Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Sep 2005 15:54:30 -0600
From:      Jeff at NorrisTechs <jeff@norristechs.net>
To:        Marcin Jessa <lists@yazzy.org>
Cc:        freebsd-isp@freebsd.org, Jim Pazarena <fisp@ccstores.com>
Subject:   Re: wifi public access
Message-ID:  <4339BF96.4030404@norristechs.net>
In-Reply-To: <20050927212651.6fd6eacf.lists@yazzy.org>
References:  <4339AA75.6020103@ccstores.com> <20050927212651.6fd6eacf.lists@yazzy.org>

next in thread | previous in thread | raw e-mail | index | archive | help

I believe you could use ipfilter or ipfirewall along with squid-cache 
(proxy) and Natd.  All connections coming to the Internet would be 
picked up by the ipfilter rules and based on MAC, IP or other methods 
you would then forward to squid to proxy to the Internet, or redirect 
the connection to a sign up page.  You then would need to have the web 
page update the ipfilter/ipfirewall rules and/or squid ruleset as well.

I have seen several solutions from the users side, but not the from the 
admin site.  Your access point would just need to be on with no WPA, WEP 
etc and sit between the WIFI zones and the proxy server allowing 
everything related to security to be setup on the BSD box(es).

Just some ideas, hope the points you in the direction you wanted to.

------------------------------------------------------------------------

*/Jeff Norris/*
/~ Web Hosting ~ VPN Solutions ~ Network Management ~
Design, deploy, kick ass. /
*N*orris*Techs* dot net
http://www.norristechs.net
*AOL IM or Yahoo IM: _ ntshelper _*



Marcin Jessa wrote:

>On Tue, 27 Sep 2005 13:24:21 -0700
>Jim Pazarena <fisp@ccstores.com> wrote:
>
>  
>
>>I distribute wifi internet to my customers via MAC
>>authentication at the access point, and DHCP assignment
>>from my server.
>>
>>I would like to offer "wide open" (no MAC authentication)
>>at the access point, and have my server (somehow) permit
>>the access, or re-direct non subscribers to a sign-up page.
>>
>>To provide service to the tourist traffic and non clients
>>on a pay-per-go basis.
>>
>>What kind of software should I be looking for? It was suggested
>>that non-clients get routed to a specific point. How would I
>>accomplish this?
>>
>>    
>>
>
>You can use firewalling for that and redirect all unauthorized
>clients to some site or local squid which can allow/disallow certain
>domains with it's ACLs. 
>
>The unauthorized users would get handed out their own network.
>The access point would need to run some scripts to open firewall for
>authorized MACs and the DHCP server would put authorized users to a
>different DHCP class and give them a different IP range.
>You could propably query your radius server and fetch all the MACs
>there and open up your firewall for those MACs only.
>
>Cheers.
>Marcin
>
>_______________________________________________
>freebsd-isp@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-isp
>To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
>
>
>
>  
>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4339BF96.4030404>