From owner-freebsd-questions@FreeBSD.ORG Sat Apr 21 13:35:51 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1AF3116A401 for ; Sat, 21 Apr 2007 13:35:51 +0000 (UTC) (envelope-from chris@hier7.com) Received: from smtp109.rog.mail.re2.yahoo.com (smtp109.rog.mail.re2.yahoo.com [68.142.225.207]) by mx1.freebsd.org (Postfix) with SMTP id CE6A013C4B9 for ; Sat, 21 Apr 2007 13:35:50 +0000 (UTC) (envelope-from chris@hier7.com) Received: (qmail 42838 invoked from network); 21 Apr 2007 13:35:50 -0000 Received: from unknown (HELO ?172.27.1.5?) (cms.kw@rogers.com@74.109.56.227 with plain) by smtp109.rog.mail.re2.yahoo.com with SMTP; 21 Apr 2007 13:35:49 -0000 X-YMail-OSG: vAytfkIVM1mel1Uu9fgWOWFdSe8UXh_nRWX0tsCyAbl36mmnlCjbs0Z7sXqw8NO.Mw-- Message-ID: <462A132E.4070809@hier7.com> Date: Sat, 21 Apr 2007 09:35:42 -0400 From: Chris Slothouber Organization: hier7 User-Agent: Thunderbird 1.5.0.10 (Windows/20070221) MIME-Version: 1.0 To: Angelin Lalev References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD machine instead of wireless hotspot device X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Apr 2007 13:35:51 -0000 Angelin Lalev wrote: > I have wireless hotspot device (Handlink WG-601) which I need to replace with FreeBSD machine. > The device has following functionality I need to replicate: > > 1. It has dhcp server (that's easy) > 2. It makes NAT between it's "internal" interfaces and "wan" interface (easy too, but look at 3). > 3. It actually responds on every ARP request coming on it's internal interfaces. That allows it to act > as router for machines that instead of using dhcp are configured with wrong static IP addresses. > 4. It can use RADIUS for authentication of the users. > Actually, non-authenticated users are given IP address (no WPA, TKIP, etc) and when they first > try to load a web page are redirected to authentication web-page. Then their username and password > are checked against RADIUS database and only then they are allowed to connect to the outer network. > > Two more things: > > 1. It was part of a larger wireless hotspot service, sponsored from the government and implemented by outer organization, so buying another with my organization's money is out of the question. > 2. I'm aware of the issues with security but again I cannot modify the policy there. > > I'll be very thankful for any ideas. Hi Angelin, I had similar requirements recently for project I was working on, I found the following information rather helpful. There were a few changes to be made but the general outline helped me. Here is the link: http://www.howtoforge.com/setting_up_a_freebsd_wlan_access_point Let me know if you have any questions, I might be able to help. - Chris Slothouber