simple protected wifi

this works better than WEP. there are other set ups that nessecitate vpn, but they usually allow DNS through. MAC/IP address auth based wifi is vulnerable to spoofing. for long term use, i recommned ipsec instead of ssh, but ssh needs nothing more than having an account on the server, so its easy to just install your friends ssh keys.

1. put wifi on its own network from the router
2. set NAT or routing to wired only
3. block all wifi traffic, except ssh, preferably on a non standard port
4. set ssh to only use keys
5. set DHCP to only give an ip address. no DNS, no gateway

now, just use ssh to tunnel everything else through your router. see here for more info on ssh tunneling. most apps can use a socks proxy natively.

firefox

type "about:config" in the url bar and set network.proxy.socks_remote_dns = "true"

ssh

some versions of netcat wont do socks so you cant use them to push ssh through. use connect.c. you can make scripts for ssh and scp like this,

pixel@ryo-oki:~$ cat bin/sockscp
scp -o "ProxyCommand /home/pixel/bin/connect -S 127.0.0.1 %h %p" $*