Wireless APs in Homebrew Coffee Shops?

An anonymous reader writes "Having seen lots of complaints about the overpriced T-Mobile Wireless APs in Starbucks ($10/hr) got me thinking about setting up a wireless AP for the small, family-owned coffeeshop in my town under the tip jar model. I'm assuming ~$100 for the router, ~$500 for a PC to use to control quotas (to prevent over-zealous Kazaa users, block spammers and script kiddies and other would-be abusers) - but what software should I be using? Do enough people have 802.11a/g cards that it would be worth it to invest in that rather than an 802.11b router?" Has anyone considered making a Linux distribution for use by cybercafes, to handle wireless access and anything else such an outfit might need?

"Since this is a medium (50,000-ish) size town, and pretty much everyone in the coffee shop is a regular, would a tip jar model work? I'm figuring suggest a donation - what should I set that at?

Finally, keep in mind that the owner is not a geek - I'd be doing this when not studying (I'm a college student), so this would be set up over the summer, and most of the maintenance would be done on the weekends and/or via SSH.

Any other thoughts would be appreciated."

Check out Austin wireless

[yar]

http://www.austinwireless.net/cgi-bin/index.cgi
T hey've got several low-cost setups all around the Austin area.

Best ones are free

[rblancarte]

I go to one of these places listed (JPs Java House) - they have free unlimited 802.11b access for anyone. Very nice.

Overall, I think that your idea is great. I think you are making a bit more complex than it needs to be. If you want to have quotas that is fine, but why not just put up a 802.11g router (they are cheap) and allow open access. If you want to make sure that people buy stuff to get access - they do what another post says - WEP key on reciept, changed daily (sure, not hard to get around, but more of an honor system). And sure - put up a tip jar - clearly labeled with something like "FOR THE SUPPORT OF OPEN INTERNET ACCESS" or something like that. Heck, with this setup, you could be ready to go tomorrow (not next summer).

I say just go simple. If you make access easy and pretty much open - people will come in just for that. Especially in a college campus area - simple and pretty much unlimited will probably draw a solid crowd.

RonB

Re:Best ones are free

[rblancarte]

Hell, now that I was thinking about it (and reading down some more) - this is more complex than it needs to be.

Heck, I would just provide the access via a solid wireless router. I would make it free and open to all. Block ports of known things you don't want running (KaZaa etc). That is all I would do. I would also do the tip jar just to get some extra cash to help pay for the access (but don't expect too much). And finally I would put up a clearly visible, but not obtrusive, sign that says "Free inte

Re:Best ones are free

[Tony Hoyle]

A PC will be more controllable - you can monitor usage, etc. I have a linux box running HostAP rather than a hardware access point, which is a really flexible solution (not many access points out there have stateful firewalls on :) plus I can do things like rotate the WEP keys to stop people breaking into it.

The security bit is probably not so much of an issue for a cafe, but monitoring access (and if you do decided to charge a small fee, that'll be essential) is really useful.

Re:Best ones are free

[BroncoInCalifornia]

I go to one of these shops while my daughter takes riding lessons. It is First Street Coffee in Gilroy, CA.

They just have a DSL modem and an Apple Airport. No computer etc. This works just fine. People are not there long enough for major file sharing. I did download Open Office once while I was there.

watch for lawsuits!

[iamhassi]

When I went to the library a week ago to use the internet I had to sign an agreement basically stating I wouldn't sue the library for any information I found online.

I laughed, but they were completely serious. Apparently libraries have been sued before [crosswalk.com] because of the content of the internet! But if the library installs filters, they violate first admendment rights. [findarticles.com]

I know this doesn't help with your decision, but you might want to have some sort of disclaimer up stating the cafe is not responsible for

Yep - you're making it WAY too complicated

[Anonymous Coward]

I used to hang out in a coffee shop called Bean Trader's [beantraders.net] in the Durham area, which has had free Wi-Fi at two locations for about a year and a half now. You should definitely check it out if you're in the area. Or, if you just want advice, call the owners, Dave and Christy, they are very friendly, and I'm sure they would be happy to tell you about their real-world expierience with this. (Tell them David and Amber say "hi.")

The owners are NOT techies, and installed Wi-Fi in their forst location basically

Re:Best ones are free

[Nykon]

A tip jar model might not hurt but I wouldnt not count that into your cost/earning budget. The first step would be to just get an 802.11b AP in, and and wait to see if people use it before you add a PC into the mix, unless you can just build or buy an older one for $100. As many failed Wifi providers have found is that people do not want to pay $10 /hr to use it, or pay at all. The best model is to offer the wifi for free. You then ask "how do you make back your money?". With in this model, you offer the wifi for free, which means more people will come to use it, and the people already using it will stay longer. As customers stay they are likely to buy food or more drinks.

Friendliness vs. Paranoia - the More Coffee Model

[billstewart]

The business model for coffee-shop wireless isn't the tip jar - it's the $3 latte, and the extra coffee people drink while they're hanging around using it, and the extra pastries. That's also why you've got the newspapers, the comfy chairs, the shelf of Really Bad Science Fiction books, the chess set. If you've also got a PC in the corner for people who didn't bring their lap top, maybe charge for using that.

WEP isn't necessary for your customers - the main reason coffee-shops use it is to restrict access to paying customers, and you're not doing that - you're selling them friendliness and coffee and chair space and pastries that aren't too sticky to eat next to a computer. If you've got an issue with one of your neighbors sucking down bandwidth, that's different, of course, but setting WEP is an obstacle for users, especially if they've got their own WEP settings for their home or office.

