Two wireless networks, one connection. How?
November 26, 2007 4:16 PM Subscribe
Is there a way to set up a second wireless network using my current internet connection?
I have a Nintendo DS. I would love to take said Nintendo DS online. However, there's a problem: my wireless network uses WPA, and the DS doesn't support that; it only does WEP. From what I've gathered, this is because the DS only supports 802.11b, and 802.11b doesn't support WPA. Whatever the case, it's annoying, so I need to look into other solutions.
A friend of mine lent me Nintendo's Wi-Fi USB connector, but I haven't been able to get that to reliably work. What I'd like to do is create a pseudo-wireless network that I could use just for getting my DS online. I'd like to do so without compromising the security on my current wireless network. What's the best way to do this?
I have a Nintendo DS. I would love to take said Nintendo DS online. However, there's a problem: my wireless network uses WPA, and the DS doesn't support that; it only does WEP. From what I've gathered, this is because the DS only supports 802.11b, and 802.11b doesn't support WPA. Whatever the case, it's annoying, so I need to look into other solutions.
A friend of mine lent me Nintendo's Wi-Fi USB connector, but I haven't been able to get that to reliably work. What I'd like to do is create a pseudo-wireless network that I could use just for getting my DS online. I'd like to do so without compromising the security on my current wireless network. What's the best way to do this?
I have done precisely this, for precisely the reasons you want to, and mosk's recommendation works for me.
I bought an Apple Airport Express and plugged it into the back of my main WPA router, as a wired ethernet connection. I configured it as a WEP network, and off I went. Very easy, even surprisingly easy.
posted by galaksit at 4:31 PM on November 26, 2007
I bought an Apple Airport Express and plugged it into the back of my main WPA router, as a wired ethernet connection. I configured it as a WEP network, and off I went. Very easy, even surprisingly easy.
posted by galaksit at 4:31 PM on November 26, 2007
And I should say that I mentioned the kind of second router I got because I decided to get a router I could take with me on trips. Travel with your portable router as well as your DS, and in a suitable location with wired internet, you can connect to your default network for Nintendo WiFi connection gaming!
LinkSys also do small, portable travel routers that don't require an external power supply (but instead plug directly into a socket). I opted for the Apple one because, despite being more expensive, it has the very cool "AirTunes" music streaming feature, and a printer port.
posted by galaksit at 4:48 PM on November 26, 2007
LinkSys also do small, portable travel routers that don't require an external power supply (but instead plug directly into a socket). I opted for the Apple one because, despite being more expensive, it has the very cool "AirTunes" music streaming feature, and a printer port.
posted by galaksit at 4:48 PM on November 26, 2007
If you're technically competent and you have a Linksys WRT54G (or variant) you could try installing a release candidate of DD-WRT v24. With v24 you can have up to 16 virtual interfaces, each with different SSIDs and security modes. I don't know if you can use different protocols (a/b/g) on each interface however, so you might have to keep b and g enabled simultaneously across all interfaces.
posted by dereisbaer at 4:54 PM on November 26, 2007
posted by dereisbaer at 4:54 PM on November 26, 2007
Response by poster: @mosk: My biggest concern is that I'd like to keep the two networks separate. Meaning that if someone did manage to get into the WEP-protected network, I wouldn't want them to have any access to the WPA network. I don't know a ton about this sort of thing, and it doesn't seem like that WOULD happen using the method that you and galaksit described, but I'd rather not take that risk.
Also, would something like this do the trick?
@dereisbaer: I do consider myself technically competent, but I've looked into DD-WRT before and it frightens me a bit. That's definitely something to consider, though, and it would be nice to not spend money on this if at all possible.
posted by phaded at 5:18 PM on November 26, 2007
Also, would something like this do the trick?
@dereisbaer: I do consider myself technically competent, but I've looked into DD-WRT before and it frightens me a bit. That's definitely something to consider, though, and it would be nice to not spend money on this if at all possible.
posted by phaded at 5:18 PM on November 26, 2007
Best answer: Only including 802.11b was profoundly stupid on Nintendo's part, because WEP was known insecure well before they even shipped the DS. It was harder to crack when they shipped it, but it was still easily possible....nowadays, it can be done in less than five minutes with an average laptop from the street outside.
The impact on people's network safety has been, I'm quite sure, profound, because few people have the patience to set up an entirely separate WEP network, which is the only way to do this safely.
All of the methods described above will work. However, in all cases, you are opening your network completely to the WEP network, meaning your WPA is entirely useless and you shouldn't even bother running it too.
The very best way to do this is with two separate routers and two separate IP addresses, but you'll usually have to pay your provider more for that, if you can even get them to allocate you more IPs. If you can get two IPs, buy a second router and a hub or small switch. Wire your network cablemodem -> hub -> both routers. That will give both routers an external IP address; they'll be entirely independent of one another, so your private network will stay protected with WPA. You still have the possible problem of drivebys hacking your WEP and spamming, but if you block outbound port 25, that will prevent that kind of abuse.
If you can't get a second IP, do it this way:
cablemodem -> external link on WEP router -> external link on WPA router.
Plug the WPA router in on the WAN port, not the LAN ports. This will create two separate networks; the low-security WEP on the outside, and then the higher-security WPA behind that. As long as you use the WAN link on your WPA router, the WEP network will look like the Internet and won't be trusted, so attackers won't easily be able to get into the main network.
