Network Settings
From Wiki@Commgate
Contents |
Bandwidth
Overview
| Description | Manages bandwidth through the gateway. |
|---|---|
| Package Name | cc-bandwidth |
| Configuration Page | Network > IP Settings > Bandwidth |
The bandwidth manager is used to shape or prioritize incoming and outgoing network traffic. You can limit and prioitize bandwidth based on IP address, IP address ranges, port, and port ranges.
The bandwidth manager is designed to guarantee a certain speed for either an IP address and/or port on your LAN (or DMZ). The bandwidth manager does not manage traffic to/from the CommGate Server itself.
Services
The Bandwidth Monitor service provides hourly bandwidth measurements from our remote system monitors. The service is an excellent tool for monitoring your Internet Service Provider's (ISP) quality of service. This service will monitor your downstream rate, the rate at which you can receive data from an external source (download speed).
How It Works
The bandwidth manager is designed to guarantee a certain speed for either an IP address and/or port on your LAN (or DMZ). The bandwidth manager does not manage traffic to/from the CommGate Server itself. To demonstrate how the system works, lets go through a scenario with a voice-over-IP (VoIP) server. We have:
- 1000 kbit/s upload and download connection to the Internet
- voice-over-IP (VoIP) server at 192.168.1.80 on our local network
- enabled a bandwidth rule that reserves 500 kbit/s upload and download for the VoIP server
In our example, the network is at first completely congested with web downloads. The VoIP server is idle, so the full 1000 kbit/s is used for the web downloads. In other words, the web downloads are allowed to "borrow" the bandwidth we have reserved for the VoIP server.
Someone in the office then makes an outbound 4-person conference call via the voice-over-IP server. The conference call requires 300 kbit/s and the bandwidth manager will go into action. The lower priority web downloads will get slowed from the maximum 1000 kbit/s to 700 kbit/s. The higher priority conference call will receive its required 300 kbit/s.
Configuration
Bandwidth Rules
A bandwidth management rule contains the following six parameters.
Nickname
The first parameter is an optional nickname you can use to easily identify the rule. Valid nicknames can contain alphanumeric characters (A-z0-9) and optional dashes '-' or underscores '_". Spaces are not allowed.
IP Address/Range
The IP address parameter can contain:
- A single IP address
- A IP address range
- nothing
If this field is left blank, then the bandwidth rule will be used by all IP addresses will. When specifying an IP address range or [Network Notation|network /netmask]], the block of IPs will share the specified bandwidth settings. For example, 192.168.0.1/24 with 500 kbit/s download means the entire 192.168.0.x network will not be able to use more that 500 kbit/s of download bandwidth. All systems on the 192.168.0.x must share this bandwidth.
Port/Range
The port parameter is used to apply a bandwidth rule to a particular service. For instance, you can limit web traffic by specifying port 80. If the port is left empty, then all ports will be affected. You may also specify a colon-delimited port range. For instance, 5000:5010 would impact all the ports between 5000 and 5010.
Priority
Priority provides a mechanism to prioritize traffic when all bandwidth rules are at capacity. Higher priority traffic will be given preference over lower priority traffic. There are 7 priority levels, 1 - 7, where 1 is the highest priority. By default, traffic that is not matched by a bandwidth rule will be assigned the lowest priority.
Upload
The upload rate in kilobits per second. If left empty, the upload rate will be unlimited.
Download
The download rate in kilobits per second. If left empty, the download rate will be unlimited. Note: If both upload and download are left empty, then the rule will be invalid.
Peer-to-Peer Bandwidth Rules
In order to manage peer-to-peer traffic, make sure you have the Peer-to-Peer module installed.
Configuring bandwidth control for peer-to-peer is similar to creating a regular bandwidth rule. However, you need to specify the peer-to-peer network instead of the IP address and port.
Units - kbit/s, kbps, Mbps, and Other Confusion Notation
Depending on where you are and who you are talking too, there are different measurement units used for bandwidth. Here are some tips to help with converting from one unit to another -- capitalization is important:
Unit Alternatives kilobits per second kbps kbit/s kb/s kilobytes per second kBps kbyte/s kB/s megabits per second Mbps Mbit/s Mb/s megabytes per second MBps MBytes/s MB/s
Conversion tips:
- Mega is 1000 times larger than kilo
- A byte is 8 times larger than a bit
Examples:
- 1 Megabit per second is approximately 1000 kilobits per second
- 1 Megabyte per second is approximately 8000 kilobits per second
Links
Advanced Routing and Traffic Control Queueing
DHCP Server
Overview
| Description | DHCP server for dynamically assigning IP addresses. |
|---|---|
| Package Name | cc-dnsmasq |
| Configuration Page | Network > IP Settings > DHCP |
The Dynamic Host Configuration Protocol (DHCP) allows hosts on a network to request and be assigned IP addresses. This service eliminates the need to manually configure new hosts that join your network.
Installation
If you did not select this module to be included during the installation process, you must first install the module.
Configuration
Global Settings
Status
You can enable and disable the DHCP server at any time.
Authoritative
Unless you are running more than one DHCP on your network, enable Authoritative mode. When this is enabled, then DHCP requests on unknown leases from unknown hosts will not be ignored. This will be the case when a foreign laptop is plugged into your network.
Domain Name
The server can auto-configure the default domain name for systems using DHCP on your network. You can either use a registered domain (for example: example.com) or you can simply make one up (for example: lan). Example:
- A desktop system on your local network has a system name scooter and uses DHCP.
- The domain name specified in the DHCP server is example.com.
- On startup, the desktop system appends example.com to its system name. Its full hostname would become scooter.example.com.
Subnet Configuration
In a typical installation, the DHCP server is configured on all LAN interfaces. To add/edit DHCP settings for a particular network interface, click on the appropriate add/edit button. The following screenshot highlights the button for adding DHCP settings for the eth1 network interface.
Network, Netmask and Broadcast
The network, netmask and broadcast are automatically detected. In almost all circumstances, you want to use these detected default values.
IP Ranges
Keep a range of IP addresses available for systems and services that require static addresses. For instance, VPN and some types of network printers require static IP addresses.
In a typical local area network, the first 99 IP addresses are set aside for static addresses while the remaining addresses from 100 to 254 are set aside for the systems using the DHCP server. Adjust these settings to suit your needs and your network.
DNS Address
The server can auto-configure the DNS settings for systems using DHCP on your network. By default, the IP address of the caching DNS server on your CommGate Server is used. You should change this setting if you want to use an alternate DNS server.
WINS Address
If you have a Microsoft Windows Internet Naming Service (WINS) server on your network, you can provide the IP address to all Windows computers on your network. This will allow Windows systems to access resources via Network Neighborhood. You can enter the LAN IP address of your CommGate Server here if you have enabled the WINS server on the CommGate Server.
Active and Static Leases
A list of systems that are actively using the DHCP server is shown in the Active Leases table. If you would like to make a DHCP lease for a particular system permanent, you can click on the appropriate Add button in this list. In the screenshot below, the button to add 192.168.2.212/Scooter as a static lease is shown.
Common Errors
- You should only have one (1) DHCP server per network.
- Enabling DHCP on your Internet connection is not a good idea.
Links
Hosts and DNS Server
Overview
| Description | Hosts file and local DNS server configuration. |
|---|---|
| Package Name | cc-dnsmasq |
| Configuration Page | Network > IP Settings > Hosts and DNS Server |
Hosts (/etc/hosts) is a simple text file that associates IP addresses with hostnames. If you have the caching DNS server installed, all the entries in the hosts file will be made available.
Configuration
A host is defined as any system with an IP address -- desktop, laptop, printer, media device, etc. Each host can have a hostname, along with any number of aliases. For example, you could add a hostname for a file server on your network with the following settings:
- IP Address: 192.168.1.10
- Hostname: fileserver.example.com
After adding the hostname, you are given an opportunity to add additional aliases (or hostnames) for the given host. If we were using the file server as a backup server, we could add backup.example.com to the list of aliases.
Tips and Tricks
You may have noticed that a default alias is added whenever you add a hostname. For example, adding the hostname fileserver.example.com will also add the default alias fileserver. This alias can be used as a shortcut on your network. How? If you use the CommGate Server's DHCP server, you can specify a default domain name. Staying with our example, our default domain name should be set to example.com. Any system using DHCP could then access other systems on the network using the alias (fileserver) instead of the full hostname (fileserver.example.com).
Links
IP Settings
Overview
| Description | IP, hostname and DNS settings. |
|---|---|
| Package Name | cc-network |
| Configuration Page | Network > IP Settings > IP Settings |
A configuration page for configuring your network cards, hostname and DNS servers.
Configuration
Linux will auto-detect most PCI-based network cards. Older ISA cards may require setting parameters for the IRQ and IO. You may also need to disable plug-and-play features on the card. Please check Red Hat's Hardware Compatibility Lists to see what settings may be required for your brand of network card.
Network Roles
When configuring a network interface, the first thing you need to consider is the network role. Will this network card be used to connect to the Internet, for a local network, for a network with just server systems? The following network roles are supported in CommGate Server and are described in further detail in the next sections:
- External - network interface with direct or indirect access to the Internet
- LAN - local area network
- Hot LAN - local area network for untrusted systems
- DMZ - de-militarized zone for a public network
On a standalone system, your network card should be configured with an external role, not a LAN role
External
The external role provides a connection to the Internet. On a CommGate Server configured as a gateway, the external role is for your Internet connection. On a CommGate Server configured in standalone mode, the external role is for connecting to your local area network.
With the Office and Enterprise Editions, you can have more than one external interface configured for load balancing and automatic failover. See the Multi-WAN section of the user guide for details.
Gateway Setting -- If you have a static IP address, it is important to make sure the gateway configuration setting is correct. If the gateway setting is missing or invalid, your system will be unable to reach the Internet. On most networks, the gateway IP address will be on the same network as your external IP address. For example, an external IP address of 10.22.22.22 will typically have a gateway at 10.22.22.1 or 10.22.22.254. In some circumstances, the gateway will not be on the same network. You will see a warning message about this unusual gateway configuration.
LAN
The LAN (local area network) role provides network connectivity for your desktops, laptops and other network devices. LANs should be configured with an IP address range of 192.168.x.x or 10.x.x.x. For example, you can configure your CommGate Server's LAN interface with the following:
- IP: 192.168.1.1
- Netmask: 255.255.255.0
All systems on your LAN would have IP addresses in the range of 192.168.1.2 to 192.168.1.254.
Hot LAN
Hot LAN (or "Hotspot Mode") allows you to create a separate LAN network for untrusted systems. Typically, a Hot LAN is used for:
- Servers open to the Internet (web server, mail server)
- Guest networks
- Wireless networks
A Hot LAN is able to access the Internet, but is not able to access any systems on a LAN. As an example, a Hot LAN can be configured in an office meeting room used by non-employees. Users in the meeting room could access the Internet and each other, but not the LAN used by employees.
The firewall port forwarding page in the web-based administration is used to forward ports to both LANs and Hot LANs.
Note : Only one Hot LAN is permitted.
DMZ
A DMZ interface is for managing a block of public Internet IP addresses. If you do not have a block of public IP addresses, then use the Hot LAN role. A typical DMZ setup looks like:
- WAN: An IP addresses for connecting to the Internet
- LAN: A private network on 192.168.x.x
- DMZ: A block of Internet IPs (e.g from 216.138.245.17 to 216.138.245.31)
The web-based administration tool has a DMZ firewall configuration page to managed the DMZ network.
Virtual IPs
CommGate supports virtual IPs. To add a virtual IP address, click on the link to configure a virtual IP address and add specify the IP Address and Netmask.
In version 3.x, the procedure is different. From the main configuration screen:
- Click on Edit for the appropriate interface
- Select a Role for the interface (if required)
- Select the Virtual as the interface Type
- Configure an IP address
You will also need to create advanced firewall rules if the virtual IP is on the Internet.
Configuration from the Console
You can access network configuration tools from the Administration Console tool. All other configuration is done remotely via a web browser -- the console is only used to change or configure your network information. The console can be accessed from a monitor and keyboard attached the server.
Troubleshooting
The two network cables coming from your box may need to be swapped. If you are having a hard time connecting to the Internet, make sure you try swapping the cables.
In most installs, the network cards and IP settings will work straight out of the box. However, getting the network up the first time can be an exercise in frustration on some installs. Issues include;
- Network cards that are not auto-detected
- Invalid networks settings (username, password, default gateway)
- Finicky cable/DSL modems that cache network card hardware information
Here are some helpful advanced tools and tips to diagnose a network issue. After booting the system, hit Alt-F2 to get to a login prompt. Login with your username root and your password. The following tools will show detailed diagnostic data on your network cards.
- mii-tool displays link status and speed
- ethtool eth0 displays links status, speed, and many other stats - not all cards support this tool
- ifconfig eth0 displays IP settings on eth0
LAN Configuration
Overview
All of the computers and devices on your network should have Internet addresses between 192.168.x.2 and 192.168.x.254. When you are configuring your network, you have two choices:
- Manually set the IP address to a specific number (static IP) or
- Allow CommGate to automatically set the client IP address (via the DHCP server).
If you configure devices with static IP addresses, make sure you only use an address between 192.168.1.2 - 192.168.1.99. CommGate includes a caching DNS server, but you can use this as your Internet Service Provider's DNS servers if you wish.
Network Settings
| Feature | Description |
|---|---|
| Default CommGate Office IP Address | 192.168.1.1 |
| Available static IPs | 192.168.1.2 - 192.168.1.99 |
| Addresses used by DHCP | 192.168.1.100 - 192.168.1.254 |
| DNS Servers | 192.168.1.1 and/or your ISP's DNS servers |
Windows 95/98
To set up networking in the Windows 95/98 environment...
Step 1 - Control Panel
- Click on the Start button, then follow the menu to Settings > Control Panel
- Double-click on the Network icon to bring up a window that will look similar to the screenshot
- Select TCP/IP and click on the Properties button.
Step 2 - IP Address
On the IP Address tab, you can select Obtain an IP address automatically and CommGate Server will automatically assign an IP address for you.
Alternatively, you can choose Specify an IP address (as shown in the screenshot). Make sure you pick an address between 192.168.1.2 to 192.168.1.99. The subnet mask is always 255.255.255.0.
Step 3 - Gateway Settings
Click on the Gateway tab. If you decided to let CommGate Server assign your IP address automatically, then there is no need to add an Installed Gateway. Your CommGate Server software will automatically handle this for you. If you decided to specify your IP address, then you will need to add 192.168.1.1 to the list of installed gateways (as shown).
Step 4 - DNS Settings
If you decided to let the CommGate Server assign your IP address automatically, then you can select Disable DNS. CommGate Server will automatically configure these settings.
If you decided to specify your IP address, then you will need to add 192.168.1.1 to the DNS Server Search Order list (as shown).
You should also add a host name and then add "lan" as the domain. If you prefer to bypass the CommGate Server DNS cache, you can add the DNS servers given by your Internet service provider.
Windows 2000 =
To set up networking in the Windows 2000 environment...
Step 1 - Network Connections
Click on the Start button, then follow the menu to Settings > Network and Dial-up Connections
Right-click on the Local Connection icon and go to properties.
If the Local Area Connection Properties does have Internet Protocol (TCP/IP) go to Step 2 - Configuring TCP/IP. If the Local Area Connection Properties does not have Internet Protocol (TCP/IP), you will need to install it using the Install button.
The "Select Network Component Type" dialog box will appear.
- Select "Protocol" and click on Add. The enumeration of the protocols will take a minute or so.
- Select "Microsoft" from the left panel and select Internet Protocol (TCP/IP) from the right panel.
- Click the OK button.
Step 2 - Configuring TCP/IP
You can configure the TCP/IP properties by clicking on the properties button in the Local Area Connection dialog box.
Select "Obtain and IP address automatically" and CommGate Server will automatically assign an IP address for you.
Alternatively, you can choose "Use the following IP address:" and enter the IP address, subnet mask, default gateway and DNS server addresses. If you have more than three DNS servers, use the advanced button at the bottom of the dialog box to specify the addresses and the order in which they are used.
Windows XP
To set up networking in the Windows XP environment...
Step 1 - Control Panel
- Click on the Start button, then follow the menu to Settings > Control Panel
- Double-click on the Network Connections
- Right click on Local Area Connection and go to Properties
Step 2 - Select IP Properties
Select TCP/IP and click on the Properties button.
Step 3 - IP Address
On the IP Address tab, you can select Obtain an IP address automatically and CommGate Server will automatically assign an IP address for you.
Alternatively, you can choose Specify an IP address (as shown in the screenshot). Make sure you pick an address between 192.168.1.2 to 192.168.1.99. The subnet mask is always 255.255.255.0.
