiple DHCP leases, all individually on their own
local lan subnets, each subnet connected to the internet but nowhere
else.
Does anyone do an out-of-the-box software build for this DHCP that
runs on a rPI? Extra points if it has a nice GUI....

... or I'll have to sit down and script one for DNSmasq

  #7  
Old July 17th 17, 07:03 AM posted to uk.telecom.broadband,uk.comp.homebuilt
Henry Law
external usenet poster
 
Posts: 40
Default How many subnets in a typical McDonalds?

On 16/07/17 22:08, Adrian Caspersz wrote:
If I wander in there with n devices connected to their wifi, can the
interfaces talk to each other as well as the net?

I'm hoping the answer is no... as I'm dreaming up a shared internet
facility trying to keep student users roughly isolated on a simple
switch (no VLAN support).


The small community centre for which I'm "IT manager" (who I manage
other than myself I'll leave as an exercise) has a Cisco small-business
router at the heart of the network. It supports multiple VLANs and in
the definition of each there's a tick box which enables or disables the
ability for any host on that VLAN to see any other. With that facility
enabled all that a visitor's phone or laptop, connected casually by
wifi, can see is the router itself for the purpose of connecting to the
internet.

Would that facility meet your need?

--
Henry Law n e w s @ l a w s h o u s e . o r g
Manchester, England
  #8  
Old July 17th 17, 09:07 AM posted to uk.telecom.broadband,uk.comp.homebuilt
[email protected][_2_]
external usenet poster
 
Posts: 3
Default How many subnets in a typical McDonalds?

On 16/07/2017 22:08, Adrian Caspersz wrote:
If I wander in there with n devices connected to their wifi, can the
interfaces talk to each other as well as the net?

I'm hoping the answer is no... as I'm dreaming up a shared internet
facility trying to keep student users roughly isolated on a simple
switch (no VLAN support).

Current plan is multiple DHCP leases, all individually on their own
local lan subnets, each subnet connected to the internet but nowhere else.

Does anyone do an out-of-the-box software build for this DHCP that runs
on a rPI? Extra points if it has a nice GUI....

... or I'll have to sit down and script one for DNSmasq


Its virtually impossible to secure the wireless side.
You can make it more difficult but someone with the will and knowledge
can break it in a matter of seconds to hours depending on what you setup.

There is nothing you can do to stop people monitoring the wireless and
its easy to crack the current encryption standards.


If you want security you *need* to only allow access to a VPN server
with strong encryption. Then the server rules determine who can access what.


If all you want to do is stop wireless clients talking to each other
then look for an AP that has a setting to prevent this. My old netgear
had such a setting. Once set clients could only see the wired side and
not other wireless clients.

You probably need to download the manual and look as its doesn't appear
as a feature in the sales stuff on many AP.
  #9  
Old July 17th 17, 10:55 AM posted to uk.telecom.broadband,uk.comp.homebuilt
Johnny B Good
external usenet poster
 
Posts: 1
Default How many subnets in a typical McDonalds?

On Mon, 17 Jul 2017 09:07:23 +0100, [email protected] wrote:

On 16/07/2017 22:08, Adrian Caspersz wrote:
If I wander in there with n devices connected to their wifi, can the
interfaces talk to each other as well as the net?

I'm hoping the answer is no... as I'm dreaming up a shared internet
facility trying to keep student users roughly isolated on a simple
switch (no VLAN support).

Current plan is multiple DHCP leases, all individually on their own
local lan subnets, each subnet connected to the internet but nowhere
else.

Does anyone do an out-of-the-box software build for this DHCP that runs
on a rPI? Extra points if it has a nice GUI....

... or I'll have to sit down and script one for DNSmasq


Its virtually impossible to secure the wireless side.
You can make it more difficult but someone with the will and knowledge
can break it in a matter of seconds to hours depending on what you
setup.

There is nothing you can do to stop people monitoring the wireless and
its easy to crack the current encryption standards.


If you want security you *need* to only allow access to a VPN server
with strong encryption. Then the server rules determine who can access
what.


If all you want to do is stop wireless clients talking to each other
then look for an AP that has a setting to prevent this. My old netgear
had such a setting. Once set clients could only see the wired side and
not other wireless clients.

You probably need to download the manual and look as its doesn't appear
as a feature in the sales stuff on many AP.


The Tweepadock in the room is that this by itself won't prevent an
enterprising hacker from using a laptop as a fake AP in order to run a
MITM intercept operation.

--
Johnny B Good
  #10  
Old July 17th 17, 11:41 AM posted to uk.telecom.broadband,uk.comp.homebuilt
Theo[_2_]
external usenet poster
 
Posts: 35
Default How many subnets in a typical McDonalds?

In uk.telecom.broadband Adrian Caspersz wrote:
Nope, that was a badly put example.

Mcdonalds would be giving each user a publicly allocated IP address. No
NAT and hence 32-bit mask.


I very much doubt they've giving public IPv4s - there aren't enough to go
around. The only time I recall being given a public IPv4 for wifi is at a
company that has a class A (16 million addresses). (Globally-addressed
IPv6s are easy)

However, this is entirely orthogonal to the setup - you can do exactly the
same setup with a public class A as with 10.0.0.0/8 - just in the latter
case somewhere down the road needs to be a NAT if you want internet access.

On the same SSID, I think you can configure the layer 2 switch to block
inter-station communication, ie everything is point to point with the access
point. Then you configure (DHCP) each client in layer 3 with a /32, telling
it its default route is to some other IP (which can't be on the same subnet
because a /32 contains one address). That means all traffic will be sent to
that IP, which can either NAT the packet if it's for the internet, or drop
it if it's for some other client.

I've never tried this, but I think it then avoids the problem of having a
ginormous routing table of tiny subnets.

Theo
 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
What will a typical O2 email address look like? Martin @nohere.net uk.telecom.broadband (UK broadband) 7 June 16th 08 06:54 PM
Router with two private subnets Ted B uk.telecom.broadband (UK broadband) 4 January 12th 07 10:57 PM
FAQ on subnets ? zjustice uk.telecom.broadband (UK broadband) 1 September 4th 05 03:22 PM
Typical download figures JPG uk.telecom.broadband (UK broadband) 3 February 24th 05 01:58 AM
Wireless subnets 192.168.0 and 192.168.1 Alfie uk.telecom.broadband (UK broadband) 7 October 31st 04 06:49 PM


All times are GMT +1. The time now is 11:15 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.Search Engine Optimization by vBSEO 2.4.0
Copyright 2004-2017 BroadbanterBanter.
The comments are property of their posters.