I don't want to reinvent the wheel, so before working on this I wanted to ask if anyone has done it before. (I checked the recent archives first and can't see anything like it)
We have an internal network in a public area that anyone can walk up to, and plug in a PC. The network has a Class C allocated to it and a DHCP server which will hand out those Class C addresses. The DHCP server will set up the router address to be the address of a Linux with two ether interfaces and ip chains. I want someone hooking up to the network to have NO access to the outside, *until*... the first time they use a web browser to access any outside page, it is redirected to a browser on the firewall host. That browser puts up a page requesting a username and password which it checks in some database it has access to. Once the user has been validated, the ip chains are modified to allow that host full routed access to the net. (For a specific length of time - a timer will kick off and when that time expires, another script will be run to remove the rules which permitted that IP access) This is basically the same system as some hotels run for internet access from your room, except that they ask for a credit card whereas we ask for a valid student username and password. (This is for a university environment) Has anyone done this before? If so please point me at it! thanks Graham Toal <[EMAIL PROTECTED]> PS The final system may be more complex, such as pinging the client continuously and taking down the access if he is offline for more than some minimum period, but for now what I'm looking for is the firewall config (Linux chains) to initially deny everyone outside access; then to intercept that first web access; then rules to give access to a specific IP address and later to take away access from that address. We've already written the web page that invokes an arbitrary script on the firewall once a user has successfully logged in.