Step 4 - DNS Settings
If you decided to let the CommGate Server assign your IP address automatically, then you can select Disable DNS. CommGate Server will automatically configure these settings.
If you decided to specify your IP address, then you will need to add 192.168.1.1 to the DNS Server Search Order list (as shown).
You should also add a host name and then add "lan" as the domain. If you prefer to bypass the CommGate Server DNS cache, you can add the DNS servers given by your Internet service provider.
Multi-WAN
Overview
| Multi-WAN | Information |
|---|---|
| Description | Support for multiple connections to the Internet. |
| Package Name | cc-multiwan |
| Configuration Page | Network > IP Settings > Multi-WAN |
| Keywords | Multiwan, dualwan, dual-wan |
The multi-WAN feature in the CommGate Server allows you to connect your system to multiple Internet connections. CommGate Server's multi-WAN not only provides load balancing, but also automatic failover.
Installation
If you did not select this module to be included during the installation process, you must first install the module.
How It Works
CommGate Server's multi-WAN has the following features:
- auto-failover
- load balanced
- round-robin based on user-defined weights (see configuration section)
To give you an example of how multi-WAN works, imagine two 1 Mbit/s DSL lines with two users on the local network. With every new connection to a server on the Internet, the multi-WAN system alternates WAN interfaces. User A could be downloading a large file through WAN #1, while User B is making a voice-over-IP (VoIP) telephone call on WAN #2.
With some applications, the download speed for the multi-WAN system can use the full 2 Mbit/s available. For example, downloading a large file from a peer-to-peer network will use the bandwidth from both WAN connections simultaneously. This is possible since the peer-to-peer technology uses many different Internet "peers" for downloading. At the other end of the spectrum, consider the case of downloading a large file from a web site. In this case, only a single WAN connection is used -- 1 Mbit/s maximum.
Bandwidth aggregation (combining multiple WAN interfaces to look like a single WAN interface) is not possible without help for your ISP since both ends of an Internet connection must be configured.
Configuration
Enable/Disable
When multi-WAN is enabled, all active WAN interfaces are used to connect to the Internet. When multi-WAN is disabled, the first active WAN interface is the only network used to connect to the Internet.
Weights
Multi-WAN weights are used to load balance outbound Internet traffic. By default, all WAN interfaces are given a weight of one. This default configuration means the network traffic will be (roughly) evenly split amongst the different WAN connections.
In one of the typical multi-WAN configurations, a second broadband connection is used for backup. This second connection is often a low-cost and low-bandwidth connection. In this case, you would want to set the weight on your high-bandwidth connection to 3 or 4, while leaving your low-cost/low-end connection with a weight of 1.
Source Based Routes
In some situations, you may want a system on your local area network (LAN) to always use a particular WAN interface. The screenshot below displays the configuration for two scenarios:
- Sending network traffic for the 216.138.245.16/28 block of Internet IPs out the eth0 WAN.
- Sending network traffic from a voice-over-IP (VoIP) server on the LAN at 192.168.1.100 out the eth1 WAN.
Destination Port Rules
In some situations, you may want to send network traffic for a specific port from your LAN out a particular WAN interface. The screenshot below displays the configuration for always sending DNS traffic (port 53) out the eth0 WAN network.
File:Network settings-multiwan dpr.png
Destination port rules only apply to connections originating on your LAN. These rules do not apply to traffic originating from the CommGate Server itself
Routing Policies
Some Internet service providers (ISPs) will not allow traffic from source addresses they do not recognize as their own. The following scenarios will give you a good idea of common issues faced in a multi-WAN environment. In the examples, we assume two connections, but the same issues crop up with three or more connections.
DNS Servers
The DNS servers configured on the CommGate Server will be provided by one or both ISPs. In our example, we are going to assume that ISP #1 provides the DNS servers. If a DNS request from your network goes out the ISP #2 connection, it might get blocked by ISP #1. Result: DNS requests will only succeed on ISP #1.
Solution -- Use DNS servers that are accessible from any network. If your ISPs do not provide such DNS servers, then we recommend using OpenDNS.
Note: your DHCP/DSL network configuration settings should have the Automatic DNS Servers checkbox unchecked - see screenshot.
DMZ Networks and 1-to-1 NAT
If you have a range of extra IP addresses provided by ISP #1, you may need to explicitly send traffic from these extra IPs out the ISP #1 connection. ISP #2 may drop the packets.
