From owner-freebsd-isp@FreeBSD.ORG Tue Sep 27 21:27:14 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC66D16A41F for ; Tue, 27 Sep 2005 21:27:14 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from mail.yazzy.org (mail.yazzy.org [217.8.140.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C76943D55 for ; Tue, 27 Sep 2005 21:27:13 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from lapdance.yazzy.net (unknown [192.168.99.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yazzy.org (Postfix) with ESMTP id 4549539812; Tue, 27 Sep 2005 23:27:09 +0200 (CEST) Date: Tue, 27 Sep 2005 21:26:51 +0000 From: Marcin Jessa To: Jim Pazarena Message-Id: <20050927212651.6fd6eacf.lists@yazzy.org> In-Reply-To: <4339AA75.6020103@ccstores.com> References: <4339AA75.6020103@ccstores.com> Organization: YazzY.org X-Mailer: Sylpheed version 2.0.1 (GTK+ 2.6.10; i386-portbld-freebsd6.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: wifi public access X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Sep 2005 21:27:14 -0000 On Tue, 27 Sep 2005 13:24:21 -0700 Jim Pazarena wrote: > I distribute wifi internet to my customers via MAC > authentication at the access point, and DHCP assignment > from my server. > > I would like to offer "wide open" (no MAC authentication) > at the access point, and have my server (somehow) permit > the access, or re-direct non subscribers to a sign-up page. > > To provide service to the tourist traffic and non clients > on a pay-per-go basis. > > What kind of software should I be looking for? It was suggested > that non-clients get routed to a specific point. How would I > accomplish this? > You can use firewalling for that and redirect all unauthorized clients to some site or local squid which can allow/disallow certain domains with it's ACLs. The unauthorized users would get handed out their own network. The access point would need to run some scripts to open firewall for authorized MACs and the DHCP server would put authorized users to a different DHCP class and give them a different IP range. You could propably query your radius server and fetch all the MACs there and open up your firewall for those MACs only. Cheers. Marcin