I'm going through the process of setting up a "hot spot" for the public for the company I work for.
We had an extra Netgear FVS318 kicking around the office so I set that up to be it's own DHCP to give 10.10.10.x ip addresses and a subnet of 255.255.0.0 (internally we have 192.168.x.x and 255.255.255.0) and blocked all ports except 80 and 443 through the router's built in firewall. From that I have a DLink DWL-G700 access point giving an unsecured wireless signal.
I can catch the wireless and browse the Internet fine. I am (un)successfully denied access to the internal network, so far everything looks good.
I'd like some feedback about how secure this setup is. I know any ICMP traffic can be used/captured, but I'm not too worried about that.