On 20/05/2011 20:18, Paulo Cunha wrote: > I need to control guests internet access with a ID card based auth. > > The web gui/auth system is ready, and i've moved to the IPSET part.
Hi, I'm working on a simple "captive portal" also, and I see others have asked about this in the past also. Would you be kind enough to share any info on the (non secret) parts of your implementation and also any challenges/tips you encountered? I think most captive portals are going to boil down to some kind of vlan emulation using iptables rules (either you are in or out), but it would be interesting to hear more success stories? Have you considered doing any "per user" logging? I'm looking at conntrack marks plus NFLOG to read those marks and log stats? Also I have been looking at hostapd offering 8021X access control on wired and wireless segments - the idea being that rather than have to repeatedly pass the captive portal login, the user can pass all that at the same time as connecting to the network. Hostapd has it's own internal radius server and also it can use any external radius server (eg passing ID card credentials to freeradius or something else) Additionally very recent squid has a feature to copy conntrack marks onto the proxied outbound connection - effectively this allows you to keep per user connection marking intact, despite the data moving through a proxy. The dnsmasq author is also kindly implementing the same functionality and it's available in a pre-release (that I need to test urgently) Good luck - interested to hear how you get on? Cheers Ed W ------------------------------------------------------------------------------ What Every C/C++ and Fortran developer Should Know! Read this article and learn how Intel has extended the reach of its next-generation tools to help Windows* and Linux* C/C++ and Fortran developers boost performance applications - including clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
