LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking > Linux - Wireless Networking
User Name
Password
Linux - Wireless Networking This forum is for the discussion of wireless networking in Linux.

Notices

Reply
 
Search this Thread
Old 05-29-2006, 03:58 AM   #1
henrikwidth
LQ Newbie
 
Registered: Aug 2003
Posts: 3

Rep: Reputation: 0
linux wifi hotspot right for me?


Hi

I am setting up an wireless network in a local library, the network is supposed to be "as open as possible", but I still want some sort of usercontrol. The main problen is that I wont be able to administer it, thus the system has to be as esy to use as possible..

I can imagine some sort of solution like this:
The wifi-user logs on the library-AP, nomatter what URL (s)he enters, a main page comes up that tells them to report to the librarian. The user will then receive som sort of pre-generated key the (s)he enters on the webpage and is allowed internet access for a period of time.

The setup will be something like this:

"Firewall"
three nic (Wan, Wireless, Wired)
"HotSpot"
two nics (In, Out), url-redirecting of some sort++
"AP"
Cisco AP1131

I know Cisco has some products, but I'd rather test opensource solutions first



Best regards

Henrik
 
Old 05-30-2006, 10:06 AM   #2
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
What are you trying to control?
After hours use? Content? Bandwidth? Public use?

The methods differ widely..
 
Old 05-30-2006, 12:34 PM   #3
henrikwidth
LQ Newbie
 
Registered: Aug 2003
Posts: 3

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by peter_robb
What are you trying to control?
After hours use? Content? Bandwidth? Public use?

The methods differ widely..
Hi Peter

I already have content and bandwidth control, I just want the users to have to report to the librarian before they gain access to the network. Making a standard username/password wont work because it doesnt take long before _everyone_ knows it Individual usernames/passwords are not ideal either because i have hundreds of people coming in that will probably use my network only once.. it has to be a _very_ easy system to administer i.e the librarian hands out a note with a pre-generated key or something like that..


Best regards
Henrik
 
Old 05-30-2006, 02:03 PM   #4
osor
HCL Maintainer
 
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450

Rep: Reputation: 70
Quote:
Originally Posted by henrikwidth
The setup will be something like this:

"Firewall"
three nic (Wan, Wireless, Wired)
"HotSpot"
two nics (In, Out), url-redirecting of some sort++
"AP"
Cisco AP1131
I'm not exactly sure what you are trying to say here.

Code:
              [INTERNAL LAN]
                     |
               [LAN Switch]-------[Proxy]
   \|/               |
  -WWW------[ Firewall/Router ]----[WAP]******[ Clients ]
   /|\
Then your wireless and wired clients will be on different subnets (recommended). You can do a transparent proxy a few ways:
  1. Have one machine to do everything (NATing, Routing, proxying, authenticating, etc.)
  2. Have a netfilter-based firewall and a separate proxy box
The benefit of the first is that there is a slight reduction of latency. But it has a few downsides:
It is a better security practice to have many small devices that do one thing and do that thing well rather than one device that does everything. Not only is it a bad security practice, it is harder to maintain/upgrade (especially if you -- the designer -- will not be able to administer it.

So I'll talk about the second way. You set up your firewall to manage two subnets (who shouldn't be able to directly talk to each other). All traffic from your wired LAN to the internet will be NATed by this firewall. All traffic from the wireless subnet will be forwarded to the proxy. This way, the firewall knows nothing about authentication (and it shouldn't need to).

On the proxy box you should probably set up squid, since it has a very flexible access control/authentication system (you might as well do some caching with it also). Assuming the proxy box also has basic netfilter capability, you can implement a keying system in which certain machine(s) on your LAN is able to generate and see keys. You'd probably need to write a CGI script or something to make this `user-friendly' for the librarian. Read the squid documentation to get an idea of the kinds of authentication schemes you can use.

P.S. What's the difference between HotSpot and AP?
 
Old 05-30-2006, 02:06 PM   #5
osor
HCL Maintainer
 
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450

Rep: Reputation: 70
Quote:
Originally Posted by osor
... Assuming the proxy box also has basic netfilter capability, you can implement a keying system in which certain machine(s) on your LAN is able to generate and see keys. ...
Actually, now that I think about it, it is a bad idea to authenticate based on netfilter and trust alone. You might need to create some sort of password scheme.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Building a linux Wi-fi hotspot kudos Linux - Wireless Networking 3 08-09-2012 09:29 AM
Connecting to my wifi hotspot (madwifi driver) dave`2005 Slackware 7 05-14-2006 12:41 PM
can linux connect to a hotspot? sublyme718 Linux - Wireless Networking 1 11-08-2005 12:07 AM
Pay Wi-Fi HotSpot Linux the best route? blackpenny15 Linux - Wireless Networking 2 06-20-2004 11:19 PM
Linux Hotspot tuxx Linux - Wireless Networking 0 03-04-2004 03:09 PM


All times are GMT -5. The time now is 11:13 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration