Graham,
I just saw this site today which is doing something very similar to what
you want to do.
http://nocat.net
Graham Toal wrote:
> I don't want to reinvent the wheel, so before working on this
> I wanted to ask if anyone has done it before. (I checked the recent
> archives first and can't see anything like it)
>
> We have an internal network in a public area that anyone can walk up to,
> and plug in a PC. The network has a Class C allocated to it and a DHCP
> server which will hand out those Class C addresses. The DHCP server
> will set up the router address to be the address of a Linux with
> two ether interfaces and ip chains.
>
> I want someone hooking up to the network to have NO access to the outside,
> *until*...
>
> the first time they use a web browser to access any outside page, it
> is redirected to a browser on the firewall host. That browser puts up
> a page requesting a username and password which it checks in some
> database it has access to.
>
> Once the user has been validated, the ip chains are modified to allow
> that host full routed access to the net. (For a specific length of time -
> a timer will kick off and when that time expires, another script will be
> run to remove the rules which permitted that IP access)
>
> This is basically the same system as some hotels run for internet access
> from your room, except that they ask for a credit card whereas we ask for
> a valid student username and password. (This is for a university environment)
>
> Has anyone done this before? If so please point me at it!
>
> thanks
>
> Graham Toal <[EMAIL PROTECTED]>
>
> PS The final system may be more complex, such as pinging the client
> continuously and taking down the access if he is offline for more than some
> minimum period, but for now what I'm looking for is the firewall config
> (Linux chains) to initially deny everyone outside access; then to intercept
> that first web access; then rules to give access to a specific IP address and
> later to take away access from that address. We've already written the web
> page that invokes an arbitrary script on the firewall once a user has
> successfully logged in.
>
--
James A. Pattie
[EMAIL PROTECTED]
Linux -- SysAdmin / Programmer
PC & Web Xperience, Inc.
http://www.pcxperience.com/