You're doing two layers of NAT this way, which will slow down your ping times a few milliseconds, and you will have to forward ports twice for them to work. If you use the (quite insecure) UPnP port mapping protocol, that will break too... you will have to manually open ports for every system on the WPA network that wants one.... and you have to open two layers, because you have two firewalls.
It's a little inconvenient, but that should give you pretty good security while still letting you use your network. If you use an Airport for the outer WEP router, set the IP address of the DS to be your DMZ, which will get everything working instantly with no effort.
posted by Malor at 5:21 PM on November 26, 2007
The impact on people's network safety has been, I'm quite sure, profound, because few people have the patience to set up an entirely separate WEP network, which is the only way to do this safely.
All of the methods described above will work. However, in all cases, you are opening your network completely to the WEP network, meaning your WPA is entirely useless and you shouldn't even bother running it too.
The very best way to do this is with two separate routers and two separate IP addresses, but you'll usually have to pay your provider more for that, if you can even get them to allocate you more IPs. If you can get two IPs, buy a second router and a hub or small switch. Wire your network cablemodem -> hub -> both routers. That will give both routers an external IP address; they'll be entirely independent of one another, so your private network will stay protected with WPA. You still have the possible problem of drivebys hacking your WEP and spamming, but if you block outbound port 25, that will prevent that kind of abuse.
If you can't get a second IP, do it this way:
cablemodem -> external link on WEP router -> external link on WPA router.
Plug the WPA router in on the WAN port, not the LAN ports. This will create two separate networks; the low-security WEP on the outside, and then the higher-security WPA behind that. As long as you use the WAN link on your WPA router, the WEP network will look like the Internet and won't be trusted, so attackers won't easily be able to get into the main network.
You're doing two layers of NAT this way, which will slow down your ping times a few milliseconds, and you will have to forward ports twice for them to work. If you use the (quite insecure) UPnP port mapping protocol, that will break too... you will have to manually open ports for every system on the WPA network that wants one.... and you have to open two layers, because you have two firewalls.
It's a little inconvenient, but that should give you pretty good security while still letting you use your network. If you use an Airport for the outer WEP router, set the IP address of the DS to be your DMZ, which will get everything working instantly with no effort.
posted by Malor at 5:21 PM on November 26, 2007
Whatever you do to the DS a determined attacker can compromise. Say you plug in a second access point to do WEP. Well, its still plugged into your router. Now you decide to be clever and block all mac addresses but the DS. Well, someone who can crack WEP can change their mac address to match your DS.
What you want is radius authentication. Or learn to live with the USB cable.
Or you can learn to live with WEP. Just turn WPA back on when youre done gaming.
posted by damn dirty ape at 5:40 PM on November 26, 2007
What you want is radius authentication. Or learn to live with the USB cable.
Or you can learn to live with WEP. Just turn WPA back on when youre done gaming.
posted by damn dirty ape at 5:40 PM on November 26, 2007
damn dirty ape, what I just told him (put WEP outside his WPA network) will let him run both safely, at the cost of having to do extra work to forward ports.
posted by Malor at 6:03 PM on November 26, 2007
posted by Malor at 6:03 PM on November 26, 2007
> If you're technically competent and you have a Linksys WRT54G (or variant) you could try installing
> a release candidate of DD-WRT v24.
Flashing your router firmware is totally cool and all that--just be aware that it is a tiny bit experimental and a person might want to think twice about doing it if he's, say, more than 500 miles from his nearest router store. I have a very nice working WRT54G now running DD-WRT. But that was from my second try; I also have a pretty little dark blue/light blue paperweight from my first.
posted by jfuller at 6:19 PM on November 26, 2007
> a release candidate of DD-WRT v24.
Flashing your router firmware is totally cool and all that--just be aware that it is a tiny bit experimental and a person might want to think twice about doing it if he's, say, more than 500 miles from his nearest router store. I have a very nice working WRT54G now running DD-WRT. But that was from my second try; I also have a pretty little dark blue/light blue paperweight from my first.
posted by jfuller at 6:19 PM on November 26, 2007
I have a very nice working WRT54G now running DD-WRT. But that was from my second try; I also have a pretty little dark blue/light blue paperweight from my first.
I've never had that happen after dozens of firmware updates across 4 Linksys WRT54Gs and one buffalo WHR-HP-G54. I've been putting 3rd party firmware on my own access points for 3+ years and manage a few for the inlaws as well.
That said I know it's possible to get a bad flash. Linksys foresaw this bricking problem and built in a recovery mode. I've never used the tftp method for recovery but I did use it for the first flash I ever did (sveasoft). It's possible you were unlucky and even the recovery mode didn't work.
posted by dereisbaer at 4:15 AM on November 27, 2007
I've never had that happen after dozens of firmware updates across 4 Linksys WRT54Gs and one buffalo WHR-HP-G54. I've been putting 3rd party firmware on my own access points for 3+ years and manage a few for the inlaws as well.
That said I know it's possible to get a bad flash. Linksys foresaw this bricking problem and built in a recovery mode. I've never used the tftp method for recovery but I did use it for the first flash I ever did (sveasoft). It's possible you were unlucky and even the recovery mode didn't work.
posted by dereisbaer at 4:15 AM on November 27, 2007
This thread is closed to new comments.
posted by mosk at 4:24 PM on November 26, 2007