Shorewall users - Dec 2002 - NAT for Wireless Access Point

Hi,

I''m trying to build a wireless access point and I''m using
Shorewall as
my firewall solution.  What I''m trying to do is:
- give a client machine a DHCP lease
- Allow them to connect to port 443 of my firewall/web server to
  type in their username and password to authenticate
- If they authenticate then have Shorewall NAT their internal (10.0.0.1)
  ip address out onto the network.
- after X time the user''s NAT entry would be removed.
- I''d prefer if the firewall would NAT based on IP and MAC so that
  the setup is more secure.

They would be connecting to device wlan0 and the internet would connect
to ppp0.  The firewall can''t be restarted to have this change take
effect because I don''t want other NAT''d user''s
connections to drop/stop.

Does anyone know how I would accomplish this with Shorewall?  I''d
appreciate any help with this.

Thanks,

Dan

__________________________________________________________________________
    Dan Cardamore        mailto://dan@hld.ca         http://www.hld.ca     
 18:03:52 up 3 days,  8:40,  1 user,  load average: 0.16, 0.10, 0.03

--On Tuesday, December 17, 2002 06:11:44 PM -0500 Dan Cardamore 
<dan@hld.ca> wrote:
> Hi,
>
> I''m trying to build a wireless access point and I''m using
Shorewall as
> my firewall solution.  What I''m trying to do is:
> - give a client machine a DHCP lease
> - Allow them to connect to port 443 of my firewall/web server to
>   type in their username and password to authenticate
> - If they authenticate then have Shorewall NAT their internal (10.0.0.1)
>   ip address out onto the network.
> - after X time the user''s NAT entry would be removed.
> - I''d prefer if the firewall would NAT based on IP and MAC so that
>   the setup is more secure.
>
> They would be connecting to device wlan0 and the internet would connect
> to ppp0.  The firewall can''t be restarted to have this change take
> effect because I don''t want other NAT''d user''s
connections to drop/stop.
>
> Does anyone know how I would accomplish this with Shorewall?  I''d
> appreciate any help with this.
>
Shorewall seems ill-suited to meet your requirements without a lot of 
coding on your part.

-Tom
--
Tom Eastep   \ Shorewall - iptables made easy
Shoreline,    \ http://shorewall.sf.net
Washington USA \ teastep@shorewall.net