View Single Post
  #2   (View Single Post)  
Old 23rd October 2008
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 336
Default

That's much tougher than you may think I hacked something together involving:

1) a bridge, with:
2) a redirect rule, redirecting unauthenticated web traffic to localhost:
3) a Squid proxy on localhost, producing nothing but an error page -- which is the 'explanation page' with a link to:
4) a webserver on the external interface, providing basic http authentication against a local .htpasswd file
5) a firewall ruleset which allows authenticated users through using a table
6) a time-out mechanism based on arp and firewall states, revokiing authentication when the user has 'left the building'

Good luck with that

By the way: it will be much easier if you just tell everyone to go to that webserver immediately, but in my case that wasn't possible. I guess using an authenticating proxy is also a solution, but you will have to tell everybody to configure it, or use redirection (which has its own caveats, like https).

Last edited by DutchDaemon; 23rd October 2008 at 09:44 AM.
Reply With Quote