From owner-freebsd-isp@FreeBSD.ORG Tue Sep 27 21:54:35 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4F80F16A41F for ; Tue, 27 Sep 2005 21:54:35 +0000 (GMT) (envelope-from jeff@norristechs.net) Received: from scooby.norristechs.net (scooby.norristechs.net [71.36.89.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id C597843D48 for ; Tue, 27 Sep 2005 21:54:34 +0000 (GMT) (envelope-from jeff@norristechs.net) Received: from [127.0.0.1] [71.36.89.205] by scooby.norristechs.net with ESMTP (SMTPD-8.21) id AF990188; Tue, 27 Sep 2005 15:54:33 -0600 Message-ID: <4339BF96.4030404@norristechs.net> Date: Tue, 27 Sep 2005 15:54:30 -0600 From: Jeff at NorrisTechs Organization: NorrisTechs.NET.COM User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Marcin Jessa References: <4339AA75.6020103@ccstores.com> <20050927212651.6fd6eacf.lists@yazzy.org> In-Reply-To: <20050927212651.6fd6eacf.lists@yazzy.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-isp@freebsd.org, Jim Pazarena Subject: Re: wifi public access X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Sep 2005 21:54:35 -0000 I believe you could use ipfilter or ipfirewall along with squid-cache (proxy) and Natd. All connections coming to the Internet would be picked up by the ipfilter rules and based on MAC, IP or other methods you would then forward to squid to proxy to the Internet, or redirect the connection to a sign up page. You then would need to have the web page update the ipfilter/ipfirewall rules and/or squid ruleset as well. I have seen several solutions from the users side, but not the from the admin site. Your access point would just need to be on with no WPA, WEP etc and sit between the WIFI zones and the proxy server allowing everything related to security to be setup on the BSD box(es). Just some ideas, hope the points you in the direction you wanted to. ------------------------------------------------------------------------ */Jeff Norris/* /~ Web Hosting ~ VPN Solutions ~ Network Management ~ Design, deploy, kick ass. / *N*orris*Techs* dot net http://www.norristechs.net *AOL IM or Yahoo IM: _ ntshelper _* Marcin Jessa wrote: >On Tue, 27 Sep 2005 13:24:21 -0700 >Jim Pazarena wrote: > > > >>I distribute wifi internet to my customers via MAC >>authentication at the access point, and DHCP assignment >>from my server. >> >>I would like to offer "wide open" (no MAC authentication) >>at the access point, and have my server (somehow) permit >>the access, or re-direct non subscribers to a sign-up page. >> >>To provide service to the tourist traffic and non clients >>on a pay-per-go basis. >> >>What kind of software should I be looking for? It was suggested >>that non-clients get routed to a specific point. How would I >>accomplish this? >> >> >> > >You can use firewalling for that and redirect all unauthorized >clients to some site or local squid which can allow/disallow certain >domains with it's ACLs. > >The unauthorized users would get handed out their own network. >The access point would need to run some scripts to open firewall for >authorized MACs and the DHCP server would put authorized users to a >different DHCP class and give them a different IP range. >You could propably query your radius server and fetch all the MACs >there and open up your firewall for those MACs only. > >Cheers. >Marcin > >_______________________________________________ >freebsd-isp@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-isp >To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > > > >