Securing internet access from a WiFi network via login
I am wondering if anyone can help me, I am trying to setup a small limited-use wireless network (web/ftp/email only) and I am trying to find the best way to limit unauthorized access to the Internet from the wireless network. WEP is not an option - I do not want to have to change any settings on a client and I want more than WEP can offer. What I would like to know is; is it possible to set up a proxy server for web/ftp/email using SuSE 8.1 Pro (or higher) that could also issue (expiring) usernames/passwords for many temporary users and force them to login before allowing them access to the Internet? Or, to put it in less words, I need: - A way to keep people off the Internet unless they are allowed. - A way to stop users from accessing services other than http/ftp/imap/pop/smtp. - A way to block certain sites. - An "easy" way to create temporary usernames/passwords for Internet access and to expire them. So, if anyone has ANY information that could help, even if it's just to "RTFM for xyz software and go away", I would greatly appreciate it. Thanks, J. Theriault administrator@raven-computer.de -- ~From RFC 1925; ~ (3) With sufficient thrust, pigs fly just fine. However, this is ~ not necessarily a good idea. It is hard to be sure where they ~ are going to land, and it could be dangerous sitting under them ~ as they fly overhead.
Hi,
I am wondering if anyone can help me, I am trying to setup a small limited-use wireless network (web/ftp/email only) and I am trying to find the best way to limit unauthorized access to the Internet from the wireless network.
WEP is not an option - I do not want to have to change any settings on a client and I want more than WEP can offer.
I use WEP in addition to other methods of limiting the access. An easy and quite effective method of preventing unauthorized clients is to limit the MAC adresses of your clients. My access point allows this configuration andf the only thing I need is a list of MAC adresses of my clients. However if you want to offer a hotspot, this is not what you need.
What I would like to know is; is it possible to set up a proxy server for web/ftp/email using SuSE 8.1 Pro (or higher) that could also issue (expiring) usernames/passwords for many temporary users and force them to login before allowing them access to the Internet?
Or, to put it in less words, I need: - A way to keep people off the Internet unless they are allowed. - A way to stop users from accessing services other than http/ftp/imap/pop/smtp. - A way to block certain sites. - An "easy" way to create temporary usernames/passwords for Internet access and to expire them.
I am supporting my old school in the network area, this is what we use there: I use SuSEfirewall without masquerading to block all trafic to the internet and redirect http requests to port 8080 on the firewall. On that we run a dansguardian for content filtering. Dansguardian redirects to squid on the firewall. With squid I use mysql_auth (a slightly modified version which runs with mysql 4.x and allows some more options) as authentication program. The users can sign up on a webpage for access to internet/personal mail/samba. The signup creates a database entry (still inactive) and a form to printout sign (legal stuff). When the teacher receives the paper, he then activates the account and from that point on, the student can access the web through the proxy (and his personal mail/samba folder etc.).
So, if anyone has ANY information that could help, even if it's just to "RTFM for xyz software and go away", I would greatly appreciate it.
If you want my version of mysql_auth, a squid config and or the web/intranet stuff, you can contact me at white(at)ott-service[dot]de. Ofc, this is work in progress so it is not yet published anywhere else. cya Jörn
Hi, late Answer: Maybe this is what you want. No Cat Auth (WLAN Auth Proxy) Greetings Dirk Jörn Ott schrieb:
Hi,
I am wondering if anyone can help me, I am trying to setup a small limited-use wireless network (web/ftp/email only) and I am trying to find the best way to limit unauthorized access to the Internet from the wireless network.
WEP is not an option - I do not want to have to change any settings on a client and I want more than WEP can offer.
I use WEP in addition to other methods of limiting the access. An easy and quite effective method of preventing unauthorized clients is to limit the MAC adresses of your clients. My access point allows this configuration andf the only thing I need is a list of MAC adresses of my clients. However if you want to offer a hotspot, this is not what you need.
What I would like to know is; is it possible to set up a proxy server for web/ftp/email using SuSE 8.1 Pro (or higher) that could also issue (expiring) usernames/passwords for many temporary users and force them to login before allowing them access to the Internet?
Or, to put it in less words, I need: - A way to keep people off the Internet unless they are allowed. - A way to stop users from accessing services other than http/ftp/imap/pop/smtp. - A way to block certain sites. - An "easy" way to create temporary usernames/passwords for Internet access and to expire them.
I am supporting my old school in the network area, this is what we use there:
I use SuSEfirewall without masquerading to block all trafic to the internet and redirect http requests to port 8080 on the firewall. On that we run a dansguardian for content filtering. Dansguardian redirects to squid on the firewall.
With squid I use mysql_auth (a slightly modified version which runs with mysql 4.x and allows some more options) as authentication program. The users can sign up on a webpage for access to internet/personal mail/samba. The signup creates a database entry (still inactive) and a form to printout sign (legal stuff). When the teacher receives the paper, he then activates the account and from that point on, the student can access the web through the proxy (and his personal mail/samba folder etc.).
So, if anyone has ANY information that could help, even if it's just to "RTFM for xyz software and go away", I would greatly appreciate it.
If you want my version of mysql_auth, a squid config and or the web/intranet stuff, you can contact me at white(at)ott-service[dot]de. Ofc, this is work in progress so it is not yet published anywhere else.
cya Jörn
TRIA IT-consulting GmbH Joseph-Wild-Straße 20 81829 München Germany Tel: +49 (89) 92907-0 Fax: +49 (89) 92907-100 http://www.tria.de -------------------------------------------------------- working hard | for your success -------------------------------------------------------- Registergericht München HRB 113466 USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 Geschäftsführer: Hubertus Wagenhäuser -------------------------------------------------------- Nachricht von: dirk.schreiner@tria.de Nachricht an: suse-security@ott-service.de, suse-security@suse.com # Dateianhänge: 0 Die Mitteilung dieser E-Mail ist vertraulich und nur für den oben genannten Empfänger bestimmt. Wenn Sie nicht der vorgesehene Empfänger dieser E-Mail oder mit der Aushändigung an ihn betraut sind, weisen wir darauf hin, daß jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung sowie Weitergabe des Inhalts untersagt ist. Wir bitten Sie uns in diesem Fall umgehend zu unterrichten. Vielen Dank The information contained in this E-Mail is privileged and confidental intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient or competent to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this E-Mail is strictly prohibited. If you have received this E-Mail in error, please notify us immediately. Thank you
participants (3)
-
Dirk Schreiner
-
J. Theriault
-
Jörn Ott