[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Software for WLAN Hotspot

If we work with iptables, we have to authenticate the client in some
way. Though I think it is possible to extend iptables, this would
exceed my abilitys a lot.

But maybe would be the cleanest / best solution :-) Okay then ...
I fully agree, but as I said, it exeeds my skill, I think....

So, I would use existing possibilitys, of which mac address
filtering is the safest for my purpose.

Now there are two possibilities:
1. Writing a web-based interface, for example with PHP, to log in.
Then a C/C++ based daemon adds some iptablesrules, which allow the
client to go online. +: platform independent -: one has to enter his
MAC address, for I don't know any possibility to determine ones ip
through PHP (and I don't think this is possible?)

It's possible to read his ip with PHP. It's in the enviroment-
variables when he executes your php-script to login in. But I don't know of actually translating it to the mac for inserting into your iptable-rules.

Yes, I know, I'm just too stupid, reading my message again you will notice, that I wanted to write MAC adress.
IP is |$_SERVER[REMOTE_ADDR] but I don't think this is usefull here.
Any solution how to determine the MAC automatically?|

2. Daemon as above, but with clientsoftware which sends password and
MAC-address to server. (because they are one-time, they can be
transmitted plaintext) +: See above -: Clientsoftware...

Bad because client-software.

All the "big" firms do it via webbrowser so I think that's the way to go.
That's what I said.... but it is the easiest solution. Perhaps one could do both client and webinterface, like some ISP provide a Dial-Up Software though it's possible to dial up"normally"

Well all okay. But how do you want a user to log off automatically? E.g. if there is no traffic from his IP for the last 15 minutes you want to automatically log him off, right? One way would be to use a browser-window that remains open (small one) and is reloaded every minute. This way you can timeout a user easily.

Or you can letr the daemon watch logs. Just log every new connection (synbit set) with iptables and filter the address.

Btw: Using this solution you can add a rule when the user is "logged off" like: requests for http (port 80) to any ip rewrite to local apache (for logging in). If somebody is logged out and tries to access any webpage in the "open world" he's redirected to your apache.

nice idea

Hmm ... the more I think about it, the simpler this solution looks :-

There must be a snag, if it is easy enough for me to code :)

Give it a try. And please keep me posted on your findings.

I'll try

Reply to: