Date: Tue, 27 Sep 2005 15:54:30 -0600 From: Jeff at NorrisTechs <jeff@norristechs.net> To: Marcin Jessa <lists@yazzy.org> Cc: freebsd-isp@freebsd.org, Jim Pazarena <fisp@ccstores.com> Subject: Re: wifi public access Message-ID: <4339BF96.4030404@norristechs.net> In-Reply-To: <20050927212651.6fd6eacf.lists@yazzy.org> References: <4339AA75.6020103@ccstores.com> <20050927212651.6fd6eacf.lists@yazzy.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I believe you could use ipfilter or ipfirewall along with squid-cache (proxy) and Natd. All connections coming to the Internet would be picked up by the ipfilter rules and based on MAC, IP or other methods you would then forward to squid to proxy to the Internet, or redirect the connection to a sign up page. You then would need to have the web page update the ipfilter/ipfirewall rules and/or squid ruleset as well. I have seen several solutions from the users side, but not the from the admin site. Your access point would just need to be on with no WPA, WEP etc and sit between the WIFI zones and the proxy server allowing everything related to security to be setup on the BSD box(es). Just some ideas, hope the points you in the direction you wanted to. ------------------------------------------------------------------------ */Jeff Norris/* /~ Web Hosting ~ VPN Solutions ~ Network Management ~ Design, deploy, kick ass. / *N*orris*Techs* dot net http://www.norristechs.net *AOL IM or Yahoo IM: _ ntshelper _* Marcin Jessa wrote: >On Tue, 27 Sep 2005 13:24:21 -0700 >Jim Pazarena <fisp@ccstores.com> wrote: > > > >>I distribute wifi internet to my customers via MAC >>authentication at the access point, and DHCP assignment >>from my server. >> >>I would like to offer "wide open" (no MAC authentication) >>at the access point, and have my server (somehow) permit >>the access, or re-direct non subscribers to a sign-up page. >> >>To provide service to the tourist traffic and non clients >>on a pay-per-go basis. >> >>What kind of software should I be looking for? It was suggested >>that non-clients get routed to a specific point. How would I >>accomplish this? >> >> >> > >You can use firewalling for that and redirect all unauthorized >clients to some site or local squid which can allow/disallow certain >domains with it's ACLs. > >The unauthorized users would get handed out their own network. >The access point would need to run some scripts to open firewall for >authorized MACs and the DHCP server would put authorized users to a >different DHCP class and give them a different IP range. >You could propably query your radius server and fetch all the MACs >there and open up your firewall for those MACs only. > >Cheers. >Marcin > >_______________________________________________ >freebsd-isp@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-isp >To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4339BF96.4030404>