http://swing.cs.uiuc.edu/projects/perm/download.php
http://www.fon.com/es/info/whatsFon
http://www.adslzone.net/postt147071.html
http://www.adslzone.net/postt83840.html
http://www.pcdemano.com/phpBB2/viewtopic.php?t=19737
DD-WRT:
http://ryan-mark.com/2008/05/27/share-your-internet-connection-safely-with-dd-wrt/
http://www.wi-fiplanet.com/tutorials/article.php/3710791
Suscribirse a:
Enviar comentarios (Atom)
Para que el sistema de limitación de velocidad por IP funcione correctamente debemos seguir los siguientes pasos.
ResponderEliminar1º Administration/Device list. Añadir los PC's que se encuentran en esta lista a "Static DHCP", para ello pulsaremos en la IP de cada PC que queramos controlar y automáticamente pasará a "Static DHCP".
2º IP/MAC QoS/ QoS Limit. En esta imagen podéis ver como he introducido las IP's de unos PC's que anteriormente han sido "clasificados" en el "static dhcp".
Image
Explicación de cada parámetro de la imagen.
Enable QoS limit = Para activar o desactivar esta función.
Download Bandwidth= Máxima velocidad de Bajada de la conexión.
Upload Bandwidth = Máxima velocidad de subida de la conexión.
Para saber cual es la velocidad máxima de bajada y subida puedes utilizar este test..
http://testdevelocidad.es
http://speedtest.net
Anota los valores de bajada y subida en estas dos casillas.
Ahora vamos a comenzar a escribir las IP's de los PC's y las limitaciones que queremos introducir para cada conexión.
Image
TC Tag . Este número lo adjudica secuencialmente el router a cada nueva IP que se añade en la lista, no modificar.
IP Address . En esta casilla debemos escribir la IP del PC que queremos controlar su velocidad de subida/bajada.
Dl Rate . Aquí escribiremos la velocidad de bajada del PC cuando todos los PC's en la lista estén operativos (descargando) ... uhhh? que significa esto? pues significa que la suma total de esta columna para todos los PC en la lista no puede superar el "Download Bandwidth".
Si la suma supera este "Download Bandwidth" no sirve de nada el dato introducido cuando todas las máquina están descargando.
Asimismo tomad en cuenta que si la IP introducida pertenece a una conexión vía wifi es posible que las condiciones de propagación y calidad de la señal wireless para este PC no permitan que el PC alcance la velocidad escrita en esta casilla, me explico; si escribes una velocidad de bajada de 10000kbps en esta casilla cuando la conexión wireless solo permite una velocidad máxima (teórica de 5000kbps .. pues eso, que es quemar naves sin entrar en batalla).
Espero que esta explicación os aclare ya alguna duda.
Dl Ceil (Techo de descarga). Interesante también esta casilla, explicación; Está va a ser la máxima velocidad de descarga que va a alcanzar este PC descargando cuando el ancho de banda es suficiente para que pueda superar su velocidad de descarga porque la suma total de las velocidades de descarga de los otros PC's no ha sido alcanzada.
Ejemplo 1
Velocidad de bajada de la conexión= 16000 kbps.
PC1 Dl Rate 4000 Dl Ceil 7000kbps
PC2 Dl Rate 4000 Dl Ceil 9000kbps
Comportamiento (suponiendo que la descarga permite alcanzar la máxima velocidad)
El PC1 comienza a descargar y como todavía el PC2 no ha comenzado alcanza una velocidad máxima de descarga de 7000kbps.
El PC2 comienza después a descargar y alcanza una velocidad de 9000kbps.
La suma del techo de descarga de ambos PC's = 16000kbps.
Ejemplo 2
Velocidad de bajada de la conexión= 16000 kbps.
PC1 Dl Rate 4000 Dl Ceil 7000kbps
PC2 Dl Rate 4000 Dl Ceil 9000kbps
PC3 Dl Rate 8000 Dl Ceil 9000kbps
El PC1 comienza a descargar y como todavía el PC2 no ha comenzado alcanza una velocidad máxima de descarga de 7000kbps.
El PC2 comienza después a descargar y alcanza una velocidad de 9000kbps.
El PC3 comienza a descargar... Guiño y la velocidad del PC1 baja a 4000, la velocidad del PC2 baja a 4000 y la velocidad del PC3 va a 8000kbps, suma total= 16000kbps.
Ejemplo 3
Velocidad de bajada de la conexión= 16000 kbps.
PC1 Dl Rate 4000 Dl Ceil 7000kbps
PC2 Dl Rate 4000 Dl Ceil 9000kbps
PC3 Dl Rate 4000 Dl Ceil 9000kbps
El PC1 comienza a descargar y como todavía el PC2 no ha comenzado alcanza una velocidad máxima de descarga de 7000kbps.
El PC2 comienza después a descargar y alcanza una velocidad de 9000kbps.
El PC3 comienza a descargar... Guiño y la velocidad del PC1 baja a 1/3 de la velocidad máxima, la velocidad del PC2 baja a 1/3 de la velocidad máxima y la velocidad del PC3 va también a 1/3, Suma total= 16000kbps. ¿Por que? Pues porque la suma de los techos de bajada supera el caudal máximo de bajada y el Dl Rate es el mismo para los tres PC's.
¿Entendido? Guiño
UL Rate . Igual que DL Rate pero para subida de archivos.
UP Ceil . Lo mismo que el Dl Ceil pero para subida de archivos.
Ejemplos y comportamiento para el UL Rate y UL Ceil, Idéntico.
Priority Muy importante esta función. Afecta a la posición que toma la regla en la cola del netfilter del router, por lo tanto cuanto más alta sea la prioridad el PC tendrá prioridad sobre el resto en tráfico de DNS, http, juegos... (principalmente). Mejora el ping pero solo porque está antes que los otros PC's en el netfilter, no por otra circunstancia. Guiño
TCP Limit Número máximo de conexiones activas para esta IP. Nos sirve para limitar este número y es especialmente atractivo para evitar saturaciones de programas P2P (emule, torrent, ares).
UDP limit Número de datagramas/conexiones máximas UDP por segundo, sirve exactamente para lo mismo, para evitar saturaciones de P2P (especialmente para Ares).
IMPORTANTE Cualquier IP que no esté incluida en esta regla funcionará a la máxima velocidad de subida/bajada a no ser que usando la función de "Limit unlisted machines" esté habilitada en la función "ARP Binding". En este caso la IP no tendrá acceso a Internet.
http://www.adslzone.net/postt147071.html
¿Cansados de quedaros sin velocidad cuando el vecino conecta el Ares?
ResponderEliminar¿Páginas que tardan en visualizarse cuando el compañero está jugando en su ordenador?
¿Videos a saltos cuando hay gente conectada a vuestra red?
La solución (aparte de contratar otra línea solo para vosotros) es administrar los usuarios y el ancho de banda que usen cuando estén conectados a vuestra red. Por ello me he permitido confeccionar este manual fácil para fijar las reglas de usuarios y aplicaciones en el WRT54xx con diferentes firmwares.
Podéis bajar el manual de esta dirección, descomprimirlo y seguir las instrucciones, es más sencillo de lo que nos imaginamos todos... y está escrito en castellano con ejemplos reales:
Manual de uso: http://victek.is-a-geek.com/Repositorios/Linksys/Script%20Generator/manual.rar
Programa: http://victek.is-a-geek.com/Repositorios/Linksys/Script%20Generator/generator.zip
Para preguntas, dudas postead en este hilo por favor, gracias
http://www.adslzone.net/postp552733.html#552733
Saludos
http://www.adslzone.net/postt83840.html
Implementing Inexpensive Multiple SSID Networks: Part I
ResponderEliminarBy Eric Geier
November 13, 2007
If you thought that having multiple service set identifier (SSID) and virtual local area network (VLAN) support could only be possible in enterprise-level access points (APs), we have good news. With help from DD-WRT, a popular open-source firmware replacement, you can pack countless extra and enterprise-level features into your inexpensive home Wi-Fi router.
This part of the tutorial series will introduce you to the multiple SSID feature, discuss its existence in off-the-shelf APs, and walk you through installing the free DD-WRT firmware replacement. In the next part, we’ll dive deeper into using multiple SSIDs with DD-WRT.
What are multiple (or virtual) SSIDs?
In general, multiple (or virtual) SSIDs allow you to create multiple network names or SSIDs on one AP or radio with the ability to customize their individual security and broadcast settings. Additionally, you can assign the virtual SSIDs to different VLANs to provide segregation between the virtual wireless networks.
Here are some examples of what you could do with virtual SSIDs:
* Offer public wireless Internet: For example, you could use encryption on your main SSID (for private use) and create a virtual SSID (for public use) on its own VLAN and without wireless encryption. This would give visitors easy access to your wireless Internet, but protects the contents of your network.
* Segment your network users: You could, for example, limit access to files and services between your groups or departments by creating a virtual SSID (on their own VLANs) for each group. For instance, regular employees (like, say, on the sales or marketing SSID) won’t be able to access sensitive records on the management SSID used by the supervisors. This approach could work well for small organizations without an existing network segmentation method, such as active directory.
* Offer different levels of security: Implementing multiple SSIDs may help in situations when all your wireless clients don’t have the same encryption and security abilities. For example, your older wireless clients may not have Wi-Fi protected access (WPA) or WPA2. But, you want to support these better encryption techniques for your newer clients. In this case, you could setup your main SSID with your desired security settings and create a virtual SSID (on the same VLAN as your main network) with the lower security requirements. Doing this along with other techniques, such as only having this virtual SSID applied to your inter APs, could help to keep people from outside your location from eavesdropping on your “less-secure” communications.
Multiple SSID vs Multiple BSSID
Before you jump into this virtual world you should understand the difference between the two ways this feature can be implemented:
* Multiple BSSID: Each virtual interface is assigned to its own basic service set identifier (BSSID), or MAC address, which provides a better user experience. This is implemented in most off-the-shelf APs equipped with the multiple SSID feature.
* Multiple SSID: Each virtual interface is under the same BSSID, the device’s original MAC address, which (as we’ll discuss more later) can confuse the wireless clients; and the users themselves. However, using this method can still be practical, especially since you can get it from a cheap simple router with firmware replacements like DD-WRT.
Before choosing a solution, be sure to figure out exactly what method is used.
Other Options: Lower Cost Hardware
Before plunging into installing and using DD-WRT for the virtual SSID feature, take a moment to consider the possibility of using off-the-shelf hardware. These days you can get an access point with multiple BSSID and VLAN support for under $200─and some are almost as low as $100.
Here are a few access points you can look into:
* D-Link DWL-2200AP
* SMC 2552W-G2
* Linksys WAP200
If you find these products are out of your price range, or if you would like to try replacing your firmware first, then you can continue to the next section to get started with DD-WRT.
Installing the DD-WRT Firmware
First a word of caution: Before continuing, you should understand that modifying a router’s firmware or loading it with firmware not released from its manufacturer (like DD-WRT) usually voids the factory warranty and support. Yet, on the other hand, this might not be the case with some APs; for example Buffalo Technology and DD-WRT recently began a partnership to address these types of issues.
Also, be very careful when upgrading any firmware; follow all directions and precautions. One slip-up may brick your router¾or in other words make it unusable and very difficult to revive.
Installing and setting up the DD-WRT firmware replacement consists of the following three steps:
1. Get a Supported Router: For example a Linksys WRT54G/GL/GS or Buffalo WHR-G125 or WHR-HP-G54. Click here for a full list of support routers. The chances of you or someone you know having a supported router lying around are high; many of the popular wireless routers will do.
2. Download the DD-WRT Firmware: Browse through the Downloads section of the DD-WRT website. At the time of this writing the latest version of DD-WRT that includes the multiple SSID feature is a release candidate: v24 RC4. Be sure to pick the correct firmware type (generic or vendor-specific) for your particular router. If you need help choosing the correct type, you can refer to the notes listed for each particular router on the list of support routers, and/or refer to the installation guide. Keep in mind, once version 24 is released as stable, or a newer version arrives, you should use that.
3. Flash Your Router: Using the recommended method in the DD-WRT installation guide (such as Trivial File Transfer Protocol (TFTP) or via the Web-based configuration screen) flash or upload the firmware replacement to your router. As you’ll probably be told by the DD-WRT or factory documentation, you should only upgrade firmware via an Ethernet connection--and do not interrupt the upgrade.
Part II: The next installment in our series shows exactly how to configure multiple SSIDs with the DD-WRT firmware, and discusses overcoming the connectivity issues brought up by using this multiple SSID (not rhe BSSID) method.
http://www.wi-fiplanet.com/tutorials/article.php/3710791
Implementing Inexpensive Multiple SSID Networks: Part II
ResponderEliminarBy Eric Geier
December 4, 2007
In the first part of this tutorial series, we discussed the two different multiple or virtual SSID methods. We also touched on the availability of these features in off-the-shelf APs from popular hardware manufactures. We concluded by discussing the installation of DD-WRT, a firmware replacement for many popular wireless routers, which now embraces the multiple SSID feature.
Now, we’ll step you through exactly how to set up multiple SSIDs with DD-WRT.
Logging into your DD-WRT router
After successfully flashing your router with the DD-WRT firmware, you can log on to the DD-WRT Web-based configuration screen by following these steps:
1. Bring up your Web browser.
2. Type the IP address of your router into the browser. (By default, DD-WRT uses 192.168.1.1.)
3. After you click on a page/section of the DD-WRT configuration utility, you’ll be prompted to enter the (default) login credentials:
· Username: root
· Password: admin
Now you can configure your router for your particular needs. Feel free to set up your main SSID, labeled as Physical Interface wl0 on the Wireless page, as you would like, but you should leave the network configuration as “Bridged.”
You can also configure your Internet connection, wireless, and other generic settings. These should be similar to what you did with your original router. Once you’re ready, you can configure the additional SSIDs by moving to the next section.
http://www.wi-fiplanet.com/tutorials/article.php/3714521
Implementing Inexpensive Multiple SSID Networks: Part II
ResponderEliminarBy Eric Geier
December 4, 2007
Adding the virtual interface(s)
The first item on the list is to configure the virtual SSID interface(s):
1. Select the Wireless tab.
2. Under the Virtual Interfaces section, click Add.
3. Specify your desired SSID, broadcast, and isolation settings; but make sure you set the network configuration as Unbridged and create a subnet by defining an IP address and subnet mask for the interface.
Figure 1 [below] shows an example of configuring the virtual SSID to be segregated from the main SSID. This is because the virtual interface IP address (192.168.2.1) is on another subnet from the main SSID’s IP address (192.168.1.1).
figure1.png
If you wanted the virtual SSID to be on the same VLAN as the main SSID, (meaning people on the virtual SSID could access the network of the main SSID) you could, for example, enter 192.168.1.2 for the virtual interface IP address.
Later, you’ll have to specify the DHCP settings, including the IP address range that matches the IP information you set up here.
4. Click the Save button to save, but not apply your changes.
Configuring the DNS and DHCP settings
Now, you must manually configure the DNS and DHCP settings for each virtual interface:
1. Select the Services tab.
2. Under the DNSMasq section, enter the following set of code (with any applicable edits as discussed) in the Additional DNSMasq Options box for each virtual SSID:
interface=wl0.1
dhcp-option=wl0.1,3,192.168.2.1
dhcp-option=wl0.1,6,192.168.1.1
dhcp-range=wl0.1,192.168.2.100,192.168.2.249,255.255.255.0,1440m
figure2.png
Figure 2: Example of configuring the DNS and DHCP settings.
Keep in mind each virtual SSID requires its own set of code. Additionally, make sure you specify the correct interface number in each set. The wl0.1 refers to the Virtual Interface wl0.1 SSID (seen in the wireless section of DD-WRT); for example if you are setting up a second virtual SSID then its set of code would contain wl0.2, the third would be wl0.3, and so on.
Even when using only one virtual SSID, you should also keep in mind the other variables this code presents:
· The IP address in the second line of code should be the address you specified earlier when setting up the virtual interface in the wireless section.
· The IP address in the third line of code should be the main or original address of your router which is 192.168.1.1 by default.
· The last line of the code specifies (in consecutive order) the following, separated by comas in the code:
o Starting IP address of the DHCP addresses, matching the subnet you defined.
o Ending IP address of the DHCP addresses, matching the subnet you defined.
o Subnet mask.
o Client lease time. (in minutes)
3. Click the Save button to save but not apply your changes.
Configuring Firewall (VLAN) Settings
You also have to manually configure firewall settings for each virtual interface to prevent users on the virtual SSID(s) from accessing the original network:
1. Click the Administration tab.
2. Click the Commands tab.
3. Enter the following in the Commands box for each virtual SSID:
iptables -I INPUT -i wl0.XXX -m state --state NEW -j logaccept
Replace XXX with the virtual interface number shown on the main wireless page of DD-WRT.
Note: If you already have specified commands (shown in the Firewall section) click the Edit button which should make your existing commands appear in the commands box. After you make your desired additions/edits in the box, you can click the Save Firewall button as step six instructs.
4. Add the following two lines of code in the Commands box for each virtual interface you want to segregate from the main SSID:
iptables -I FORWARD -i wl0.XXX -o br0 -j logdrop
iptables -I FORWARD -i br0 -o wl0.XXX -j logdrop
Replace XXX with the virtual interface number shown on the main wireless page of DD-WRT.
5. If you have more than one virtual SSID and you want to segregate the virtual SSIDs from each other, add the following two lines of code (with applicable edits as discussed) in the Commands box for each virtual SSID link you would like to segregate:
For example, if you have two virtual SSIDs (not counting your main one) you would like to segregate, add the following:
(This prevents communication like file sharing, pinging, etc between your first and second virtual SSID.)
iptables -I FORWARD -i wl0.1 -o wl0.2 -j logdrop
iptables -I FORWARD -i wl0.2 -o wl0.1 -j logdrop
When adding your third virtual SSID that you would like to segregate from the others you would add the following two sets of code:
(This prevents communication between your third and first virtual SSID)
iptables -I FORWARD -i wl0.1 -o wl0.3 -j logdrop
iptables -I FORWARD -i wl0.3 -o wl0.1 -j logdrop
(This prevents communication between your third and second virtual SSID)
iptables -I FORWARD -i wl0.2 -o wl0.3 -j logdrop
iptables -I FORWARD -i wl0.3 -o wl0.2 -j logdrop
6. Click Save Firewall.
7. Click the Management sub-tab of the Administration section.
8. Scroll down and click Apply Settings.
You’re done; your router should now be broadcasting multiple SSIDs!
http://www.wi-fiplanet.com/tutorials/article.php/10724_3714521_2
Implementing Inexpensive Multiple SSID Networks: Part II
ResponderEliminarBy Eric Geier
December 4, 2007
Overcoming Multiple SSID (Not BSSID) Connectivity Issues
The use of multiple SSIDs with DD-WRT may cause confusion (or at least to your wireless client utility) when attempting to connect to the router. This is because the firmware only implements multiple SSID, rather than multiple BSSID method. The differences of these types were pointed out in the previous tutorial.
The way wireless clients handle and display the numerous network names on multiple SSID (not BSSID) networks varies. Some client utilities may show the main SSID along with all the virtual ones; however some clients may only show a random listing of just one of the broadcasted SSIDs. In the case of multiple BSSID networks, the clients should just show all the SSIDs as normal.
If you find you’re having this type of problem remember you can manually connect to a SSID, like you would for non-broadcasted SSIDs:
1. Add the SSID (and other applicable settings) of your desired network to the preferred list of your client utility.
2. Remove any entries of the other SSIDs of your DD-WRT-enabled router from the preferred list.
3. It should then connect to the SSID you specified; if not try to refresh or restart your wireless adapter.
Bear in mind even though you know this workaround now, consumers and the public won’t. They may not even see the network in their list of nearby wireless networks. Therefore if you’ve setup an SSID intended for public access or for external members of your organization, you may think about disabling the broadcasting of all your other SSIDs, leaving the single broadcasted SSID for those less-inclined users. This way wireless clients shouldn’t get confused, it should always show the one broadcasted SSID.
Conclusion
You have a few places to turn to if you run into troubles when setting up DD-WRT:
* DD-WRT Wiki: Contains information and help on installing and setting up DD-WRT and its features through frequently asked questions (FAQ) and tutorials.
* Discussion Forum: You can review previous discussions and/or post questions or start conversations with the developers and other users worldwide.
* IRC: You can chat with DD-WRT users and developers using an Internet Relay Chat (IRC) client.
* Wi-Fi Planet Forums: Lastly but not least, you can hit the discussion forum here on the site where you might find some experienced DD-WRT users.
Whether you are trying to setup virtual SSIDs to give public access, for segmenting reasons, or for multi-security support--remember if the DD-WRT solution doesn’t work out there are inexpensive out-of-the-box APs out there for your choosing.
Eric Geier is an author of many wireless networking and computing books including 100 Things You Need to Know about Upgrading to Windows Vista, published by Que and Wi-Fi Hotspots: Setting up Public Wireless Internet Access, published by Cisco Press.
http://www.wi-fiplanet.com/tutorials/article.php/10724_3714521_3
Supongamos que usa un Router "normalito", o incluso el que traen los Proveedores de Servicios de Internet (ISP): Lo mas "rapido" o practico seria aplicar filtros de MAC, que incluso vienen escritas en las pegatinas que los portatiles tienen debajo, y asi activar o desactivar esas MACs para controlar quienes o quienes no se conectan. Hay software que puede acceder a estas configuraciones del router y cambiarlas en un "par de clicks" en vez de hacerlo via Navegador Web.
