Here is my situation:
My company would like to provide wireless access to customers who are visiting so they can use their laptops without jacking in to the wall. Our internal network is flat, so I want the wireless AP somehow seperated from the rest of the network. I'd also like to use a captive portal to prevent people gaining access from outside the building, as well as to serve up an AUP.

I use m0n0wall as a router at home, and I know it has captive portal capability so I'll probably go that route. My main question is how do I seperate the wireless router from the rest of the network? I tried pinging one of our servers from a computer connected to the wireless router and wasn't able to, so does that mean it's fine, or is there something more I should do? It almost seems too simple.

What you do is use a seperate IP range to seperate from the network. I would plus a WAP into your current network and assaing the private IP to it, I also suggest you make your network static if it's not already. Then assing an IP to your WAP and make that one DHCP with a different IP range...

Let me know how that works out.

If you have a managed switch (which you're going to connect to the wap in order to get Internet to it, I'm assuming) you could just isolate the port on the switch from the other IP schemes.

Have you got a DMZ on your m0n0wall router?

If so I'd like some help please. I can ping my DMZ interface from the router, but I can't ping the router from the box in the DMZ.