    First, the scenario: I have to setup a "guest" wireless network here at work. It is going to be open, and allow internet access only, with the tomato (and our internal) firewall blocking all access to the internal network. I believe I have most of the setup figured out, but I wanted to bounce it off you fine people first to avoid looking like an idiot when it goes live and doesn't work ;-)

    There are 6 various linksys routers, mostly e2000s running tomatoUSB 1.28, though there are still 2 oddballs still running stock firmaware. I plan on replacing those as soon as practical with something capable of running Tomato firmware.

    So the basic plan is: Setup one router as the "Primary" with the WAN connection, firewall, QOS, DHCP, etc. running from this router. All other routers will connect over cat6 using the LAN ports. So far so good... My questions are:
    1. Gateway and DNS addresses on "child" routers should all be set to the "primary" router, correct?
    2. With 6 access points, how should I set up Channel assignments? Should I (as much as possible) alternate between channels 6 and 11? Or what suggestions do you have?
    3. What are your suggestions for managing the access points from our internal network? (Essentially, how would you suggest setting up management access to each of the 6 routers from the WAN side of the primary router?)
    1) Correct
    2) Use 1,6,11 but because of the interference these days, you may even end up with them on the same channel. Whatever works :)
    3) Port forward to the AP. If you use Access restrictions to control access, then each AP must also be in the restrictions list to allow it access to the main router. e.g. forward port 8005 to port 80

    access the AP with your choice of DDNS - http://blahblah:8005
