Problem with only allowing registered users to use the Internet...
Hi All,
I was given the task to implement a system similar to NetReg, but have run into some trouble and need to be enlightened. (Why not use NetReg? Idk, but my boss whats me to develop our own.)
Goal:
Users who connect to our network (wired or wireless) must register their computer and agree to our AUP before being able to connect to the Internet.
Test Env Setup:
LAN <==> eth1 [ GATEWAY BOX (CentOS 5.8) ] eth0 <==> Internet
What I have so far:
1) MySQL, Apache, DHCP and DNS server running on the gateway box. (MySQL and Apache is for the front-end, i.e. registering new computers/devices)
2) Registered computers are added to /etc/dhcpd.conf and given a static IP in the 192.168.1.X/24 subnet. All non-registered computers are assigned an IP in a different subnet (192.168.2.X/24)
3) Forwarding is enabled and all users from 192.168.2.X/24 are redirected to my registration page.
Problem:
I am unable to block "Rogue" users. That is if I assign myself an IP address, gateway and DNS, I can bypass the registration page and use the Internet as I like. My thought to resolve this was to block forwarding to the internet for all and then only allow forwarding to registered IP address in iptables. But this seems cumbersome. Is there a more practical way to do this?
Thanks in advance!
Ken
|