[Server-devel] Fwd: [UKids] Jerry's idea for segmenting xo users
Adam Holt
holt at laptop.org
Thu Jan 7 16:30:22 EST 2016
fyi!
From: Tim Moody <tim at timmoody.com>
Date: Thu, Jan 7, 2016 at 4:18 PM
Subject: [UKids] Jerry's idea for segmenting xo users
To: xsce-devel at googlegroups.com
Cc: T Gillett <tgillett at gmail.com>, Unleash Kids! <
unleashkids at googlegroups.com>
I've been thinking about Jerry's comment today that we would cut down on
wifi traffic by isolating users on each WR841 router, particularly in the
case where they don't register with the server.
I noticed that they support vlans and wonder could we
create vlan1 with lan ports 1 and 2 and vlan2 with ports 3 and 4 (the
number on each is arbitrary)
bridge vlan1 with wifi and vlan2 with wan
nat the vlan1 bridge to the vlan2 bridge with dhcpd on the router, each in
a separate subnet
daisy chain all routers through the vlan2 bridge
and even let xsce supply ip addresses to the wan side of each router
add iptables rules that restrict the traffic to each router's subnet and
172.18.96.1. (the subnets don't have to be in the server's address space)
so an xo can only reach the server or other xos on its router.
--
Unsung Heroes of OLPC, interviewed live @ http://unleashkids.org !
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.laptop.org/pipermail/server-devel/attachments/20160107/9c4d00fb/attachment.html>
More information about the Server-devel
mailing list