I've got what may be a simplistic scenario, and may not even be
feasible, so if this is foolish or far too simplistic please let me
know...

Should the TCWUG network develop into a metro-wide wireless network
without direct internet access, and using a non-routed IP block, then
couldn't those people that have broadband set up something like the
following?

Say I've got broadband (DSL, Cable, other).  Chances are I've got a
firewall, and if I don't I probably should.  Could I not make a 3-legged
firewall and put my broadband connection on one port, my private network
on another port, and a wireless access point connected to the third port?

This would allow me to use ipsec or pptp from the wireless network to
connect to my home network, and from there get out to the greater
internet.

I could share my access point as a means of connecting to the larger TCWUG
wireless network, but not provide internet access to anyone else via my
broadband connection.

Would something like this not solve most of the problems people have been
bringing up?

I now have a responsibility on my end to monitor usage of my own internet
connection.  If I choose I can share my broadband connection with my
friends (assuming a ToS that allows that of course) but not with the
whole Twin Cities.

Those businesses that want to (realtime?, visi?, others?) can provide a
gateway service of sorts for some hopefully nominal fee.  The burden is
then on them for authentication and accounting for their customers.  The
same burden that they have for all of their other customers.

The wireless network wouldn't need to use a routed IP address range.  When
I connect to my home network I'd get an IP from my private network which
is behind my NATing firewall.  Anything that I can do from home I can do
from my laptop at the neighborhood coffee shop.  Should I wish to pay an
ISP for a gateway service then I'll get a routed IP from them and can do
anything on the internet (including use those services that are difficult
to provide for with a NATed address).

Now, there obviously wouldn't be unlimited bandwidth on the wireless
network, and I realize I'm treating the entire wireless network as
essentially one big lan which may not be feasible.  Someone would have to
host a DHCP server for this thing.  Broadcast domains would have to be
created.  Realistically though, those are design issues and shouldn't be
impossible to solve.  I'm sure there are many other issues that I haven't
thought of, but that's what a discussion like this is for.

Still, it seems to me to address some of the sticking points that the
group has been getting caught up on.  The TCWUG would not be in the
position of providing a means of internet theft and as such have no
liability should Qwest or AT&T get upset and decide to throw their lawyers
at a perceived problem.

The group no longer needs to worry about authentication.  That would be
handled by those ISPs providing a gateway service, or by those people that
want to be able to access their home network and broadband connection via
the wireless network.

Accounting may still be an issue.  Usage will need to be monitored to
determine where more bandwidth needs to be allocated.  Perhaps an 11 Mbps
backbone won't be sufficient for the network.  Once the backbone is faster
than the rest of the network the group would need to determine what
branches off the backbone need to be upgraded.  A group of APs in St.
Louis Park may need more than 11 Mbps, while other parts of the Cities
aren't even close to saturating their 11Mbps to the backbone.

Such a system is OS independent.  I can establish a PPTP or IPSEC
connection to connect to a gateway service from Linux, BSD, MacOS, or
Windows.

Basic connectivity to the wireless network should be fairly simple for Joe
User.  Plug in a wireless nic, configure for DHCP, and you're on the
network.  You can't get out to the internet at this point, but you can
access any services being provided on the wireless network.  A community
intranet of sorts perhaps.  If the user wants to get out to the internet
then they either need to figure out how to correctly set up their home
network (and be providing an access point on the wireless network) or they
need to purchase a gateway service from an ISP.  If they are doing it on
there own they could get help from this mailing list, or perhaps the TCLUG
mailing list if they are using linux for their firewall.  If they are
purchasing a service from an ISP, then they can call the ISP for technical
support.

Jeff


On Thu, 25 Jul 2002, Mike Horwath wrote:

> On Tue, Jul 23, 2002 at 12:33:07AM -0500, Bob Tanner wrote:
> > You want something that can (gotten from the poorly named thread Richochet
> > boxes?):
> >
> > provide QoS (ala traffic shapping?)
> > accounting (ala RADIUS-like stuff?)
> > logging (what do you want to log?)
> > authentication
> > Something that works on other those "other" operating systems
> >
> > That a list of basic (drechsau) requirements ?
>
> Basically.
>
> Let me break it down further:
>
> 	QoS as needed, allow people to perhaps purchase levels of
> 	service, offer 'times' where things are more open, set up the
> 	network to handle far more than 3 people all downloading
> 	Warcraft III.
>
> 	Authentication and accounting (which is the logging) to allow
> 	a model of 'pay for use', to help track down 'abuse', to allow
> 	reports to be drawn up to show how well the business model is
> 	working when it is time for the next round of 'funding'.
> 	Logging is not about privacy invading information.  Logging
> 	could be anonymized logs from a transparent cache server to
> 	determine where the next 'connection' should come from when
> 	dealing with local connections.  Etc.
>
> 	Limiting to an OS sucks, I think it needs to be worked on for
> 	far more than 'one'.  The marketing level of a system doesn't
> 	mean the system is the right one :)
>
> What we need is a 'standard' for doing stuff via the AP and things
> would be far more fun and easy for keeping 'abuse', 'theft', and
> overall 'sharing' at acceptable levels.
>
>