Solution -- Use a Source Based Route for your DMZ network.
Links
Advanced Routing and Traffic Control
Network Tools
Overview
| Network Tools | Information |
|---|---|
| Description | Tools to monitor and diagnose the network. |
| Package Name | cc-nettools |
| Configuration Page | Network > IP Settings > Network Tools |
Installation
If you did not select this module to be included during the installation process, you must first install the module.
Configuration
Connection Monitor
The connection monitor shows real-time information on connections going in and out of the CommGate Server. This tool can be useful when diagnosing issues on your local network (for example, finding a computer with a virus).
- Protocol -- the Internet protocol used by the connection
- Expires -- the time in hours remaining before the connection expires
- Source -- the source IP address
- Destination -- the destination IP address
- Status -- the status of the connection
- Port -- the source port and destination port
- Service -- the service associated with the destination port (if known)
Routing Table
The routing table provides technical information on the active routes on the system.
Protocol Statistics
Detailed technical information on the underlying TCP/IP network.
Links
Advanced Routing and Traffic Control
UPnP
Overview
| UPnP | Information |
|---|---|
| Description | Universal plug and play software. |
| Package Name | linuxigd |
| Configuration Page | none |
UPnP should only be used on a home or trusted network. Avoid using this software on office, school other other untrusted networks. See note below.
There are many opponents against UPnP. However, we feel that Open Source is all about giving people choices, and letting intelligent people make intelligent decisions about its use. A lot of us really need this daemon, and can live with the consequences because we are simply connecting a home network to the internet through one IP
UPnP version 1.0 is inherently flawed. What appears to have happened is that in Microsoft's first UPnP implementation they weren't concerned with security or any advanced controls. Simply all they wanted was connectivity. So we are stuck with this for now. The UPnP server, by itself, does no security checking. If it receives a UPnP request to add a portmapping for some IP address inside the firewall, it just does it. Theoretically this could open up ports on some other system
Wireless
Overview
| Wireless Card | Information |
|---|---|
| Description | Wireless network card settings. |
| Package Name | cc-wireless |
| Configuration Page | Network > IP Settings > Wireless |
CommGate includes support for wireless network cards.
Installation
If you did not select this module to be included during the installation process, you must first install the module.
Configuration
Supported Hardware
Many wireless network cards work out of the box in Linux (see Links section below). However, we only officially support the following:
- PCI: Netgear 11Mbps 802.11b Wireless PCI Card (MA311)
- ISA-to-PCMCIA bridge: All models
- PCI-to-PCMCIA bridge: Buffalo Tech WLI-PCI-OP
- PCMCIA: Orinoco Silver and Gold 802.11b PCMCIA
From the Orinoco site: "For PCs with an ISA slot, the ORiNOCO ISA adapter is strongly advised." In other words, only purchase the PCI card if your system is PCI-only.
PCMCIA Settings
If you use a PCMCIA (laptop) card, you may need to change some of the settings.
PCIC Driver
There are a few different types of hardware drivers (PCIC drivers) available for PCMCIA. Consult your hardware's user guide or online support to determine your settings. For the Orinico PCMCIA cards, use i82365
PCIC Options and Core Options
Some PCMCIA hardware drivers require special options. In most cases, you can leave the PCIC Options and Core Options blank. Consult your hardware's user guide or online support if the system is unable to detect your card. For the Orinoco PCMCIA cards, you may need to use i365_base=0x3e2 for PCIC Options (leave Core Options blank).
Network Settings
The network configuration for a wireless card is done just like any other network card. However, the following extra wireless-only options are required.
ESSID
The ESSID is a nickname to give your wireless network. In the screenshot, the name Woburn Wireless is used. When configuring other wireless devices on your network, make sure you use the same ESSID.
Mode
The wireless card can run in a number of different modes. The most common are Ad-Hoc and Master/Access Point. From the list of officially supported wireless cards, only Ad-Hoc mode is supported. For un-official wireless cards, you may be able to run the card in other modes.
Secret Key
The Secret Key is used to encrypt your network traffic. The Orinoco Silver card requires a 5-character (40-bit) key prefixed with 's:' - e.g. s:abcde. This must match the settings for other wireless devices on your network.
MAC Address Filtering
For added security, you can allow only certain network MAC addresses on your wireless network.