Security and quotas are less necessary than you'd expect, as long as your DSL ISP is good. Start open, and maybe monitor usage and see what problems you get, rather than starting locked down tight, i.e. use your router's security features rather than buying a PC to start with, unless you also want to have the PC for customers who don't bring laptops. (And if your ISP is the uptight, policy-heavy types, running free or especially paid wireless in your store probably violates their policies, plus they're probably already restricting SMTP.) For consumer DSL ISPs, I'm quite happy with sonic.net, Speakeasy's also good and has nationwide coverage, and ever Earthlink's not too bad. Business DSL providers will charge a bit more, and tend to have flexible policies. Cable Modems are a much better match technically, but are run by terminally clueless paranoids who don't understand their business models, so you can't use them except maybe with a higher-priced business-class service.

You're unlikely to have much problem with spammers - geeks hate them, and have fun imagining scenarios like drive-by spammers, but in a small town, it's more of a know-your-customer thing. If you're in a college town, or get lots of high-school kids, you may need to worry more about crackers using your system. On the other hand, you need to leave things open for gamers, and the problem there is making sure the high-school kids keep buying enough drinks to make up for chair space. KaZaa's not really much of a problem, as long as your ISP doesn't ban it, because users are transient enough that they won't be doing much uploading, just leeching.

yes they are

[SethJohnson]

Here's a couple observations from the time I've spent in some of Austin's free wireless cafes (Flightpath and Bouldin Creek Coffee Shop)...

Another benefit of free access is that the employees of the coffee shop don't have to provide any form of technical support for the service. If it don't work, oh well.

Speaking of the employees, I don't think it's a very good idea to use the tip jar you described "FOR THE SUPPORT OF OPEN INTERNET ACCESS". This competes with the tip jar for the employees. Not nice and

wep key on receipt!

[realyendor]

Print the WEP key on the receipt, and change it daily.

Re:wep key on receipt!

[Joe U]

That's a great idea for us geeks, but too complex for the average Joe.

Tech support would eat up too much time.

Re:wep key on receipt!

[Golias]

Anybody wired enough to feel they need their laptop with them when they are drinking coffee at a mom & pop cafe is probably one of us geeks... at least, enough of one to know how to set a WEP key.

Re:wep key on receipt!

[nolife]

Don't be so sure, geeks can figure it out but the business types that have wireless will not. We have wireless in our office. We set the users up for use in our office but we get tons of calls because they can not get it working at the airport, client sites, Starbucks, hotels, and even at their own house. Some of them even have problems getting the wired rj45 working at those same locations which requires no configuration.

Horsecrap

[doc_traig]

My wife saw the ads (targeted toward your average laptop-toter, it seemed) for wireless access at Starbucks, so, deciding it might be a nice break to work from there instead of the house, she went only to change her mind when she discovered the price. My point is that if she was handed a receipt and told "Here's your change and your WEP key", she would have said, "Uh... what?"

College Students

[RabidChipmunk]

This is no longer true. I went to a comedy show at a local coffee house and there were at least six "stylish" females there with laptops. [No males with computers.] They weren't there for the show. They were there to write papers and socialize while they did it.

Re:College Students

[Mantorp]

where is this place? sounds too good to be true

Re:wep key on receipt!

[Anonymous Coward]

I would agree with you if the customers could benefit from the encryption, but since WEP doesn't support per-connection keys, they gain no security. A WEP key is (registration key kind of) long, so even if the customers know how to set it, it is an unnecessary burden. I'd hand out short simple one-time passwords with every beverage. Then redirect new/expired MAC addresses to a webpage where the customer enters the password (use HTTPS), upon which the webserver grants access for a limited time. This way you keep complete freeloaders and people who would make camels proud out. Don't use WEP, it creates a false sense of security.

Your mom.

[Heisenbug]

Yo momma has a wireless laptop.

At least, mine does. So does anyone else who has a recent Mac. She might well wind up in such a place, if she was travelling with her laptop, which of course she does -- and in that case, she would surely be able to handle a simple web proxy form, but not a WEP password.

Re:wep key on receipt!

[Perl-Pusher]

Just block the IP ports. You can block mail ports , kaaza etc. Hell block everything except http,https,ftp and DNS.That will stop anyone from abusing it, it can usually be setup in the wireless gateway/router.

I have a linksys system in my home that is working fine in that capacity, plus by putting the router in a location low only about 4-5 feet off the ground, you pretty much limit the working range to just inside your establishment. If you use 2 routers one wireless one not, you can block access to the companies computers to the wireless users again it can be done on the routers themselves, no extra PC needed.

Re: block IP ports

[RT Alec]

This is exactly the approach I took when setting up a similar hotspot. I published some of the technical details here [lakeanne.net]. We use mostly Netgear wireless routers, and a FreeBSD box for the core firewall/gateway.

Re: Why block IRC

[RT Alec]

We thought about this one. In my experience, IRC is used as a conduit for zombies, viruses, and the like far more than it is used for people chatting. To be specific, I have noted blocked IRC traffic (ingress and egress) in the firewall logs, yet never once had anyone complain that something was not working. This includes several office environments where I have set up the network, including the firewall. I figured the one or two people who need (or even want) it would shout about it and I would let their m

Re:wep key on receipt!

[Anonymous Coward]

Don't block UDP/500<->UDP/500 (ISAKMP), UDP/4500<->UDP/4500 (NAT-T), IP protocol 50 (ESP) and IP protocol 51 (AH). Same goes for TCP/1723 and IP protocol 47 (GRE). You don't want to keep out business people who need to access the company (IPSec/PPTP) VPN.

Re:

[account_deleted]

Comment removed based on user account deletion

OP: Here is a fun tip -

[Glonoinha]

Whatever else you do, change the default password on the router.

Re:wep key on receipt!

[Angst Badger]

Hell block everything except http,https,ftp and DNS.

Great, so you can browse the web and transfer files to insecure sites. But then you can't send or receive mail, make secure file transfer (scp) or shell (ssh) connections, or use any kind of instant messaging client. In other words, if your idea of internet access is limited to passively absorbing web pages, you're covered, but if you were thinking of actually doing anything, it's useless.

