Rental Home Wireless Networks?

Tangential asks: "I'm looking for advice. I have a rental home at the beach that I've equipped with Cable Modem and WiFi. After trying to use it with WEP for a summer I gave that up (life is far too short for me to talk every renter thru configuring their notebook). I would like a bit of control over who uses my system. I've blocked outbound port 25 (since my ISP doesn't), but what I'd really like to do is run something like hotels do, where you enter a password and activate your MAC address for a certain amount of time, Then I could just tell the renter the password and manage that remotely. I run OSS in my Linksys WRT-54G router at home (from Sveasoft) and I like being able to use a low cost router for such a function. I'd like to know what systems other folks have encountered that do this using OSS and mass market equipment."

PUBLICip

[SFalcon]

Try this [publicip.net].

Check out the features [publicip.net] and see if that's what you're looking for. It's free!

PublicIP

[mr. mulder]

I've read about Public IP before: http://www.publicip.net/ [publicip.net] Perhaps it will give you the solution you're looking for.

D-Link Airspot Line of Wireless Routers.

[JustAnotherBob]

Perhaps you are looking for a solution like this?
DSA-5100http://www.dlink.com/products/?sec= 0&pid=349/ [dlink.com]

Product Features: Creates Multiple Public Networks with Five Different

Authentication Policies

Supports up to 400 Concurrent Online Users
Advanced User Management with Traffic Monitoring and Policy Enforcement Product Description:

D-Link®, the industry leader in innovative networking solutions, introduces another breakthrough in the Airspot family of service gateway products. As the need for on-demand Internet connectivity continues to grow, the D-Link Airspot DSA-5100 Public/Private Hot Spot Gateway provides large establishments a solid solution for adding multiple public access networks while still maintaining the integrity of an existing private network. The DSA-5100 Hot Spot Gateway is a business-class service gateway designed to segment public and private network infrastructures. By adding a managed switch to the integrated public port, network administrators can deploy several public networks over a large-scale establishment such as a university campus or resort. Through the private port on the DSA-5100, the backend private network such as the campus operation centers or central office, can remain completely separate and secure.

To optimize and maintain network up time and performance, the DSA-5100 Hot Spot Gateway has two built-in WAN ports that support link fail-over in order to provide Internet connection redundancy. In the case that the first ISP's connection fails, the second link (if configured and conencted to a second ISP) will take over to ensure that Hot Spot customers with maintain uninterrrupted Internet access. The DSA-5100 supports virtually all WAN connection types including static, dynamic, and PPPoE Client.

The DSA-5100 Hot Spot Gateway also offers several advanced features to help manage and support up to 400 public users online at any time. Additional user management controls include bandwidth control, network policy enforcement, customizable user timer, login/logout web-page, online traffic monitoring, and URL redirection.

To ensure authorized network access, the DSA-5100 supports multiple authentication methods such as POP3, RADIUS, LDAP, internal user database, and external Web (HTTP or HTTPS) authentication. With support for 802.1q VLAN tagging, different authentication policies can be used per administrator-assigned VLAN networks for maximum security. In addition, VLAN tagging helps to segment and prioritize incoming traffic. For the private network, the integrated DHCP server and firewall with Denial of Service (DoS) Protection safeguards the network from malicious attacks and hackers.

Network administrators can manage the DSA-5100 Hot Spot Gateway and all of its features via the Web-based, CLI, SSH, or SNMP v2 management interfaces. With a wide array of convenient management utilities, the D-Link Airspot DSA-5100 Public/Private Service Gateway is an efficient and powerful hotspot solution.

What's the problem?

[max born]

You may be anticipating a problem you'll never have. i.e. people sucking your bandwidth and sending spam. Why not leave it open. I do with mine. I think it's important to share bandwidth. I worked for a comany in San Francisco with a DS3. I built a Wi-Fi network for them and convinced them to share it with the public. It was't a problem (however, I did put it the DMZ and block port 25 just in case).

If you still think you need to have usernames and passwords try nocat [nocat.net]. It handles authentication but I usually use it for a splash page for access points I build from old laptops [osvoip.net].

Good luck.

MOD Parent UP

[BeesTea]

I use this solution myself, it works GREAT!

OpenBSD pf

[DrSkwid]

Run pf on a 486 and use pf as your firewall, then you don't need MAC addresses and shizzle like that.

http://www.openbsd.org/faq/pf/authpf.html [openbsd.org]

Authpf(8) is a user shell for authenticating gateways. An authenticating gateway is just like a regular network gateway (a.k.a. a router) except that users must first authenticate themselves to the gateway before it will allow traffic to pass through it. When a user's shell is set to /usr/sbin/authpf (i.e., instead of setting a user's shell to ksh(1), csh(1), etc) and the user logs in using SSH, authpf will make the necessary changes to the active pf(4) ruleset so that the user's traffic is passed through the filter and/or translated using Network Address Translation or redirection. Once the user logs out or their session is disconnected, authpf will remove any rules loaded for the user and kill any stateful connections the user has open. Because of this, the ability of the user to pass traffic through the gateway only exists while the user keeps their SSH session open.

Re:D-Link Airspot Line of Wireless Routers.

[MindStalker]

Sounds great, but my experience with D-Link products have been bad at best. The products I've bought from them were badly made and never worked as advertised. Have anyone used this product that could recommend it?

NoCatAuth NoCatSplash

[ers81239]

Well, I was just going to use my mod points to mod up whoever posted the first link to this site:

http://nocat.net/ [nocat.net]

But since nobody did, I posted it myself.

ChilliSpot or NoCat with NoCatSplash

[snowsam]

Take a look at ChilliSpot, which is an open source captive portal --http://www.chillispot.org/ [chillispot.org] .

Another option (already mentioned) that would work with the is to run NoCat
http://nocat.net/ [nocat.net] on a "server" along with NoCatSplash on the WRT54 (see http://nocat.net/~rob/wrt54g/ [nocat.net] ).

Take a look at http://www.slcwireless.com/ [slcwireless.com] to see how they are providing free wireless to location in Salt Lake City, Utah.

Good luck!

m0n0wall

[anderiv]

I'd highly recommend you check out m0n0wall [m0n0.ch]. It's a BSD-based router distro. M0n0 comes in several forms, a hard drive image, a compact flash image, and a bootable cd. I use the bootable cd. The entire thing runs from a RAM disk, storing configuration on a floppy disk. All administration is done from a very robust and feature-complete web interface. You can make m0n0 as simple or complex as you wish - it includes traffic shaping, wireless support, PPTP & IPsec VPN support, multiple interfaces, a captive proxy, etc.

The captive proxy support would be especially useful for you - from the web interface, you can remotely add/delete/change the usernames and passwords for the captive proxy.

Yes - there are other captive proxy projects out there (NoCatAuth etc.). I evaluated several of them, but ended up sticking with m0n0wall due to the ease of implementation and the foolproof architecture it has.