Re: Limiting internet access by time

[Dan Ritter <dsr@randomstring.org>]

On Sun, Aug 07, 2016 at 03:32:00AM +0000, Mark Fletcher wrote:
> On Sun, Aug 7, 2016 at 9:57 AM Dan Ritter <dsr@randomstring.org> wrote:
> 
> > On Sat, Aug 06, 2016 at 04:56:06AM +0000, Mark Fletcher wrote:
> > > On Sat, Aug 6, 2016 at 2:48 AM Dan Ritter <dsr@randomstring.org> wrote:
> >
> > Got it. You can change that by removing NAT from the AP. For
> > instance, plug your switch into a LAN port instead of the WAN
> > port:
> >
> > cable modem -- LFS -- switch ---- (LAN port) AP ---- wifi client
> >                              |                  \___ wifi client
> >                              |
> >                              ---- other wired machines
> 
> However, I'm finding the discussion with Dan very interesting so I'd like
> to continue it if you don't mind, albeit on a hypothetical basis.

What is the Internet for, if not hypotheticals?


> The first problem I'd have with Dan's suggestion is that the firewall box
> only has 2 network ports -- one built into it and one I added using a
> USB3.0 to Ethernet adaptor. So the cable modem is plugged into the native
> Ethernet port and the USB-to-Ethernet passes on through an Ethernet cable
> to the WAN port of the AP. This would be the connection that Dan suggests
> shifting to a LAN port of the AP. Despite some clucking from various
> sources about the performance I'd get from using a USB to Ethernet adaptor,
> in practice I see no practical difference in internet access speed by
> having used such an adaptor. I guess I'd need to add a third Ethernet port
> to the firewall to migrate the wired devices, using another USB to Ethernet
> adaptor, and plug some kind of hub device into it so I could plug in more
> than one wired Ethernet device.

Nope. Buy a $20 5-8 port ethernet switch. Very reliable. That's
in the diagram above as "switch".


> Then the firewall would have to be a dhcp client of the AP, instead of the
> other way round as now, as I can't turn the AP'S DHCP server off since I
> need it to supply IP addresses to my wireless devices. But I'd need to keep
> the DHCP server on the firewall so it could supply IP addresses to the
> wired machines. I am not a fan of static IP addressing on a home LAN,
> although I can see why it isn't a big problem for the wired part since
> wired devices tend not to wander about. :)

If you turn off NAT, DHCP will pass through it. So having the
firewall run all your DHCP makes sense. It's also a good place
to run a DNS cache, and NTP.

> But part of me is thinking that if I were going to migrate my wired devices
> away from the AP and to the firewall, I might as well go the whole hog,
> turn the firewall's WiFi device on, and serve up the WiFi from there too,
> eliminating the AP altogether. Except that the WiFi card in the firewall
> wasn't designed to be an AP and maybe its signal will be weaker. However,
> the last time I cracked open a common-or-garden WiFi router and looked
> inside, I found a PCMCIA WiFi adaptor of exactly the kind I was using in my
> computer at the time, inside...

Yeah, they tend to be very similar. If you buy a PCI or PCI-E
wifi card with good external antennae, that's a perfectly
reasonable choice.

cable modem -- LFS -- (wifi nic) ---- wifi clients
                   |
                   -- (USB nic) -- switch - wired machines

Which will simplify your life a little more.

If you run into range problems, putting an ethernet cable out to
the other side of your dwelling and re-using the AP as a range
extender is not a bad move.

-dsr-