I fully agree, but as I said, it exeeds my skill, I think....If we work with iptables, we have to authenticate the client in some
way. Though I think it is possible to extend iptables, this would
exceed my abilitys a lot.
But maybe would be the cleanest / best solution :-) Okay then ...
Yes, I know, I'm just too stupid, reading my message again you will notice, that I wanted to write MAC adress.So, I would use existing possibilitys, of which mac address filtering is the safest for my purpose.
Now there are two possibilities:
1. Writing a web-based interface, for example with PHP, to log in.
Then a C/C++ based daemon adds some iptablesrules, which allow the
client to go online. +: platform independent -: one has to enter his
MAC address, for I don't know any possibility to determine ones ip
through PHP (and I don't think this is possible?)
It's possible to read his ip with PHP. It's in the enviroment-
variables when he executes your php-script to login in. But I don't know of actually translating it to the mac for inserting into your iptable-rules.
IP is |$_SERVER[REMOTE_ADDR] but I don't think this is usefull here.
Any solution how to determine the MAC automatically?|
That's what I said.... but it is the easiest solution. Perhaps one could do both client and webinterface, like some ISP provide a Dial-Up Software though it's possible to dial up"normally"2. Daemon as above, but with clientsoftware which sends password and
MAC-address to server. (because they are one-time, they can be
transmitted plaintext) +: See above -: Clientsoftware...
Bad because client-software.
All the "big" firms do it via webbrowser so I think that's the way to go.
Well all okay. But how do you want a user to log off automatically? E.g. if there is no traffic from his IP for the last 15 minutes you want to automatically log him off, right? One way would be to use a browser-window that remains open (small one) and is reloaded every minute. This way you can timeout a user easily.Or you can letr the daemon watch logs. Just log every new connection (synbit set) with iptables and filter the address.
Btw: Using this solution you can add a rule when the user is "logged off" like: requests for http (port 80) to any ip rewrite to local apache (for logging in). If somebody is logged out and tries to access any webpage in the "open world" he's redirected to your apache.nice idea
There must be a snag, if it is easy enough for me to code :)Hmm ... the more I think about it, the simpler this solution looks :- )
Give it a try. And please keep me posted on your findings.I'll try
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
