need a proxy which is not a proxy

arlbb

Hi
I have a small wired/wireless network (up to 20 users) with a basic NAT router/firewall connected to a broadband service.

I need a method to authenticate users for web access, so that only those who have a current valid username and password should be able to get Internet access.

I want to steer clear of configuring proxy server settings on clients as I have wifi users coming in and out every day with different laptops, looking for broadband access over this LAN, and changing proxy setup on these clients will be awkward.

So I can run DHCP to give out a gateway IP address, but when users hit the gateway I want them to log in.

2 possibilities I can see:
- use a PC as a gateway, running authentication server software which is not a proxy server (hopefully there is a free/shareware product that someone knows of).
- use a router as a gateway, which has a feature to validate users against a database or a radius server (probably a much more expensive solution).

Any ideas? Thanks.

quozl

have a look at noCatAuth (http://www.nocat.org)
Runs on a linux or bsd box and blocks all outgoing network access. All attempts to connect to web ports (http/https) are instead redirected to the local machine, where the user must enter a username/password. Once they've done that, noCatAuth changes the firewall rules to allow traffic from that ip for a configurable period of time at a configurable speed.

might do what you need? Some DubWAN nodes are using it to create captive portals. It also supports radius authentication which might be handy for you.

Greg

Dizz

Ya could use squid ACL's in transparent mode and hook it up to dansguardian (content filtering etc)

Dizz