Re: Software for WLAN Hotspot
If we work with iptables, we have to authenticate the client in some
way. Though I think it is possible to extend iptables, this would
exceed my abilitys a lot.
But maybe would be the cleanest / best solution :-) Okay then ...
I fully agree, but as I said, it exeeds my skill, I think....
Yes, I know, I'm just too stupid, reading my message again you will
notice, that I wanted to write MAC adress.
So, I would use existing possibilitys, of which mac address
filtering is the safest for my purpose.
Now there are two possibilities:
1. Writing a web-based interface, for example with PHP, to log in.
Then a C/C++ based daemon adds some iptablesrules, which allow the
client to go online. +: platform independent -: one has to enter his
MAC address, for I don't know any possibility to determine ones ip
through PHP (and I don't think this is possible?)
It's possible to read his ip with PHP. It's in the enviroment-
variables when he executes your php-script to login in. But I don't
know of actually translating it to the mac for inserting into your
IP is |$_SERVER[REMOTE_ADDR] but I don't think this is usefull here.
Any solution how to determine the MAC automatically?|
That's what I said.... but it is the easiest solution. Perhaps one could
do both client and webinterface, like some ISP provide a Dial-Up
Software though it's possible to dial up"normally"
2. Daemon as above, but with clientsoftware which sends password and
MAC-address to server. (because they are one-time, they can be
transmitted plaintext) +: See above -: Clientsoftware...
Bad because client-software.
All the "big" firms do it via webbrowser so I think that's the way to
Well all okay. But how do you want a user to log off automatically?
E.g. if there is no traffic from his IP for the last 15 minutes you
want to automatically log him off, right? One way would be to use a
browser-window that remains open (small one) and is reloaded every
minute. This way you can timeout a user easily.
Or you can letr the daemon watch logs. Just log every new connection
(synbit set) with iptables and filter the address.
Btw: Using this solution you can add a rule when the user is "logged
off" like: requests for http (port 80) to any ip rewrite to local
apache (for logging in). If somebody is logged out and tries to
access any webpage in the "open world" he's redirected to your
Hmm ... the more I think about it, the simpler this solution looks :-
There must be a snag, if it is easy enough for me to code :)
Give it a try. And please keep me posted on your findings.