Shared Internet - Using Client Mode, Security Questions.

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
Author Message
Alister
DD-WRT Novice


Joined: 16 Oct 2015
Posts: 19

PostPosted: Tue Nov 10, 2015 17:26    Post subject: Shared Internet - Using Client Mode, Security Questions. Reply with quote
I share my internet with 5 other house mates, I'm wanting to secure myself from them or anyone sharing the same internet connection.

So if i use a router in client mode connected to the main Access Point, then connect my devices with ethernet cables to the router, is this definitely secure since it's on it's own subnet?

So i'm more or less wanting to no if this is a bulletproof method for using shared internet connections when needing to isolate yourself with the assumption of the networks been untrusted,

would I be correct in assuming as long as they don't no the router login details then it's secure from them changing anything? would the only thing they can see in the router is the i.p address of the router connected.

Last thing would be if this is secure would the same thing apply to setting up VAP setting up wireless connections along side client mode since primarily you can only use ethernet cables

Appreciate any help in this matter.
Sponsor
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Wed Nov 11, 2015 13:36    Post subject: Reply with quote
Yes, you should be secured just as you would be from any WAN if you are using 'client' mode.

Note: adding a VAP on broadcom router you would need to be in 'Repeater' mode.
On atheros you can add a VAP in 'Client' mode.

Not to be confused with 'Repeater Bridge' or 'Client Bridge (routed)' ---- these are
used in same subnet with WAN connection disabled.
Alister
DD-WRT Novice


Joined: 16 Oct 2015
Posts: 19

PostPosted: Thu Nov 12, 2015 18:42    Post subject: Reply with quote
Thanks i'm fairly new to all this terminology ect when you mention wan i assume you mean, this should be just as secure as for comparisons sake two separate houses with their own separate Internet connections

I do have some questions, my understanding is using client mode means that the wireless portion, that connects to the access point is on a different subnet then lan side of things where using the ethernet cables

does this mean that anything like wireshark wouldn't, be able to spy monitor on the wireless connection? i believe everything gets passed from the wireless subnet to lan subnet preventing the wireless traffic been exposed the same way that normal wireless connections have issues with?

i was reading about that on flash routers this article
http://www.flashrouters.com/blog/2011/10/19/what-is-the-difference-between-client-bridge-wireless-repeater-modes-in-dd-wrt/

they just didn't really explain if that's the reason are they suggesting if you were on a network with no protection without a vpn that someone couldn't monitor your wireless traffic because it's been passed from a it's own wireless subnet onto the lan subnet maybe i'm miss understanding

the other confusing things and I've looked for answers by default in client mode under wireless basic settings when you tick advanced

where it has Network Configuration it is set to Bridged mode i looked it up seems people were saying no official documentation had been released as to what this is for I turned it off then can see these settings

Multicast forwarding

Masquerade / NAT

Net Isolation

Forced DNS Redirection

IP Address

Subnet Mask

i'm not sure what Masquerade / NAT, Net Isolation, Multicast forwarding are

one other thing I see there is AP Isolation I turned on which stops wireless devices communicating I assume this is mostly used when using the device as a router and not a client mode?

when it's turned off i can access the main access point from my computer but my understanding is no devices connected to the main access point can access my subnet so in my situation is having it turned on adding any type of security stopping them communicating with me or just preventing me from logging into the access point from my computer

these seem to be the main things keeping me from feeling confident about everything been configured correctly

Thanks
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Thu Nov 12, 2015 19:05    Post subject: Reply with quote
WAN (wide area network, the internet, public network, or in some cases just the network NATed by yours)
In client mode or repeater mode the physical wireless interface becomes the WAN connection just like a normal WAN port would be. In this type configuration you can also assign WAN port to switch and have 5 LAN ports.

AFAIK most of the dd-wrt wiki info is fairly good on these subjects.

Since configuration and terminology differs on different routers (broadcom / atheros) I suggest you ask specific questions in the appropriate forum.
And yes you can also incorporate more firewall rules to block whatever you want blocked.

good luck
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum