I'm doing a project for my school ( a small technical college) and we're trying to come up with some sort of wireless authentication gateway. This doesn't need to be locked down and super secure, this is a state run school with an open wifi network. Basically we want all wireless users to be forced to view a splash page/AUP and agree to it before being able to access the web.
-Super low budget, so enterprise solutions are pretty much out of the question
-must be as transparent as possible to the use: no MAC registering with the IT dept. no added software, no RADIUS certs etc.
-we have limited access to the actual router and all administration but be done by the upstream provider(including inter-vlan routing)
I've looked at NoCAT and really like it but because of the existing network topology its going to be hard to force all traffic through a central box for filtering/auth
What I'm wondering is if there is a way to do selective DNS poisoning to redirect all lookups to a web authentication server(similar to nocat's system). After a host is authenticated their DNS would resolve correctly. I know someone could just go out by IP or potentially use different DNS servers but we really aren't that concerned about it, all they have to do is click 'accept' anyway.
Does anyone know a way to set this up? or another possible method?