ResponderEliminarSupongamos que tenemos varios Routers para separar la Red privada de la red Publica: Dejar la Red Publica SIN contraseña, para que todos se pudieran conectar, o con contraseña, pero cambiarla cada dia, asi evitas que los listillos se puedan conectar. Evidentemente, en la red privada, poner filtros de MAC, Clave WEP de 128bits minimo, etc.
Supongamos que tiene un Router que te cagas de la muerte, de estos basados en Linux, tipo Fon o llamados tambien "fonero": Configurandolo correctamente, puedes compartir la Red WiFi de una manera publica, sin contraseñas y tal, y mantener la privacidad de tu Red, ya que permites que determinadas IP's tengan acceso a determinados recursos de una red. Muchos Routers son capaces de hacer eso, pero y olos desconozco. Incluso hay firmwares para routers "corrientes" que permiten este tipo de configuraciones.
Supongamos que tienes un MODEM ADSL, un punto de Acceso y un viejo PC, sin monitor ni ostias, con un sistema Linux Instalado (o que le pueda instalar): Al viejo PC le puedes meter tantar tarjetas de Red como necesites, compartiendo en todo momento las conexiones a traves de un software especial que hace de enrutador, ademas compartirias la conexion ya viniera de un Router ADSL o un modem USB ADSL. Aparte, en una de las tarjetas de REd le podrias conectar un Punto de Acceso (AP) para compartir Internet a traves de el, pero no los recursos de la red (Carpetas, impresoras, etc.) o configurando que cosas deseas compartir. Ademas, al ser un sistema muy flexible, podrias configurarlo muy facilmente, por ejemplo, desde un PC con Windows a traves de algun programa de gestion, VNC o similar. Tambien puedes filtrar el ancho de banda que deseas que consuman los ordenadores de la Red, si se reparten en partes iguales (perfecto para cuando solo hay 1 o 2 PCs conectados a la vez) o restringir un maximo y un minimo para cada uno, dejando a unas maquinas mas ancho de banda que otras o simplemente aun que solo haya una maquina conectada, que solo pueda consumir ese maximo estipulado, dejando el resto de ancho de banda libre para los demas.
Y yo no estoy muy puesto en el tema... seguro que otros te diran soluciones que desconozco para el Hardware y Software que poseas, por lo que te puede ir mejor que lo que he dicho, pero como todos sabemos que NO LEES mis tostones y como ademas tu HAS PLANTEADO INCORRECTAMENTE LA PREGUNTA, ya que no sabemos que Hardware tienes disponible, ni de que tipo de conexion disponemos (1, 3, 10, 20Mbps o mas...), pues se hace complicado responder!"
Y tolgui: "Pos facil,
yo montaría un router neutro wifi como el Linksys WRT54GL con un firmware DD-WRT v24.
Aprovecho una de las características del firmware v24 que son los interfaces virtuales wifi y así podría tener una red wifi privada protegida y una abierta.
Configuraría en el router un hotspot con chillispot y activaría una opción que me permite separar la red wifi de la lan, así los usuarios de la LAN no saldría por el hotspot y los usuarios de la wifi abierta no accederían a la LAN.
Aunque la mejor opción sería dejar la red que tienes ahora (LAN y WIFI protegida) y añadiría un WRT54GL que funcionara como Hotspot abierto con Chillispot pero aislado de la LAN y WIFI que tienes.
Y ya jugando con las opciones de vlan y enrutamiento estático del DD-WRT puedes hacer configuraciones muy personalizadas.
Configuración de DD-WRT con Chillispot.
http://www.dd-wrt.com/wiki/index.php/Chillispot
http://worldspot.net/wk/Main/es/SetupDDWRT
http://worldspot.net/wk/Main/es/Doc
Otra opción si no quieres usar un hotspot es usar dos vlan para tener dos redes separadas entre ellas pero con acceso a internet y crear una red wifi virtual para la abierta.. Así puedes tener tu red LAN y WIFI protegidas y una red WIFI abierta de tal forma que desde la red wifi abierta no accedan a la interna. Por eso te decía que jugando con vlan y ruteo estático puedes hacer maravillas.
En los siguientes links de la wiki de dd-wrt te explican como hacerlo.
http://www.dd-wrt.com/wiki/index.php/Separate_WLANs
http://www.dd-wrt.com/wiki/index.php/VLAN_Detached_Networks_(Separate_Networks_With_Internet)
Te recomiendo que des un vistazo a la wiki de DD-WRT, tienes tutoriales de muchas configuraciones que te pueden servir de ayuda.
http://www.pcdemano.com/phpBB2/viewtopic.php?t=19737