One of the things, if not THE thing I was dying to do in my new apartment, was to set up a real hotspot, as I explained in the two news posts below. Well, it's now up and running. I don't know yet if I'll make a full article about it or if I'll just give tips as I go along, but in the meantime, here's what it looks like:
Installation and configuration
Two OpenWRT devices configured as simple bridges allow guests to connect to the VLAN dedicated to the public wireless network:
A DHCP server provides an IP in the appropriate subnet. A simple pf rule redirects all HTTP requests to a captive portal that explains to guests what information to enter in their browser to be able to use HTTP, HTTPS, and FTP (note that so far, only one out of about 30 has managed to complete this highly technical operation...). Some QoS rules ensure that guests don't consume all my bandwidth:
The user then goes through Squid, and their activity is filtered by squidGuard, in which I've blocked the categories !aggressive !violence !hacking !ads !porn !warez !suspect. I apply port-based access lists on the switch that only allow HTTP, SSH, and DHCP protocols.