Jump to content

Applications For Hotspots


JJDinsay

Recommended Posts

Use the Meshbox ISO, www.locustworld.com

./P

Or Mono. Or NoCat. Or Pebble. There are many more.

To provide a secure HotSpot (meaning no unauthorized access) requires 2 components. One is an Access Point which can be manipulated in some way to deny unauthorized use, and second is a way to authenticate potential users.

If more detailed access control is required, such as per-minute or pay-per-use billing, or if more than a single HotSpot will be provided, both the AP and the authentication component need to be so enabled.

The web sites listed provide reams of discussion and input on different approaches. Impossible to adequately summarize such a broad topic in a single post or diatribe. I'm usually available to chat about it. Get a beer down my neck and I'll just babble on and on. :o

Cheers

Link to comment
Share on other sites

In what scenario Mouse? As in commercial or home? Do you mean limit speed or access?

I have a fast connection but want to slow the other home computer that is linked to me by WiFi down to about 64kbps. I know how to establish, disconnect, filter, and re-establish a wireless connection but do not have the possibility through my hard or software to slow the other computer down.

Link to comment
Share on other sites

Don't know about the speed distribution,

for access control (under windows, for the linux illiterate!) Wingate works pretty well. You have control over almost anything(time online, data traffic etc.). Can create accounts, for example prepaid one month, prepaid 100mb, unlimited,....

Unfortunately Deerfield(the creator) doesn't sell nor supports this program anymore...they even took their knowledge base off-line :o

Since you can't buy it anymore I suppose it's allright to use the Panthip version :D

Not so easy to set up correctly but once it's going it runs very smooth.

Has a good proxy and DNS cache built in as well

Link to comment
Share on other sites

Dear SAMWIFI,  Can you tell me how I can limit access speeed over a wireless network using Linksys equipment?

Hi Mouse,

Monty mentions Wingate, but I'm unaware of it. SiamWiFi use iptables in a Linux distribution. It works well, we can throttle bandwidth on a per-class basis, wherein each user is assigned a class of service (based on their user name) which specifies the connection speed, among other things.

It's non-trivial to set up, but we have a linux guru who pulls rabbits out of hats and bodily orafices :o

We chose linux because it is widely support, robust (required fopr a commercial application) and secure (ditto.)

Some Linksys access points uses linux under the hood, and there are hacks published on the Internet that walk through the procedure. Again, non-trivial, but anyone who speaks linux should be able to follow the bouncing ball. Google returns abour 20,00 links. One of 'em must be right :D

Cheers

Link to comment
Share on other sites

Mr. Siam WiFi. Which Linux distribution r U using? I thought IPTables was strictly a firewall can it be used to authenticate users as well - for ex. when a user launches IE and it tries to access the Internet, does it direct them 1st to a page where they have to authenticate a user id? Kinda like NoCautAuth but the problem with NoCat is that it uses a pop up window to to keep the user connected - it won't work with pop up blockers.

thanks

Link to comment
Share on other sites

you can use a firewall to do your authenticating. then you don't need an application to talk to the wireless accespoints. When you log on your traffic is directed to your firewall because it's the gateway. On port 80 you build a page displaying a Logon box to open ports from your wireless network to the internet or to the internal network.

If you connect your firewall to a radius server for authenticating you have logging, user authentication, accounting ect all in one go.

I would suggest to all wireless networks to put them external to a firewall anyway.

I used this setup for authenticating Citrix acces to internal citrix servers.

No logon in firewall , no port 1494 going open for citrix.

you can have a look here http://access.hgc.be

user just needs to logon twice, also pretty secure because ports only open for your incoming ip address. It's no vpn but citrix protocol is encapsulated anyway.

Users can logon every where in the world and be back in the office with all their applications and data, even print locally if they want.

Every Ceo that had this was suprised how easy it is...They really like that they could work from home anywhere, anytime.

Link to comment
Share on other sites

Mr. Siam WiFi.  Which Linux distribution r U using?  I thought IPTables was strictly a firewall can it be used to authenticate users as well - for ex. when a user launches IE and it tries to access the Internet, does it direct them 1st to a page where they have to authenticate a user id?  Kinda like NoCautAuth but the problem with NoCat is that it uses a pop up window to to keep the user connected - it won't work with pop up blockers.

thanks

JJ,

Short answer is "NoCatAuth". See NoCat for the whole story. This is what we use.

Overview of how NoCat works:

1) Request from unauthenticated user comes to the gateway.

2) NoCat (on access point running Linux) checks to see is there a path through the firewall (iptables) for the IP + MAC of the request.

3) if path through firewall exists, request is forward. If not, request is redirected to the authentication server (NoCatAuth running on a remote server) to get user's credentials.

4) depending on result of authentication NoCatAuth assigns class of service to user, sends iptables rule to gateway for this user, redirects to initial request.

Our gateway/access point is a generic x86 single board computer from Soekris Engineering (USA, but similar boxen are widely available. For example, the Via mini-ITX can be bought in Thailand from Thai-Way. (thai-way.) Linux is current version of Pebble, which is debian distro.

You are correct, NoCat "out of the box" requires popups, although this can be finessed.

Cheers

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...