From owner-freebsd-questions@FreeBSD.ORG Sat Apr 21 12:55:36 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4692C16A402 for ; Sat, 21 Apr 2007 12:55:36 +0000 (UTC) (envelope-from lalev@uni-svishtov.bg) Received: from ns.uni-svishtov.bg (ns2.uni-svishtov.bg [195.20.24.1]) by mx1.freebsd.org (Postfix) with ESMTP id B8F3B13C489 for ; Sat, 21 Apr 2007 12:55:35 +0000 (UTC) (envelope-from lalev@uni-svishtov.bg) Received: from mail.uni-svishtov.bg (grinch.uni-svishtov.bg [195.20.24.9]) by ns.uni-svishtov.bg (8.13.8/8.13.3) with ESMTP id l3LCuEbu053214 for ; Sat, 21 Apr 2007 15:56:14 +0300 (EEST) (envelope-from lalev@uni-svishtov.bg) Received: from localhost (mail.uni-svishtov.bg [195.20.24.9]) by mail.uni-svishtov.bg (8.13.8/8.12.6) with ESMTP id l3LCsw7U077525 for ; Sat, 21 Apr 2007 15:54:58 +0300 (EEST) (envelope-from lalev@uni-svishtov.bg) MIME-Version: 1.0 Date: Sat, 21 Apr 2007 15:54:58 +0300 From: Angelin Lalev To: freebsd-questions@freebsd.org Message-ID: X-Sender: lalev@uni-svishtov.bg User-Agent: RoundCube Webmail/0.1b Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=failed version=3.1.8 X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on mail.uni-svishtov.bg Subject: FreeBSD machine instead of wireless hotspot device X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Apr 2007 12:55:36 -0000 I have wireless hotspot device (Handlink WG-601) which I need to replace with FreeBSD machine. The device has following functionality I need to replicate: 1. It has dhcp server (that's easy) 2. It makes NAT between it's "internal" interfaces and "wan" interface (easy too, but look at 3). 3. It actually responds on every ARP request coming on it's internal interfaces. That allows it to act as router for machines that instead of using dhcp are configured with wrong static IP addresses. 4. It can use RADIUS for authentication of the users. Actually, non-authenticated users are given IP address (no WPA, TKIP, etc) and when they first try to load a web page are redirected to authentication web-page. Then their username and password are checked against RADIUS database and only then they are allowed to connect to the outer network. Two more things: 1. It was part of a larger wireless hotspot service, sponsored from the government and implemented by outer organization, so buying another with my organization's money is out of the question. 2. I'm aware of the issues with security but again I cannot modify the policy there. I'll be very thankful for any ideas.