Ok. What I understood: 1. You are using the same Wireless link for both: your office and your guests <--- if so, that's a bad idea. 2. You have no Domain Controller on your network. 3. You have no DNS on your network. 4. You need to implement access restrictions for you internal network, but not for you guests (so, you have an "open wireless AP" that is used for your customers). I would suggest: Internet ---- DLink ADSL router ------ Linux box with 2 network cards ------- Your internal network ------ maybe a second wireless ap. This way, you will allow your guests to access Internet (direct), but not to your internal network (which is always a bad idea: virus and stuff). Also, you will be able to enforce access restrictions for your internal network. The "second wireless ap" is needed only if you need wireless access to your internal network, and that one should, at least, have WPA2-PSK with a long key, and that key should be changed at least once every two months, and ideally should be configured with WPA2 with RADIUS. In the Linux box you put: + Squid. + Linux firewall. + DHCP + Internal DNS + Web server for wpad. Maybe, other interesting services for your internal network, but that would be really off-topic. This is not the only option, there are several others, but I find this one more "secure", because it separates your guests from your internal network. I hope this helps, Ildefonso Camargo On Wed, May 5, 2010 at 1:14 PM, Dave Coventry <dgcoventry@xxxxxxxxx> wrote: > Thanks for the help, Jose. > > On 5 May 2010 18:46, Jose Ildefonso Camargo Tolosa > <ildefonso.camargo@xxxxxxxxx> wrote: >> Ok, so, you could, in theory, add an internal DNS zone, right? >> (because is doesn't currently exists). Now, and off-topic question: >> do you have a "domain" on your network, or just have a "workgroup" >> (I'm assuming you have Windows computers for your staff). > > Yes. I'm sure I can set up t DNS on the Debian box. > > I'm not sure what a Domain is, but, yes, I have a windows 'Workgroup'. > All computers (except mine) are windows machines. There is a chance > that the Guest computers might have Linux (or Mac), but I would > imagine that the bulk would be Windows. > >> Ok, guests=clients ie, persons not part of the company, right? > > Correct. > >> Yeah, all the bosses like their gadgets........ > :) >