How do you bring down the high cost of cable Internet access? Share it with your neighbors (for a price, obviously)! You can do this naively by telling your neighbors your wi-fi network name and password, but this introduces a few problems:
- Liability: Do your neighbors use file-sharing services like BitTorrent? Comcast monitors that sort of traffic and sends cease-and-desist e-mail to customers sharing [unencrypted] torrents.
- Coverage: Unless you live particularly close together, a single wi-fi access point will probably not be sufficient for everyone to have a strong wi-fi signal everywhere they use their computers, tablets, and smart phones.
- Performance: No one wants their Internet connection to slow to a crawl because their neighbor is using all of the available bandwidth to download the latest Game of Thrones episode.
For this guide, I’m assuming you already have a home wi-fi router and want to learn how setup a shared network with enhanced coverage and performance, while reducing liabilities. All without running extra cables around your house or apartment!
- A broadband Internet connection
- A wi-fi router for your home or apartment (I’m using an Apple Airport, but any decent, modern router should work)
- A Linksys WRT54GL wifi-router for your neighbors (you can find these online for less than $50)
- DD-WRT firmware to unlock the full power of your Linksys router
Our basic idea is to create a private wi-fi network for yourself, and a public wi-fi network for your neighbors. This is why you’ll need two wi-fi routers. Plus, the public router allows you to position it where your neighbors will get the best signal strength, while you can still position your private router wherever it works best for you. The network you create will look something like this (solid lines represent Ethernet cables, dashed lines represent wi-fi connections):
Network topography: By introducing a second, public wifi router, you can keep your computers separated from your neighbors’ computers.
As this diagram shows, we’ll have an Ethernet cable running from your cable/DSL model to your private router, but that’s it! No other cables necessary!
Setting up your private network
I’ll assume you’ve already setup your private wi-fi router (just about all of them come well-configured out-of-the-box these days), but here are some recommendations for a fast, secure network:
- Enable WPA2 encryption: this is much more secure than WEP encryption, and lets you use easy-to-remember passwords instead of arcane sequences of hex characters. DD-WRT (which we’ll be using to setup your public router) only works well with WPA2 encryption, so this isn’t just a good idea; it’s required if you want your private router and public router to communicate wirelessly.
- Pick an unused wi-fi channel: the most common channels are 1, 6, and 11. You can use a tool like iStumbler (Mac) or Kismet (PC) to identify which channels are already being used by nearby wi-fi routers. If channel 1, 6, or 11 is available, use it. If there are already a lot of other people using those channels, choose 3 or 9 to reduce wi-fi interference as much as possible.
Setting up the public network
Once you have your private wi-fi working properly, it’s time to setup your new Linksys WRT54GL to share your connection with the neighbors. We’ll also install DD-WRT firmware on it, which allows this old router to learn new tricks and perform significantly faster than it does out-of-the-box.
What’s firmware? Firmware is the software that controls your router. By upgrading from the Linksys firmware to DD-WRT, you are essentially installing software that can do more things (and do them faster!) than the Linksys software.
- Download the following files, and save a copy of this guide to your computer. You’ll be disconnected from the Internet while you initially configure your router:
It may also be worthwhile to check this forum thread for newer recommended builds, but I know the r14929 has worked extremely reliably for me. Additional information about installing DD-WRT on the WRT54GL can be found here.
- Do a hard reset of your Linksys WRT54GL router. A hard reset involves four steps:
- With the router powered on, press and hold the power button for 30 seconds (I usually use a pen to press this button)
- Unplug the router from the power outlet while continuing to press the power button for an additional 30 seconds.
- Plug the router back into the power outlet while continuing to press the power button for an additional 30 seconds.
- Release the power button to let the router turn itself back on.
So, you’ll be pressing and holding the power button for a total of 90 seconds. I can’t stress how important this step is—I skipped it the first time I setup my WRT54GL, and while everything looked fine, nothing actually worked properly.
- Connect your computer to the WRT54GL using an Ethernet cable plugged into the jack labeled 1 on the back of the router and turn off wi-fi on your computer.
- Open up a web browser and type 192.168.1.1 into the address bar, then hit the return key. You should be asked for a username and password. Leave the username blank, and type in admin as the password (this is the default way to login to Linksys WRT54 routers).
- Upgrade your WRT54GL with the micro DD-WRT firmware you downloaded earlier. We need to start with the micro firmware because of a bug in the Linksys firmware—some routers will stop working entirely if you try to install the standard DD-WRT firmware first. Linksys provides step-by-step instructions for installing new firmware.
- Wait about 5 minutes for the upgrade process to complete and the router to restart. Do not unplug the router during this time.
- Once the router has restarted, visit 192.168.1.1 again to confirm that everything is online. Then perform another hard reset (step 2 above).
