Results 1 to 3 of 3
  1. #1
    Join Date
    Sep 2004
    Location
    Emerald City
    Posts
    16

    Wireless Authentication Gateway

    Hey All,

    I'm doing a project for my school ( a small technical college) and we're trying to come up with some sort of wireless authentication gateway. This doesn't need to be locked down and super secure, this is a state run school with an open wifi network. Basically we want all wireless users to be forced to view a splash page/AUP and agree to it before being able to access the web.

    couple issues:
    -Super low budget, so enterprise solutions are pretty much out of the question
    -must be as transparent as possible to the use: no MAC registering with the IT dept. no added software, no RADIUS certs etc.
    -we have limited access to the actual router and all administration but be done by the upstream provider(including inter-vlan routing)

    I've looked at NoCAT and really like it but because of the existing network topology its going to be hard to force all traffic through a central box for filtering/auth

    What I'm wondering is if there is a way to do selective DNS poisoning to redirect all lookups to a web authentication server(similar to nocat's system). After a host is authenticated their DNS would resolve correctly. I know someone could just go out by IP or potentially use different DNS servers but we really aren't that concerned about it, all they have to do is click 'accept' anyway.

    Does anyone know a way to set this up? or another possible method?

    Thanks!
    -Jbain

  2. #2
    Join Date
    Oct 2007
    Location
    Northampton, UK
    Posts
    553
    Hi there,

    You could have a look at Squid?

    That can be setup at a transparent proxy and you can also use it for authentication.

    And it's free :-)

    Matt
    SysAdminMan - Asterisk PBX hosting - FreePBX, A2Billing and Elastix

  3. #3
    Join Date
    Sep 2004
    Location
    Emerald City
    Posts
    16
    Squid would also require us to be able to be able to force all traffic through a central box as a gateway, much like NoCAT wouldn't it?

    Thanks for the input!

    -Jbain

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •