Sobari Tanuwijaya wrote:>
> Dear All,
>
> If I want make a lan users (with private IP) can access the internet
> just after passing the verification, what options do I have?
>
> What I want is:
> * If I user want to access the internet
> * He (must) run the browser
> * whatever the address he typed on the address bar, he will be
> brought to the verification location, which will be 'force' him
> to enter his username and password
> * if he passed the verification the internet access is available for
> him, but if not the internet keep unavailable for him.
>
> The method will be the for all users, either he use the wire
> or wireless
> connection.
>
> Will the iptables help me to solve this? How?
>
> Thanks in advance for the help
You can use a combo of iptables and squid proxy server.
Have iptables redirect all port 80, 443 (and any other traffic squid
can handle) to the appropriate squid port if it is coming from a
given ip address range (or not from a given range, you get the idea).
Then have squid authenticate all traffic, you can use mysql, MS AD,
combine it with cookies or session information in mysql so users
only need to authenticate once with their browsers as long as their
mac address is authenticated within the last X minutes or such.
You can then set a session time-limit, or record bandwidth and
combine it with a bandwidth limit, squid can do all sorts of nifty
stuff.
-Ross
______________________________________________________________________
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.