- Once the router has restarted again, visit 192.168.1.1 in your web browser. Click on the Administration tab at the top of the page. You should be asked to log in; the default username is root, and the default password is admin.
- Click the Firmware Upgrade tab (beneath the Administration tab). Click on the Browse… button and select the standard firmware file you downloaded earlier, then click Upgrade.
- As with step 6, wait about 5 minutes for the upgrade process to complete.Do not unplug the router during this time.
- Once the router has restarted, visit 192.168.1.1 to confirm that everything is online, and then perform another hard reset (step 2 above). Yes, that’s three hard resets, and yes, they’re all necessary. I tried to skip these steps and found that none of my settings were saved by the router; each time it restarted it would revert to the default settings. Learn from my mistake!
- Now for the fun stuff! Visit 192.168.1.1 in your web browser and click on the Setup tab. If prompted to login, the username is root and the password is admin. (Feel free to change these at any time from the Administrationtab.) Most of the settings can be safely left at their default values, while others will depend on your personal network configuration. The sections below describe the necessary changes to get your public wi-fi network running, plus some recommended (but optional) settings that I find work well. Each step refers to settings on a specific tab and sub-tab of the router’s configuration webpage (192.168.1.1).
Always click the ‘Save’ button before moving on to the next tab!
- Setup→Basic Setup
- Local IP Address (optional): My private router uses the IP address 10.0.1.1, so I set this field to 10.0.2.1 to easily tell them apart. If you make this change, you’ll need to connect to 10.0.2.1 instead of 192.168.1.1 for the rest of this guide.
- Static DNS 1 (optional): Set this to Google’s public DNS server, 126.96.36.199.
- Static DNS 2 (optional): Set this to Google’s backup DNS server, 188.8.131.52.
- NTP Client (optional): Enable this and set the time zone appropriately.
- Server IP/Name (optional): If you enable NTP, then set this to 0.us.pool.ntp.org.
- Wireless→Basic Settings
- Wireless Mode: Repeater.
- Wireless Network Name: Set this to your private network name. For example, before I added the public wi-fi router, I had one wi-fi network named Prydain, which is what I entered here.
- Wireless Channel: Set this to your private network channel. You may need to log in to your private wi-fi router to determine (or set) the channel it uses. I would set it to 1, 6, or 11, and not the auto mode most routers default to.
- Network Configuration: Bridged.
- Now click the Add button. A set of fields will appear for your new virtual interface (this will be the public wi-fi network). Configure them as follows:
- Wireless Network Name: Set this to your public network name. For example, I named my public network A Series of Tubes, which is what I entered here. Almost anything will do.
- Wireless SSID Broadcast: Enable so your neighbors can easily find your wi-fi.
- Wireless Channel: Set this to your private network channel, same as above.
- AP Isolation: Disable so if your neighbors have multiple computers, they’ll be able to share files with one another via wi-fi.
- Network Configuration: Bridged.
- Wireless→Wireless Security
- Security Mode: WPA2 Personal (If you haven’t already done so, your private router also needs to be configured for WPA2 Personal security with AES encryption. Most modern routers (as of 2012) default to this security type, but it’s a good idea to verify it.)
- WPA Algorithms: AES.
- WPA Shared Key: Enter your private wi-fi password (i.e., the password you normally use to connect your computer to your wi-fi network).
- Under the Virtual Interfaces section, use the exact same settings as above, except for the WPA Shared Key. Make this different, so that your neighbors will use a separate password than you use. The virtual interface’s Wireless Network Name is the wi-fi name you’ll tell them to connect to, and its WPA Shared Key is the password they’ll need to successfully connect.
- Wireless→Advanced Settings
- Frame Burst (optional): Disable
- TX Power (optional): I experimented with higher values, and found 110 to result in a strong signal for my neighbors without causing interference. I wouldn’t set this any higher than 150; return it to the default of 71 if you experience problems.
- WMM Support (optional): Disable to conserve memory.
- DNSMasq (optional): Enable (These settings enable local DNS caching with a memory limit)
- Local DNS (optional): Enable
- Additional DNSMasq Options (optional): cache-size=100
- SPI Firewall (optional): Disabled (The firewall isn’t needed inside of the network, and interferes with bridging mode)
- Access Restrictions→WAN Access
- Catch all P2P Protocols (optional): Enable this setting to block all unencrypted peer-to-peer traffic for your neighbors.
- NAT / QoS→QoS
There are a lot of options on this page for controlling Quality of Service (QoS), which essentially means setting speed limits on certain Internet activities. If you set Start QoS to Enabled, you’ll have the option of setting a bandwidth limit on your neighbors’ Internet speed, or use the Services Priority section to only limit certain types of activities (like BitTorrent downloads) by setting their priority to bulk.
- Restart the router by unplugging the power cable for a few seconds, and then plug it back in. Enjoy your new, secure shared network!