I've got what may be a simplistic scenario, and may not even be feasible, so if this is foolish or far too simplistic please let me know... Should the TCWUG network develop into a metro-wide wireless network without direct internet access, and using a non-routed IP block, then couldn't those people that have broadband set up something like the following? Say I've got broadband (DSL, Cable, other). Chances are I've got a firewall, and if I don't I probably should. Could I not make a 3-legged firewall and put my broadband connection on one port, my private network on another port, and a wireless access point connected to the third port? This would allow me to use ipsec or pptp from the wireless network to connect to my home network, and from there get out to the greater internet. I could share my access point as a means of connecting to the larger TCWUG wireless network, but not provide internet access to anyone else via my broadband connection. Would something like this not solve most of the problems people have been bringing up? I now have a responsibility on my end to monitor usage of my own internet connection. If I choose I can share my broadband connection with my friends (assuming a ToS that allows that of course) but not with the whole Twin Cities. Those businesses that want to (realtime?, visi?, others?) can provide a gateway service of sorts for some hopefully nominal fee. The burden is then on them for authentication and accounting for their customers. The same burden that they have for all of their other customers. The wireless network wouldn't need to use a routed IP address range. When I connect to my home network I'd get an IP from my private network which is behind my NATing firewall. Anything that I can do from home I can do from my laptop at the neighborhood coffee shop. Should I wish to pay an ISP for a gateway service then I'll get a routed IP from them and can do anything on the internet (including use those services that are difficult to provide for with a NATed address). Now, there obviously wouldn't be unlimited bandwidth on the wireless network, and I realize I'm treating the entire wireless network as essentially one big lan which may not be feasible. Someone would have to host a DHCP server for this thing. Broadcast domains would have to be created. Realistically though, those are design issues and shouldn't be impossible to solve. I'm sure there are many other issues that I haven't thought of, but that's what a discussion like this is for. Still, it seems to me to address some of the sticking points that the group has been getting caught up on. The TCWUG would not be in the position of providing a means of internet theft and as such have no liability should Qwest or AT&T get upset and decide to throw their lawyers at a perceived problem. The group no longer needs to worry about authentication. That would be handled by those ISPs providing a gateway service, or by those people that want to be able to access their home network and broadband connection via the wireless network. Accounting may still be an issue. Usage will need to be monitored to determine where more bandwidth needs to be allocated. Perhaps an 11 Mbps backbone won't be sufficient for the network. Once the backbone is faster than the rest of the network the group would need to determine what branches off the backbone need to be upgraded. A group of APs in St. Louis Park may need more than 11 Mbps, while other parts of the Cities aren't even close to saturating their 11Mbps to the backbone. Such a system is OS independent. I can establish a PPTP or IPSEC connection to connect to a gateway service from Linux, BSD, MacOS, or Windows. Basic connectivity to the wireless network should be fairly simple for Joe User. Plug in a wireless nic, configure for DHCP, and you're on the network. You can't get out to the internet at this point, but you can access any services being provided on the wireless network. A community intranet of sorts perhaps. If the user wants to get out to the internet then they either need to figure out how to correctly set up their home network (and be providing an access point on the wireless network) or they need to purchase a gateway service from an ISP. If they are doing it on there own they could get help from this mailing list, or perhaps the TCLUG mailing list if they are using linux for their firewall. If they are purchasing a service from an ISP, then they can call the ISP for technical support. Jeff On Thu, 25 Jul 2002, Mike Horwath wrote: > On Tue, Jul 23, 2002 at 12:33:07AM -0500, Bob Tanner wrote: > > You want something that can (gotten from the poorly named thread Richochet > > boxes?): > > > > provide QoS (ala traffic shapping?) > > accounting (ala RADIUS-like stuff?) > > logging (what do you want to log?) > > authentication > > Something that works on other those "other" operating systems > > > > That a list of basic (drechsau) requirements ? > > Basically. > > Let me break it down further: > > QoS as needed, allow people to perhaps purchase levels of > service, offer 'times' where things are more open, set up the > network to handle far more than 3 people all downloading > Warcraft III. > > Authentication and accounting (which is the logging) to allow > a model of 'pay for use', to help track down 'abuse', to allow > reports to be drawn up to show how well the business model is > working when it is time for the next round of 'funding'. > Logging is not about privacy invading information. Logging > could be anonymized logs from a transparent cache server to > determine where the next 'connection' should come from when > dealing with local connections. Etc. > > Limiting to an OS sucks, I think it needs to be worked on for > far more than 'one'. The marketing level of a system doesn't > mean the system is the right one :) > > What we need is a 'standard' for doing stuff via the AP and things > would be far more fun and easy for keeping 'abuse', 'theft', and > overall 'sharing' at acceptable levels. > >