If you want to avoid abuse of a tiny wireless network, what you're mostly going to be concerned about is bandwidth consumption. There are quite a few [freshmeat.net] tools for controlling bandwidth consumption under Linux; check them out. If you aren't providing all available bandwidth to the first user who tries to hog it, neither Kazaa abusers or coffee-swilling part-time spammers are going to cause you much grief.

If you want to get a bit more fine-grained than that, there are a buttload [freshmeat.net] of tools to help you monitor what your users are doing, and many of them are scriptable and can set off some kind of alarm if someone is behaving badly.

In any event, you'll offer a much better service if you block only those things which you want to always avoid from the outset, and install tools to help you detect and interrupt the occasional abuse of otherwise innocuous services.

Re:wep key on receipt!

[Ryosen]

As stated below, modifying the WEP key is beyond a large percentage of users. A better approach would be to use your gateway box as a proxy server (which you would be doing anyway) and use a common logon id. Change the password for the account daily and print the day's user id and password on the receipt.

Users are much more familiar with this approach and it is no more complex (less actually) than the revolving WEP.

Re:wep key on receipt!

[frostman]

What if your cash register won't easily print custom strings on the receipt? Or you don't want your staff messing with the cash register settings?

Assuming you have your router/firewall nicely blocking abusable ports, you could just write the WEP key on a card by the tip jar. Smaller than the "Support Community Internet" sign of course ;-)

A lot of routers support ASCII keys, so the staff can think up funny ones to use and the customers won't have to sit by the tip jar while entering the key.

As for "no

I think your estimates are way too high

[IronTek]

You can get 802.11b routers for 20 bucks AR now (and why bother with g if it's a tip-jar method).

Further, it probably doesn't even require $500 for a PC capable enough to do the job...if you have any computer shows in your area, you could probably just pick up an old (but reasonably loaded) PIII box for ~$100-$150.

With those kinds of prices, the coffee shop should go for it!

Re:I think your estimates are way too high

[The One KEA]

That sounds reasonable - I run a dedicated Linux firewall on a P-!!! 933MHz with 512MB PC133 SDRAM on a Soyo SY-7VEM, and it works quite nicely as a firewall, Samba master browser and DNS server. The processor, mobo, and case (with PSU) came out to approx. $300, IIRC.

The parent was right - try going to a nearby computer show, you'll probably find something fairly cheap that will do the trick.

Re:I think your estimates are way too high

[possible]

People have had good luck with the Soekris [soekris.com] hardware for these types of applications. In particular, they make tiny x86 computers that you can mount on the wall, they are optimized for wireless applications (they run Linux, *BSD) and they have very low power consumption and no moving parts. TechTV ran an article [techtv.com] on how to build a Linux-based WAP with the Soekris Net4521.

I've been using one of their older models, the Net4501, for over a year now as an OpenBSD firewall. It's nice to have a configurable fir

Re:I think your estimates are way too high

[Golias]

Or, for that matter, pick up a used X-Box for about $125 and use the 007 hack to load Linux on it. Then you don't have a PC tower taking up precious restaurant space, just a tiny game console tucked under the counter somewhere.

Re:I think your estimates are way too high

[tallman68]

Might as well stick with b, if a b/g radio sees a b signal, the speed drops for all. Unless you hard set it to "g-only" then you lose most of your "customers".

Unless you want to put in 2 radios, but this is tip jar.

Re:I think your estimates are way too high

[arth1]

Might as well stick with b, if a b/g radio sees a b signal, the speed drops for all. Unless you hard set it to "g-only" then you lose most of your "customers".

Modern 802.11g equipment, i.e. everything made or flashed after the standard was finalized, will support CTS. In a mixed b/g environment, this ensures that any device being cleared to send will be able to do so at its full speed.

What's more detrimental to speed is if someone talks on a 2.4GHz cordless phone or nukes something in the microwave.

Regards,
--
*Art

Re:I think your estimates are way too high

[Aardpig]

Further, it probably doesn't even require $500 for a PC capable enough to do the job...if you have any computer shows in your area, you could probably just pick up an old (but reasonably loaded) PIII box for ~$100-$150.

One caveat, however, which has bitten me on the ass before. Some wireless cards (esp. ones made by D-Link) are designed for use with PCI 2 compliant motherboards. Unfortunately, most Pentium III motherboards are based on PCI 1, and won't even "see" a PCI 2 card. Accordingly, before you shell out on a 802.11b PCI card, check that it will work in your "legacy" machine.

Re:I think your estimates are way too high

[djqed]

I don't even think the coffee shop would need to charge anything for it - no tip jar or anything. I go regularly to a cafe in my city (SF) which has free WiFi. The cafe is nearly always comfortably full - not impossible to get a table, but most seats are taken. Meanwhile, other cafes around town which charge for access or have no access at all are nearly empty during a weekday. I think the increased business from having the service would pay for itself in one or two days of extra sales. You could argue that WiFi encourages people to sit there for hours on 1 coffee, but personally if I'm there for a few hours or more I get a sandwich and a cookie in addition to my 2 drinks, which I would never pay for at this coffee shop otherwise.

Re:I think your estimates are way too high

[azav]

I'm in SF. Where is your free coffee shop? All the ones in the Marina are for money.

Re:I think your estimates are way too high

[vees]

I agree completely! Remember the ComputerWorld article about wireless access at Panera Bread restaurants [computerworld.com]?

In fact, Shaich considers free Wi-Fi to be such an essential marketing tool that he dismisses any discussion of ROI. "What is the ROI on a bathroom?" asked Shaich, pointing out that the day of pay restrooms in restaurants has long since passed.

Perhaps just amend the note on the tip jar: "For excellent service AND wireless access!"

Re:I think your estimates are way too high

[Lumpy]

you can do it with far less hardware.

802.11b is the absolute maximum you should go. it's silly to go higher when your Internet access is slower than 802.11b with 10 users on that same access point.

next you need a firewall, a P-1 166 will do it perfecly and handle twice the load that you will ever see ... this is a freebie most anywhere... no hard drive needed just get frasierwall or freesco single floppy firewall distros... you MUST firewall off your wireless from you and your internet... consider it more hostile than the internet ever could be.

now go to here [nocat.net] and get their system that works great and will solve most all your worries.

Oh and be sure to survey your entire area to be sure there is good access in every sitting location but not much available outside your desired coverage area.

basically, if you already have a commercial T-1 or other business level internet access in your building you can get it installed and running for less than $200.00 in hardware and a couple of weekends of time.

router

[Anarke_Incarnate]

Well....figure on it this way. Each router or access point does not give 11mb (more like 3-6mb in actuality) to each node, but they end up sharing it. I suggest you invest in a switch, a regular router and some access points.

Re:router

[Rhys]

Figure it's all going through a 150kb uplink and you're worried about the wireless bandwidth?

No PC

[martingunnarsson]

Try without the quotas and stuff first, perhaps bandwidth hogs won't be a problem. This way you don't have to buy a PC. Or perhaps there are routers with these functions built in?

Re:No PC

[Graff]

If anybody is hogging bandwidth, you can just tap them on the shoulder and tell them to knock it off.

Except when the hog is a neighbor who has discovered the free access and is running a Kazaa file sharing client or doing some other high-bandwidth use activity. Remember, this is wireless - the person using the bandwidth might not always be visible to you.

Re:No PC

[mengel]

If that happens, invest in a roll of steel screen or chicken wire hooked to a ground wire...

Just put it between you and the neigbor where it won't block your customers.

Re:No PC

[mike260]

Except when the hog is a neighbor who has discovered the free access and is running a Kazaa file sharing client or doing some other high-bandwidth use activity. Remember, this is wireless - the person using the bandwidth might not always be visible to you.

It should be pretty easy to spot this kind of thing...keep an eye out for out-of-hours connections to the wireless access point and block their MAC address.

Re:No PC

[sootman]

"...keep an eye out for out-of-hours connections..."

Or, better yet, unplug* the WAP at night--100% hackproof!

* even easier to maintain: put it in an outlet that's connected to a wall-mounted lightswitch-style switch. At night, turn it off with the lights.

cafe software

[computerme]

this is not exaclty what you asked for but if you start to add more internet stations to the mix maybe you will need something like this:

http://www.baspe.com/baspecafe.html

Re:cafe software

[tindur]

My mother has a small cafe and she is getting an ADSL line there. Does a solution exist for putting Linux and a browser on a pc so that the guests could surf but not do any harm? Could you start a browser instead of a window manager? Would if be possible to use codes for surfing? You wouldn't want any one person to hog the machine...

Try Sputnik...

[drdreff]

http://www.sputnik.com/ has more of what they are doing now, but 18 months ago I was using their boot-cd linux distro on a laptop to create an AP.

802.11b for compatability

[Anti_Climax]

Even if a lot of people have 802.11a/g cards, you'd probably be best served with 802.11b equipment. It's compatible with the most systems, and serving up broadband to multiple users, you'll probably still have a hard time saturating it to a noticible degree in a coffee shop setting.
Just my $0.02

But what would you call it?

[madgeorge]

Java Desktop System is taken, I believe. :)

I've done something similar...

[Binestar]

You can do what you are looking to do very inexpensively (not counting time) if you get a Linux supported PCMCIA card and a Toshiba SG-20. The SG-20's are available for ~$200 (Cheaper on ebay I'm sure) and they have a built in 7 port hub, 1 external interface, and a PCMCIA slot which you can put the wireless card into and setup an ad-hoc network for wireless users.

I currently use the SG-20's for a managed firewall solution for small businesses which I run Gentoo on. (You can substitute your Distribution of choice of course)

Some thoughts here

[dzym]

Get a decent dual-mode A/G or tri-mode A/B/G access point, and skimp a bit on the computer hardware.

I would be surprised if you couldn't bring the price down to around $300 in total.

You can set up a NAT/firewall easily enough using iptables on any 2.4 kernel'd linux, but I'm not sure how you could handle quotas and I've never ever figured out traffic-shaping in linux--and I doubt many have.

Re: Popularity

[Silverkm]

What kind of popularity are you expecting?
20 people sharing a single dsl/cable line would not be very practical, so you would have to factor in the cost of a faster internet connection.

Do enough people have 802.11a/g

If you go with 802.11g router it will support both b/g and if you go for a 802.11b router, almost all 802.11g cards will support it.
Although, 802.11g built in cards, (most new notebooks) from my experiance have a hard time connecting to 802.11b. As for 802.11a, forget it, because no one wi

Re: Popularity

[mahdi13]

Although, 802.11g built in cards, (most new notebooks) from my experiance have a hard time connecting to 802.11b.

Do you have an example of this?
I have a Centrino notebook and it has no problem connecting to my LinkSys WAP11b at home or the Cisco (don't know model off hand) b at work. I was under the impression that almost all g/b can connect to each other...

Building Wireless Community Networks

[aheath]

O'Reilly Associates [oreilly.com] has a book on this topic called Building Wireless Community Networks [yahoo.com]. The Second Editon was published last June. The ISBN is 0-596-00502-4.

I have not read the book, but I have looked at the table of contents and the index. The book looks to be a designed to answer many of the questions that you have asked. Hopefully someone on Slashdot has read the book and can tell you if it will help you in your effort to set up a wireless network at your local coffee shop.

use a FreeBSD Access Point

[Chuck Bucket]

Get a WiFi card (I got a Netgear MA311 refurb from Fry's for 30$), an old PC, configure it running FreeBSD to serve as an access point for your wireless network. Here's a great HOWTO:

Configuring a FreeBSD Access Point for Your Wireless Network [samag.com]

CB

NoCatAuth is all you need

[specht]

See the Linux Journal article at http://www.linuxjournal.com/article.php?sid=6887 [linuxjournal.com]

Re:NoCatAuth is all you need

[nehril]

a local coffeeshop does just this. they dont use WEP (useless overhead) and it's all 802.11b (why go for the lower range of a or g when you are only sharing a 1.5m DSL uplink anyway??). at the register they have a bunch of preprinted username/password cards you buy for $8 (they are obviously computer generated, each userid/password is unique). $8 buys you an hour, $20 buys you an all-day access card, and I think $30 buys you an all-month.

