user authentication over iptables

Net_Spy · 06-21-2009, 06:23 AM

Greetings to All,
first of all I would say sorry to admin that complain that I did not come back with solution what it works or not so that it can help other users as well in community.

My question is very simple which has been posted as well but no solution whether it works or not .

http://www.linuxquestions.org/questi...tables-327247/

For example, if one user want to browse linuxquestions.org using internet explorer , firefox,flock , safari or any other web client ,on pressing go button, the screen should prompt with login name and password. Only after completing this authentication he should be allowed for browsing.

Why I need this I actually want to setup linux to work like mikrotic hotspot at least it can stop mac spoofer . or you guys have any better solution for that.

Regards
Net_Spy

jhcaiced · 06-21-2009, 07:01 AM

Hi,

In my opinion, you will get a more practical result using
something like squid or socks5 with user authentication
than using iptables alone for this.

Another option can be to check is squid or socks can be
integrated with GSSAPI to provide the authentication.

If you still want to go your own way, i can imagine a solution
like this, but seems to be very inneficient.
- A web page (PHP?) in which the user has to authenticate itself,
visiting that page and providing user/passwd
- The page will execute the "iptables" commands which allow the IP
of users's computer to send/receive data from the internet. (A
sudo configuration can be used to execute iptables from the web
server script)
- The user can visit another page to terminate the navigation or the
server can have a timeout in order to disable the user's ip from
the list of permitted address to go to internet.

Net_Spy · 06-21-2009, 08:22 AM

thanks for your kind response.
well Ive edited my post to make my scenario more clear . I want to stop local mac spoofing , cause my current server setuup is like to read a file that has mac + ip and allow those users who are listed in that file if any one who is one listed in that file will not have internet access simply mac checking using iptables. but what if some miscelenous (blocked) user spoofed some one (allowed user) mac and he will be able to gain internet access. that's why Im looking for a method that will allow 4 way authentication like mac + username + password . hope it makes clear , like mikrotik hotspot have mac + username + password . Looking forward for your kind response.

Regards
Net_Spy

jhcaiced · 06-21-2009, 10:59 AM

Hi,

You just have send the answer, why not implement a captive portal
like the one in Microtik.

The wikipedia page, http://en.wikipedia.org/wiki/Captive_portal
has a list of software for captive portal and that surely can have
the functionality yo require already implemented.

Best regards,

Net_Spy · 06-23-2009, 07:48 AM

Thanks

but how about the bandwidth management for those users?

Regards
Net_Spy

Net_Spy · 06-27-2009, 05:23 AM

thanks for your kind responses. well I moved to mikrotik to acheive that task bescase of the management mikrotic or pfsence or such other o.s provide the cernteralize management because those are the native feature of these o.s . well I well get time to work on these stuff on line and I will let you guys now too .

Regards
Net_Spy