DaemonForums  

Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 23rd October 2008
bichumo bichumo is offline
Port Guard
 
Join Date: May 2008
Posts: 21
Default First time page / Start page

Hi,

How to provide such a solution for LAN users: for example first time user tries to browse any webpage, he needs to be redirected to my page which provides him information and browsing rules, or maybe asks to login before he can browse web. What software can be used for this?

Thanks in advance.
Reply With Quote
  #2   (View Single Post)  
Old 23rd October 2008
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 336
Default

That's much tougher than you may think I hacked something together involving:

1) a bridge, with:
2) a redirect rule, redirecting unauthenticated web traffic to localhost:
3) a Squid proxy on localhost, producing nothing but an error page -- which is the 'explanation page' with a link to:
4) a webserver on the external interface, providing basic http authentication against a local .htpasswd file
5) a firewall ruleset which allows authenticated users through using a table
6) a time-out mechanism based on arp and firewall states, revokiing authentication when the user has 'left the building'

Good luck with that

By the way: it will be much easier if you just tell everyone to go to that webserver immediately, but in my case that wasn't possible. I guess using an authenticating proxy is also a solution, but you will have to tell everybody to configure it, or use redirection (which has its own caveats, like https).

Last edited by DutchDaemon; 23rd October 2008 at 09:44 AM.
Reply With Quote
  #3   (View Single Post)  
Old 25th October 2008
anomie's Avatar
anomie anomie is offline
Local
 
Join Date: Apr 2008
Location: Texas
Posts: 445
Default

By coincidence I was reading about squidguard this morning. You might check into this as well to see if it meets your requirements.

http://www.squidguard.org/about.html

Quote:
squidGuard can be used to
...
* redirect unregistered user to a registration form.
...
__________________
Kill your t.v.
Reply With Quote
  #4   (View Single Post)  
Old 26th October 2008
crayoxide crayoxide is offline
Fdisk Soldier
 
Join Date: May 2008
Posts: 46
Default

Quote:
Originally Posted by bichumo View Post
What software can be used for this?
This might be of use:

http://nocat.net

Yet another website that I remember reading but forget to bookmark it. Then later when I need to revisit it, I cannot find it because I am not using the right search keywords. ack!

Memo to myself: bookmark more often.

Reply With Quote
  #5   (View Single Post)  
Old 26th October 2008
Sunnz's Avatar
Sunnz Sunnz is offline
Real Name: I don't have real time
Just a computer user...
 
Join Date: May 2008
Location: See Google Maps
Posts: 101
Default

Quote:
Originally Posted by DutchDaemon View Post
4) a webserver on the external interface, providing basic http authentication against a local .htpasswd file
5) a firewall ruleset which allows authenticated users through using a table
Hey,

So how is authentication done? Are you using PF for your firewall?

The web server would need to store the authenticated IP address(?) somewhere, and the firewall would need to know where that is stored and check against it, right?
__________________
She sells C shells by the seashore.
Reply With Quote
  #6   (View Single Post)  
Old 27th October 2008
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 336
Default

I'm using Apache (https, in this case, to prevent password sniffing) and PF, yes. The authenticated IP address gets harvested from a continuous tail -f on the https logfile (grepping/awking lines with a 200 OK status, which means someone must have authenticated themselves), and put in a firewall table using the usual pfctl -t some_table -T add $ip routine. It's a terrible hack, but it works
Reply With Quote
  #7   (View Single Post)  
Old 27th October 2008
Sunnz's Avatar
Sunnz Sunnz is offline
Real Name: I don't have real time
Just a computer user...
 
Join Date: May 2008
Location: See Google Maps
Posts: 101
Default

Ahhh nice. I was thinking about setting up something like this in a Motel public WiFi thing, this would be very help full, thanks.
__________________
She sells C shells by the seashore.
Reply With Quote
  #8   (View Single Post)  
Old 27th October 2008
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 336
Default

Note that you get the IP address and the username in the same log line, so you can use them as variables for logging/tracking purposes as well. Just a little scripting needed.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
4.5_packages web page - not working? jsmith6134 OpenBSD Packages and Ports 2 6th May 2009 02:37 PM
page fault error 12 Mr-Biscuit FreeBSD General 2 23rd December 2008 11:58 AM
firefox/thunderbird take very long time (~45s) to start caesius FreeBSD Ports and Packages 4 28th November 2008 12:04 AM
Fatal trap 12: page fault while in kernel mode sixshot FreeBSD General 11 18th July 2008 12:53 AM
Man Page Numbers JMJ_coder Off-Topic 5 22nd May 2008 04:51 AM


All times are GMT. The time now is 09:33 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick