Public wi-fi network - need to make it unavailable to use p2p-applications

[garlione]

Hi!

I

[wknight40]

Sounds like you are biting off more than you can chew.  First thing might be to increase your incoming bandwith.  Next thing if you can not find the answer hear would be to open the manuals for your routers and read how to get tothe port blocking section.  Next do research on the differnt torrent downloaders.  THese will let you know what ports need forwarding.  These will be the ports that need to be blocked.  Chances are you will run out of spaces for blocking since there are some torrent download programs.  Keep in mind that Comcast tried this and wound up in a whole heap of trouble.  The big differance is you are offering a free service on a private network.  I'm familiar with Linksys, this is why I cannot tell you about Netgear without actually looking at it.

[akogot]

what type of wifi router? and btw you can only block it if someone is using these programs unsecured.

Best thing to do is actually limited each peer bandwidth. you can even give them a ratio of like 15% or something.

[Swimmer]

Alright a few things... This is just about impossible to do, shutting down p2p apps.   The reason being that most of the applications that are being used today use encryption.  So any type of traffic recognition is not going to work.  If the users are fairly dumb.. you might get them off which is about 10% maybe.   Most of the bit torrent stuff is going to have encryption enabled to begin with.

The most logical solution would be to install something like pfSense or m0n0wall.  (most people know that I am a Smoothwall guy.. I will explain in a minute why I like these two products)  The reason for this is to gain a hold of you network.  Using the same network for both your business transactions and your guests is a really really really ( that is 3 reallys) bad idea.  You really should segment the wireless and the business components to prevent any worms, viruses, etc from your network. 

Now the fun stuff..  I don't know if your users have to accept a User Agreement prior to using the network...  The two products that I recommended will allow you to create a captive portal.  Meaning that prior to giving them access to the Internet they will have to accept your terms.  The other great thing is that if the users are using p2p you can queue their traffic, if it is identifiable. Kazaa and the other non bit torrent should be a little easier to block as they require a specific port to connect to the master servers.

So I would start with looking into those two products... My guess would be that m0n0wall is going to be the way to go due to the captive portal and traffic shaping flexibility.  If you have any more detail on your network that would also help.  You are really not going to be able to do anything with a consumer router.

[iced98lx]

I'll go with Swimmer here and say it's time to take your firewall solution a little more seriously and look at turning your routers in just strait AP's. Let PfSense handle the rest (or whichever you pick ) I'm a huge pf fan, and use it personally and professionally. I'm going to suggest not just captive portal, but blocking any and all traffic other than port 80, 25, and 110. That should give them web browsing, pop3 email, and outgoing SMTP for e-mail sending. That won't stop someone from using a p2p but it will limit the effectiveness of it. Then it's time to look at how many AP's you have vs rooms/possible connections etc.

This is a decent sized project, and will require some planning to get it to work effectively and happily for all your hotel guests. We can perhaps help a bit, but we'd need more information:

# of rooms (possible connections)

Bandwidth you have (and can you upgrade if you need to?)

services you want to allow (E-mail, web browsing, group printing, etc)

there are lots of very bright people on here that know a lot more than just internet tweaking, and we're all here to help the best we can