linux wifi hotspot right for me?
Hi
I am setting up an wireless network in a local library, the network is supposed to be "as open as possible", but I still want some sort of usercontrol. The main problen is that I wont be able to administer it, thus the system has to be as esy to use as possible.. I can imagine some sort of solution like this: The wifi-user logs on the library-AP, nomatter what URL (s)he enters, a main page comes up that tells them to report to the librarian. The user will then receive som sort of pre-generated key the (s)he enters on the webpage and is allowed internet access for a period of time. The setup will be something like this: "Firewall" three nic (Wan, Wireless, Wired) "HotSpot" two nics (In, Out), url-redirecting of some sort++ "AP" Cisco AP1131 I know Cisco has some products, but I'd rather test opensource solutions first Best regards Henrik |
What are you trying to control?
After hours use? Content? Bandwidth? Public use? The methods differ widely.. |
Quote:
I already have content and bandwidth control, I just want the users to have to report to the librarian before they gain access to the network. Making a standard username/password wont work because it doesnt take long before _everyone_ knows it ;) Individual usernames/passwords are not ideal either because i have hundreds of people coming in that will probably use my network only once.. it has to be a _very_ easy system to administer i.e the librarian hands out a note with a pre-generated key or something like that.. Best regards Henrik |
Quote:
Code:
[INTERNAL LAN]
It is a better security practice to have many small devices that do one thing and do that thing well rather than one device that does everything. Not only is it a bad security practice, it is harder to maintain/upgrade (especially if you -- the designer -- will not be able to administer it. So I'll talk about the second way. You set up your firewall to manage two subnets (who shouldn't be able to directly talk to each other). All traffic from your wired LAN to the internet will be NATed by this firewall. All traffic from the wireless subnet will be forwarded to the proxy. This way, the firewall knows nothing about authentication (and it shouldn't need to). On the proxy box you should probably set up squid, since it has a very flexible access control/authentication system (you might as well do some caching with it also). Assuming the proxy box also has basic netfilter capability, you can implement a keying system in which certain machine(s) on your LAN is able to generate and see keys. You'd probably need to write a CGI script or something to make this `user-friendly' for the librarian. Read the squid documentation to get an idea of the kinds of authentication schemes you can use. P.S. What's the difference between HotSpot and AP? |
Quote:
|
All times are GMT -5. The time now is 01:01 AM. |