Re: wifi public access
From: Jeff at NorrisTechs (jeff_at_norristechs.net)
Date: 09/27/05
- Previous message: Marcin Jessa: "Re: wifi public access"
- In reply to: Marcin Jessa: "Re: wifi public access"
- Next in thread: dliebke-isp_at_yahoo.de: "Re: wifi public access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 27 Sep 2005 15:54:30 -0600 To: Marcin Jessa <lists@yazzy.org>
I believe you could use ipfilter or ipfirewall along with squid-cache
(proxy) and Natd. All connections coming to the Internet would be
picked up by the ipfilter rules and based on MAC, IP or other methods
you would then forward to squid to proxy to the Internet, or redirect
the connection to a sign up page. You then would need to have the web
page update the ipfilter/ipfirewall rules and/or squid ruleset as well.
I have seen several solutions from the users side, but not the from the
admin site. Your access point would just need to be on with no WPA, WEP
etc and sit between the WIFI zones and the proxy server allowing
everything related to security to be setup on the BSD box(es).
Just some ideas, hope the points you in the direction you wanted to.
------------------------------------------------------------------------
*/Jeff Norris/*
/~ Web Hosting ~ VPN Solutions ~ Network Management ~
Design, deploy, kick ass. /
*N*orris*Techs* dot net
http://www.norristechs.net
*AOL IM or Yahoo IM: _ ntshelper _*
Marcin Jessa wrote:
>On Tue, 27 Sep 2005 13:24:21 -0700
>Jim Pazarena <fisp@ccstores.com> wrote:
>
>
>
>>I distribute wifi internet to my customers via MAC
>>authentication at the access point, and DHCP assignment
>>from my server.
>>
>>I would like to offer "wide open" (no MAC authentication)
>>at the access point, and have my server (somehow) permit
>>the access, or re-direct non subscribers to a sign-up page.
>>
>>To provide service to the tourist traffic and non clients
>>on a pay-per-go basis.
>>
>>What kind of software should I be looking for? It was suggested
>>that non-clients get routed to a specific point. How would I
>>accomplish this?
>>
>>
>>
>
>You can use firewalling for that and redirect all unauthorized
>clients to some site or local squid which can allow/disallow certain
>domains with it's ACLs.
>
>The unauthorized users would get handed out their own network.
>The access point would need to run some scripts to open firewall for
>authorized MACs and the DHCP server would put authorized users to a
>different DHCP class and give them a different IP range.
>You could propably query your radius server and fetch all the MACs
>there and open up your firewall for those MACs only.
>
>Cheers.
>Marcin
>
>_______________________________________________
>freebsd-isp@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-isp
>To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
>
>
>
>
>
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Marcin Jessa: "Re: wifi public access"
- In reply to: Marcin Jessa: "Re: wifi public access"
- Next in thread: dliebke-isp_at_yahoo.de: "Re: wifi public access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
