Neighborhood File Sharing

[Jimmah]

I've been working on a little project to allow my nieghbors access to some of my network drives for sharing and LAN games (I know, games over wifi = bad). I'm using ZeroShell (big fan of this) and I have the AP, Captive Portal, all DHCP and Authentication worked out. Problem is, I need the users to only have access to the share and nothing else, I don't even want them seeing anything else past the router.

Here are the ideas thus far:

Set it up so they can see everything but only have access to certain shares - really not wanting to do this.

Use the firewall to block all ports minus the ones for network sharing and file transfer - can look these up, not terribly difficult from the looks.

Set up a guest account on the file server to allow access to the shares and have the ZS router only send traffic to the server - account part is easy, other part I'm unsure about.


Most secure way would to use a NAS only connected to the router of course, but that would be too simple, plus I don't have any spare money right now (router parts I had lying about). I believe this doesn't violate any TOS or laws as I'm only sharing empty drives and no access to internet.

I appreciate any ideas and help, this is a fun little project a lot of my neighbors are really excited about and I would love to get it finished for the weekend.

 

[skyking]

The gateway issue is the problem. If they connect to your router, their computer will try and use that connection to get to the internet. They would have to know how to set up a couple of connections and specify which one is the gateway. It gets complicated.
If they only wanted to connect to game locally, and then disconnect from your network and connect to their own for internet it is less complicated.

 

[Emulex]

use a dedicated access point to a dedicated nic . a buffalo WZR series modded with two ebay +25dbi directional yagi on channel 6 20hz wide would yield about hmm maybe even over the legal 50db limit. thats about 100x the power of an airport extreme.

With it having a dedicated router you can enforce IP isolation and logins (cafe). then firewall on the nic the ports you don't want. I'd suggest you share using openfiler or pfsense so you can do ftp/webdav/http/netbios/dlna etc all those formats people want. and firewall everything else on the pc - the dedicated nic? $10 rosewill special will work. firewall - built into any o/s these days.

WZR is $62 new shipped. $25 for each yagi shipped from china - trust me going from 2dbi directions to 25dbi is insane.

 

[Jimmah]

use a dedicated access point to a dedicated nic . a buffalo WZR series modded with two ebay +25dbi directional yagi on channel 6 20hz wide would yield about hmm maybe even over the legal 50db limit. thats about 100x the power of an airport extreme.

With it having a dedicated router you can enforce IP isolation and logins (cafe). then firewall on the nic the ports you don't want. I'd suggest you share using openfiler or pfsense so you can do ftp/webdav/http/netbios/dlna etc all those formats people want. and firewall everything else on the pc - the dedicated nic? $10 rosewill special will work. firewall - built into any o/s these days.

WZR is $62 new shipped. $25 for each yagi shipped from china - trust me going from 2dbi directions to 25dbi is insane.

Do you feel this would be more viable than using the Zeroshell AP router w/captive portal? I like the idea of using smaller hardware it's just out of my budget atm (unemployed is le suck).

Thank you both for your input, it is appreciated greatly.