The first time you connect to any website you are redirected to a local webserver that prompts you for your name/pass. you key it in, and now your mac or ip is "authorized," and the rest of your connection is completely unrestricted. You cant do anything else until you login to their web server, and once you log in your ID is "used up."

pretty slick, since it requires zero geekness for whoever is at the register, they just sell cards like any other product. I'm pretty sure their backend is based on nocatauth

OpenBSD is your friend

[isa-kuruption]

Forget about making a Linux distro for this, everything you want to do is available within OpenBSD 3.4 and it's pf software. Basic packet filtering, NAT, user quotas and general bandwidth managment. OpenBSD 3.4 also comes with BIND9 and ISC's DHCP daemon for serving up IP addresses. Best of all, you can do it for the cost of a $100 PC you pick up at the local computer show (say a pentium pro or an earlier pentium II).

Re:OpenBSD is your friend

[damm0]

If the person asking the question knew enough about the unix way to use OpenBSD, they wouldn't have asked the question in the first place.

The "tip jar business model"

[NateKid]

kinda reminds me of people who plan to make a profit giving software away for free...

Start small

[jcsehak]

I'd start with b, and if the service pays for itself (ie, if people are cool about the tip jar), upgrade to g later, and put a sign up like "the program's a success, so I upgraded!" That way people'll feel like their tips are really contributing.

Gear

[NetJunkie]

I see a lot of people already recommending elaborate setups. But really, a simple 802.11b router will do the job. Sure, it maxes out at maybe 6Mb/sec for consumer gear, but how fast is the Internet connection? If you have a 2Mb/sec cable modem it doesn't matter how many users are in the shop, the bottleneck is still the Internet.

I also don't think you'll have a big problem with Kazaa users and the like. It's a small coffee shop, right? Think someone is going to sit for hours and hours just to do that?

Re:Gear

[davidstrauss]

If you block say, everything but 80 and 25 I'd hate it when I couldn't VPN to the office.

You will have plenty of trouble using VPN if you're behind NAT on a router without passthrough anyway.

Survey

[mahdi13]

I would take a survey of the customers to see if this is even in demand or if it would be used by more then a few people.
If there are lots of people interested, you will need to figure a price that will be able to maintain it over time, a bandwidth price/#of customers.
Also in the survey find out what these customers think is a reasonable amount to pay for the service.

If it is in demand and not a financial burden, I would look into getting a Wireless B AP...we don't want the 'creative' customers going cr

Re:Survey

[Tenebrious1]

I lived in a small town of 50,000, and for several years I hung out at the local diner which was the closest thing to a local coffee shop. In 10 years, I was the only one to show up there with any regularity with a laptop since I was there to do more work than socialize.

I'm one who can't sit at home and get any work done, I need background noise. Still, in all those years, I very rarely needed to connect to the internet. If I did, I'd use my cell phone, just to check some facts but it wasn't a necessity.

Thoughts

[Some guy named Chris]

First, if you don't pay more money per month for "resellable bandwidth", then you are in a legal gray area. Your generic office class DSL service is not resellable, so I'd avoid actually charging. You might be able to get away with a tip jar, but I'd forget about charging for the service.

Giving it away free also simplifies administration, and can be seen as an easy and cheap promotion to attract customers.

Secondly, with 802.11g routers costing $79, cost isn't much of an issue. This is a business expense, go ahead and pony up the $30 extra bucks for a decent piece of equipment.

Port blocking?

[goon america]

to prevent over-zealous Kazaa users

Overzealous Kazaa users? There is some amount of Kazaa usage you'd allow in your coffeee shop? You don't really need a PC to do sophisticated packet filtering... why not just block the ports that Kazaa uses? I also don't know how you could "filter" vaguely defined script kiddie activity.

My wireless-basestation-included broadband router cost $55 with a $20 rebate, and you can block ports and ban MAC addresses with it (you have to assign the MAC address to a certain ip range, and then block that ip range), btw.

Re:Port blocking?

[goon america]

Also, if you're going to go to the trouble of setting up a PC with smoothwall or something like that, you're not also going to need a broadband router, since a PC firewall with a second ethernet card is going to have all the functionality of a cheap broadband sharing device and much more.

Personal Telco Project of Portland Oregon

[tomwhore]

A lot of what your talking about has been deployed to over 20 buisness locations and a horde more home sites here in Portland Oregon by a group called the Personal Telco Project.

http://www.personaltelco.net

We use NoCat on linux based boxes and it covers most of what your looking to do. You can set up Auth or simply a Splash, you can do throttling, shaping and the like, you can set up local content areas for biz and community use.

Its amazing what older PCs and low cost APs can do. Most of the stuff is easy to install, the few rough spots, like NoCat, have been feild tested and methodologies have been crafted to make it easier to set and and maintain.

Come on over to the url posted above for more information or head to #ptp on irc.freenode.net and ask for more info.

Re:Personal Telco Project of Portland Oregon

[tomwhore]

From real world building ( thanks PTP) here are some rough numbers as far as cost

Old 133cpu computers + Linksys wrt54g + 12dbOmni = Low Cost Wireless Networking

Old 133 Computer with a nic 1gigHD,soundcard, etc=about 40$ from freegeek.org

WRT54g = about 80$

12dbOmni= about 40$

parts(mount, cable,etc)= about 40$

Linux = about $0

Total Cost = about 200$

This gets you a set up that can server some web pages, act as an Auth or Splash gateway, get some great coverage and even play up some mp3s.

Coffee house cool meets DIY down home goodness.

www.personaltelco.net

Plug Plug Plug

[FatRatBastard]

In my old neighborhood the local indi coffee house is Common Grounds [commongrou...ington.com]. They have set up something similar (free access, tip jar to help pay). It couldn't hurt to drop them an e-mail and see how they've set things up.

OpenBSD, pf, ALTQ

[Beryllium Sphere(tm)]

Traffic shaping is available by default and pretty easy to set up, and it runs well on cheap old hardware. You could invest a lot of effort hardening a Linux install to match what OpenBSD has by default.

There's provision for requiring authentication on wireless connections. Even with a tip jar model you may want that.

Keep WEP turned off (yes, you just heard that from a security consultant!). WEP doesn't match your security model 'cause it assumes everyone using the same key trusts each other. Since it doesn't do what you need, it's not worth the cost in inconveniencing the customers.

Turn the power down on the access point. No need to provide service to people across the street or down the block.

Why PC?

[po8]

Seems to me that the PC is just another expensive thing to break. Look for a high-end wireless router that will supply whatever functionality you need in a self-contained box, and leave the PC out of it, at least until some need actually presents itself. You can probably find a decent router for under $100 at current prices; still much cheaper and simpler than $20 router + $200 PC.

Go for cheap/reliable before speed...

[stienman]

I don't think the tip jar will pay for the setup, but I suspect customers may come and drink more coffee, so it'll be worthwhile even as a learning experience.

Go with 802.11b. Your internet connection isn't nearly fast enough to saturate 11Mb/s. Use an access point that goes to an ethernet card on the computer, which has another card that goes to the internet. If you want to run a wired or private network as well, hang a third card off the computer and make sure no one can go from the public network to the private one, only to the internet.

Then go wild with the linux. Be aware that the more programs you run, the more vulnerable you are to attacks. You'll be ssh'ing in every month to update the software if you use any new software that hasn't undergone the rigors of years of public internet testing.

Alternately, use an AP/Router combination. Make sure you don't skimp. Many have ability to block ports, limit usage, etc. You won't be able to prevent spammers as easily, but your ISP will tell you if that' becoming an issue. If so, put in a box later.

-Adam

Semi-honor system....

[stuartkahler]

I assume that you are doing this to bring more people into you shop or keep them there longer, rather than trying to make a killing selling the net access...

I would suggest changing the password daily, and giving it away free to people who spend $5+ (?) when they come in. Anyone else can pay 50 cents extra for it. It would be sort of an honor thing for people to not pick up a slip laying around and surf free.

I think anything that requires you to give out individual passwords would require you to raise your price on access by $1 just to cover the administration. If you don't change passwords regularly, people in neighboring businesses are likely to start using your connection.

Keep in mind that you will be providing a connection that could be popular with people trading kiddie porn if you are not careful. I would recommend putting a bandwidth cap of 128/16kbps or 256/16kbps to keep the roaches off you net.

Hopefully you already realize that you will be violating the TOS for any household internet account. Buying a business account will likely double the ISP cost.

Keep the administrative costs down

[maya]

I set up a wireless system at the Brew House [brewhouse.com] in Cincinnati, which gets a fair amount of use and which has helped bring new customers into a neat neighborhood bar. When we first set the system up, we had all sorts of rules and regulations, and we were putting considerable effort into keeping track of who was allowed to use the system and making sure that users were "registered". We dropped all that, because it just wasn't worth it. Our costs for the connection are fixed, and the more people who use it, the b

The solution you want to look at...

[jafo]

You clearly want to look at the Soekris [soekris.com] small form factor computer like the 4801, mini-PCI WiFi cards such as the kits available for the Soekris at NetGate [netgate.com], and set them up with a 128MB CF card instead of a hard drive and install Pebble Linux [nycwireless.net] on it.

The end result of this is a small integrated PC with no moving parts, and mounts it's file-system read-only so no worries about corruption, with a built-in access point. These work great, and are a bit larger than the size of a VHS casette.

I've deployed a number of these, and they are rock solid. Plus, they have advanced routing capabilities thanks to Linux, and the ability to block infected or abusive users from re-associating with the AP.

As far as going with 802.11 a or g... You must be pulling in some pretty mighty bandwidth to need to use something faster than 802.11g. Pebble includes "MadWiFi", a driver for some a/g cards, but I haven't used it.

Sean

Wireless router

[mydigitalself]

why not get a wireless router that will handle all of your DHCP, DNS, Firewall etc...

that way you don't have to have any operating system or anything that will just confuse "mom and pop". if they've got this box that just plugs into their ADSL line and if things go wrong they turn it off and on again?

something like this [netgear.com] should do the trick nicely.

My advice based on limited experience

[drinkypoo]

Your biggest problem is going to be bandwidth, it always is. Besides limiting rates which is a GOOD idea and can be done on BSD or Linux, you might think about running a caching proxy server. I suspect that most people visiting a coffeeshop and using a computer are going to be visiting pretty much the same sites... yahoo, msnbc, cnn, stile project, you know what I'm talking about :) A caching proxy can cut down on bandwidth use. These days big hard drives are the norm and PCs you pick up new for $300 has 40

I just did a similar setup

[squarefish]

But we're not charging and the isp (covad) requires email authentication through their servers for any smtp traffic- it would be very difficult to control web based mail.

we basically set it up as a free spot, as the owner didn't want to take any time away from the bartenders [quenchers.com] serving beer.

it's just a 1.5/384 adsl line from covad with a zyxel prestige 645 and a linksys wap54g- g is easy because it's fully compatble with b and only a slight price increase, I wouldn't mess with a.

zyxel makes a great 'hotspot in a box' [eweek.com] that features the reciept printer and seems to do a great job overall. I think it was about $600 at that time.

funny, I submitted a very similar 'ask slashdot' in july and it was rejected- I don't even attept to submit stories anymore, I know someone else will eventually and it will be accepted.

My Advice: Keep it Simple

[iiioxx]

The way I see it, you should just forget about WEP keys, filtering, tip jars, and all of that crap. You are in the coffee shop business, not the cybercafe business.

Here's what I think you should do:
1) Get the cheapest DSL connection you can find in your area.
2) Buy as few low-end 802.11b AP's as it takes to provide coverage to your shop and store front (assuming you have tables out front or something).
3) Configure the AP's for public access, and use your shop's name for your SSID.

This will provide a decent level of Internet service for your customers with the minimum of maintenance and effort on your part. Most importantly, it will let you focus on your core business, which is coffee and sundries. Think of the Internet service purely as an amenity, like piped-in music or a TV in the corner, and treat it as a cost of doing business, not a profit center. Don't worry about how good the Internet service is, just concentrate on the coffee. Most people won't complain (loudly, anyway) about the quality of an amenity they are getting for free. Just set the appropriate expectations. The key phrase is... "best effort".

This will accomplish the real objective: bringing people into your store to buy your product, and keeping them there as long as possible (because hopefully, the longer they stay, the more product they buy), while at the same time minimizing your cost and overhead of providing the amenity.

NoCatAuth article in Linux Journal

[hodet]

Article in Linux Journal describes the whole thing and just may be the ticket you are looking for.

http://www.linuxjournal.com/article.php?sid=6887 [linuxjournal.com]

The skinny on b vs g

[MythoBeast]

When deciding if you're going to bother with 802.11b or g, you need to ask yourself what you're going to use it for. It is unlikely that your inbound pipeline will be more than 12mbps, and it's also unlikely that the users will want to spend a lot of time swapping files. Intranet gaming also takes much less bandwidth than this for the ten or so machines that the typical router will support. With that in mind, 802.11b should be more than adequate.

A warning, though. Don't go into this assuming that it'll be maintenance free. I run one of these for the local neighbors, and they're regularly calling me up to find out what's wrong with the connection. Run it for a month or so without charging people. This will both hook your customers on the idea of having it available, and give you the time to figure out the best location of your router, how much regular maintenance your system will take, and if it's worth your effort.

some ideas

[r]

first off, long term maintenance will be a problem. once you move on to a better job, the owners will have to deal with the networking themselves. so build them a system that's hands-off (ie. doesn't need patches :), or that then can administer themselves.

i'd stay away from deploying your own linux-pc-based solution for as long as you can. a hardware box that includes all functionality would clearly be best, even if slightly more expensive. eg. a wireless router with bandwidth management. something that, once set up, remains easy to use. unfortunately i don't know of any specific models that would do exactly what you want. you could always talk to the manager of some starbucks, or borders bookstore, and ask them what they use. :)

second, i like the idea of not going with the subscription model. my local coffeehouse just deployed wifi (using facefive [facefive.com]), and when they did a test run for free, it caused quite a stir - a lot of people were coming in for the internet, and i think buying more. then they switched to the subscription model (only barely cheaper than starbucks), and it stopped. :(

and while anecdotal evidence proves nothing, i just mean to say that a tip-jar model, even if it doesn't bring explicit income to cover wifi costs, should cause increased traffic, especially from students. this should translate to higher sales, and most likely also longer table occupancy. you should do a test run for three months, and see whether it pays off.

and when you do that, please post the results! :)

Mudhouse in Springfield, MO

[HoldenCaulfield]

The coffee house I've been frequenting (Mudhouse in Springfield, MO) has free WiFi for anyone that comes in. No WEP, no fees, no nothing. In fact, they just have a consumer SMC access point, and I'm guessing that whoever set it up was a non-techy. Anyone can access the admin functions by using the web interface, and while there is an admin password, if you know the name of the coffeeshop, you could change that too.

So how does this work? How come they haven't been hacked or had tons of b/w leeches? I think all this works because the coffee house was a pretty decent community to start with. It serves the local college kids, is part of the monthly art walk (they act as a gallery for a local artist), and you'll usually see/hear a group of teenage/college-age church groups, and lots of people who just want to sit and chat and have coffee. There's an honor system, and it seems to work. (Case in point would be my accessing the admin functions, but not changing anything, just taking a peek to see what kind of setup they were running.)

I'd estimate the coffeeshop seats maybe 60 people, and you'll see maybe 3 or 4 laptops on a Friday or Saturday night. The model probably works cause the kind of atmosphere the coffee shop has - they have board games you can borrow, and there's almost always a group playing Scrabble, and usually a group playing Skip-Bo or some other card game. They also have two large bookshelves filled with books (it seems to be a popular site for people to release books from bookcrossing.com).

I'd imagine in a town of 50k, just plugging in a WAP would work fine. All these people suggesting traffic shaping, changing WEP keys daily, etc etc might want to consider that a social solution might work just as well as a technical one in this case.

dirt cheap and easy... just like i like my girls

[thoolihan]

This shouldn't be too hard. Let's look at the issues:

PC (FOR CONTROL) - the owner probably already has one. spreadsheets for payroll etc. Many ap's can be controlled with just a browser.
TECH SUPPORT (FOR CUSTOMERS) - don't do it. free internet access, but customers must set themselves up. Besides, if someone is lost, they could always ask someone else with a laptop to give a hand.
SECURITY - two options. As many have pointed out, WEP Key on receipt. Or, just have open access (sounds crazy, but so is anybody who submits sensitive information to a non SSL page). Either way, have a disclaimer posted.
QUOTAS (referencing the Kazaa statemnt) - port blocking would be easier. Still, I would wait and see if this is really an issue.
MONTHLY COST OF INTERNET ACCESS - That's the real cost that matters to the owner. That and whatever you charge him to support the thing.

-t

Provide 802.11 but no AC outlets

[Bretski]

That's a trick a local coffee shop uses here. Free network so you'll stay an hour or two, but you can't charge your laptop to stay longer than that!

College Perk in College Park

[TheSync]

The College Perk [collegeperk.org] coffeehouse in College Park, MD, has free wireless.

Another place in the area told me "we don't have wireless because I don't want people coming in and just using the Net and not buying anything."

OK, well, guess where I buy my coffee now?

Also at College Perk, I organized a Chat [thesync.com] with the Baghdad Internet Cafe [iraqbaghdad.net] that brought in many customers.

Donation Jar for upgrade

[InfiniteWisdom]

How about this... start out with a b access point which, as others have mentioned you can pick up for $20 or so. Have a little jar soliciting donations for an upgrade. If enough people are interested you'll soon have the cash for a new accesspoint.

As I recently discovered when I counted the change that had accumulated in the coin compartment in my car, bouncing back loose change can add up pretty quick.

802.11a vs. 802.11b/g

[jroysdon]

I'd never consider 802.11a at this point, the marketshare is all in 802.11b.

So, the next question is, should you go 802.11g (~54mbit), which is backward compatible with 802.11b?

How fast is your internet access going to be? Is it even going to be faster than 802.11b will provide (11mbit)? If users want to do laptop to laptop transfers, they should just use a crossover ethernet cable (100mbit). Hint: Most ADSL is 384kbit and will let you grab ~1mbit when things aren't busy at the ISP. 1mbit is "fast" for most folks.

IHMO, the owner should just see is as a way to increase his customer base for his existing revenue model, and have a cool thing to do when things are slow (but need to keep the other employees in check if things aren't getting done and he's not there all the time).

Futher, I'd suggest a caching engine like Squid [squid-cache.org], which can help with content filtering as well (say for employees, make them login before they can surf so you can track their time, etc.). Squidguard [squidguard.org] is my filter preference for filtering and there are many free content DBs online.

I'd be filtering porn sites, probably gambling, probably hate sites, etc., as I'd not want one customer offending another with graphic images. Of course, you could say MYOB and tell the guy to sit where no one can see his laptop, whatever...

NoCat [nocat.net] is a good authentication model as well just so you can track folks in case something illegal is taking place.

m0n0wall

[adamsc]

You can setup a Soekris [soekris.com] box running m0n0wall [m0n0.ch] and do everything in a single small box with no moving parts. Alternately you can save some cash using an old PC and either a CD-R or some sort of bootable flash drive.

It's embedded FreeBSD and will do all of the basic AP functions plus firewalling, traffic-shaping to keep P2P hogs from becoming nuisances, local DNS registration, etc.

Finances

[FuegoFuerte]

Whatever you do, get the money first (from the coffee shop). I was going to set up wireless access for a local coffee shop, bought a (really inexpensive) PC to set it all up with, started work on the PC (software configuration, etc), and then the owner never went through with her half of the deal, which was to get the DSL installed (I even have her the number to call and the plan to ask for). Eventually, it ended up I never got the money for the PC (but I sold it to someone else for what it cost me, so no huge loss except time) and the system never got installed. The coffee shop still has no wireless access, and the coffee's become more expensive than anywhere else in the area so I no longer go there.

Moral of the story: Get money first. Make sure the owner is really going to follow through with the idea. If they aren't comfortable giving you money first, make sure you have some kind of written agreement showing they know how much it will cost and agree to pay you that amount.

Re:Coffee shop distro

[Chuck Bucket]

incorrect, he stated that he wanted to build it himself, and then do troubleshooting via SSH whenever it was needed. If you follow a simple HOWTO on how to make a Linux or FreeBSD accesspoint, you can make it work. Once it's working, it'll "just work" from then on. If you don't have faith in a solution like that, then go another route, but I've been running a similar setup at home for 1 1/2 now, with no downtime -OR- administration needed. I'd like to see a MS solution that could do that...

CB

Re:Possible suggestion

[Gudlyf]

"...at least force people to authenticate via a "yes I won't do stupid stuff" model..."

Not to mention you'll probably want all sorts of disclaimers for people to outright accept if they're willing to risk using your network. Someone could possibly find their account had been hacked and assume it was your "mom-and-pop operation" that mishandled the data floating through the air, or that the server you setup got hacked, allowing all data to be sniffed -- with WEP, the data through the air is encrypted, but unless the user is using SSL or some other encryption, the data from the server to the internet is not encrypted.

Read this first

[mike260]

This [oreillynet.com] may affect your decision.

Go cheap

[anaphora]

I don't think the tip jar will pay for the setup, but I suspect customers may come and drink more coffee, so it'll be worthwhile even as a learning experience.

Go with 802.11b. Your internet connection isn't nearly fast enough to saturate 11Mb/s. Use an access point that goes to an ethernet card on the computer, which has another card that goes to the internet. If you want to run a wired or private network as well, hang a third card off the computer and make sure no one can go from the public network to t

Misleading write-up

[Nexus7]

It's misleading to quote this $10 number for Starbucks. Monthly all-you-can-eat is $30 ($20 for T-mobile cell phone subscribers). For this price, you're getting the use of every Starbucks and Borders hot-spot out there and you know there are a few around. If you're in any place of a reasonable size, you know you can find one pretty easily, and you know you can hop on with no hassles. If you go by the hour, then sure you're going to pay more, but unless you surf like once a month, you're not going to go that

Re:Why is every "Ask Slashdot" completely stupid?

[BenjyD]

Yes, it is possible to get answers to many of the questions with google. But why not Ask Slashdot? The Slashdot readership is still, despite a lot of wannabes, in general extremely knowledgeable. I imagine many other readers have implemented this kind of thing and have (*gasp*) real-world experience of how this sort of thing works out. Good luck finding that on Google anywhere but on mailing lists and Slashdot.
By posting on the Slashdot front page and collecting a few hundred comments, the story poster gets