Slashdot Mirror
Ask Slashdot: Setting Up a Wireless Catch-and-Release
First time accepted submitter SSG Booraem writes "I'm on the IT committee at my church. We've recently added wireless access points to our Family Life Center, but the committee chair isn't comfortable with allowing unrestricted access to our network. We host a lot of guests during the week for Upwards basketball practices and on Saturdays for games, so we want to restrict internet access to the Sunday school classes held in that building. Unfortunately, neither he, nor I, know anything about setting up a wireless catch-and-release like in hotels. If anyone could point me at good documentation, I would be very grateful."
Honestly, just use something like open-mesh, it has all the software available to do just that without too much hassle. Additionally they're more easily spaced throughout the building with less interference than you would normally get.
Use enterprise WPA2 with keys. Give each client device a key. Charge $5 to provide a key. Church members who are donating will probably reduce their donation by $5 that month in order to pay for the key.
You can revoke keys individually.
Disclaimer: I don't know what I'm talking about, you might need expensive hotspots to do that, but for large building with more than one hotspot, you probably want special hotspots with decent handover as folk move from one hotspot to another.
blog.sam.liddicott.com
You're trying to set up one of those hotel style "Welcome to our network give us all your money to see the internet" pages to let only your sunday school students reach the internet? Or are you trying to block the guests off your network complete? Since this is tagged as wireless why not just use WPA2 and set up your students, classes, or whatever with access?
Not sure what the point of one of those hotel pages is here.
A bullet may have your name on it but splash damage is addressed "To whom it may concern."
pfsense.org
Try to flash a Linksys:
http://www.polarcloud.com/tomato
http://www.dd-wrt.com/site/index
http://coova.org/
If the access point is only meant to be used by the Sunday school, and they only meet at certain times. why not just switch the AP off when the Sunday School meeting isn't running?
These comments are my personal opinions and do not necessarily reflect the opinions of the other voices in my head.
try Easy Hotspot - http://easyhotspot.inov.asia/ obviously depending on exactly what you want to do... (we run the authentication system as a VM but it'll work nicley on a cheap PC) also we're using DDWRT on our access points so only using the easyhotspot system as an authentication system.
Try a google search for "Captive WiFi Portal".
That's the term you want. Get yourself a DD-WRT compatible router and install one of these packages: http://www.dd-wrt.com/wiki/index.php/Captive_Portal
"Freedom in the USA is not the ability to do what you want. It is the ability to stop others from doing what THEY want"
It's called a captive portal, and it's not the solution you're looking for. Depending on AP it'll be easier to setup time of day access or only give the WPA2 passpoem to churchgoers.
Seems like you could just set a password and post it somewhere in a room that is not accessible to guests. Change the password every week.
Restrict the wireless router's use to Sunday mornings during class. Don't operate it during the week.
I'm a leaf on the wind. Watch how I soar.
Try a google search for "Captive WiFi Portal".
That's the term you want. Get yourself a DD-WRT compatible router and install one of these packages: http://www.dd-wrt.com/wiki/index.php/Captive_Portal [dd-wrt.com]
Maybe you can adapt a FON hotspot and socialize WiFi-sharing. Fon uses an unencrypted public network, but you need to have a login to access it. Or you can pay for access. More information can be found on http://fon.com/
This place intentionally left blank
Who knew such unabashed idiocy and bigotry would exist on slashdot? He's asking a tech question for a NPO and you retort with such drivel?
To make it as simple as possible, without requiring learning too much on your part and with a simple concept for the comitte chair to grasp:
Start with a simple timer on the power supply for the AP, only allow it to power up on Sundays. If you need wireless for the church admin the rest of the week use a second AP with security and share that with the admin. This way the guests on Sundays don't need to know any secret keys and nobody without a secret gets to use the net the rest of the week.
If you feel comfortable with setting up advanced software and convincing the chair that you know your trade, you might want to use a CAPTIVE PORTAL, with or without pay sollution, or a double AP (guest and secret zone), or an AP with the timer implemented in software or one of the many other sollutions that no doubt will be suggested here, most of them without regard for the hardest task, convincing the chair that this is the right sollution.
Actually that's not a good question for any SE site. It's at best a buying recommendation and at worst a "plz give me da linkz!" question...so no, stop sending people with such awful questions to SE.
Use something like the Meraki MR16 - It sounds like you aren't the most technically savvy in this regard, and even if you were this makes life easy. There are other ways to do this, but this is probably the easiest I've seen. www.meraki.com
ePoint Systems has a solution for you. Cheaper and better than Meraki, full Open Source, great service.
www.epointsystem.org
At my church we have a pretty simple policy: the network is protected with WPA2 encryption, it has an easy-to-remember password, and we give it to everyone who needs it. Make sure staff knows not to tell the password to your basketball guests, etc. We change the password about once a year, and let the new password spread organically. It works pretty well. People in the congregation ask each other for the password (or more likely, ask someone whom they know is on the tech-savvy side) and so those who need it are able to get back on. Another thing that you can do is give the network an essid name like "Sunday School Only" -- that will make your guests less likely to try to gain access, and also the Sunday School patrons will know that they should feel free to ask for the password.
God can't help with wifi issues since his presence tends to cause excessive interference across the wireless spectrum.
Get a second router that can be turned on and open during these events, and lock down the current infrastructure. Make the DHCP lease 60 minutes.
Hi, latest BSD mag 1/12 has this article Home Brew Captive Portal With OpenBSD:
Have you ever used a public wireless network that has a splash screen such that you have to agree to certain terms before going to the Internet? The author of this article will show you step by step how to build one of those using OpenBSD’s Packet Filter (pf).
Whilst the captive-portal system where you login via a HTML form seems to be popular (perceived ease of use?), you can also do per-user password authentication at the WiFi level.
All you need is a AP that supports EAP (or Enterprise) WPA (all good ones will), and to setup a RADIUS server (http://freeradius.org/) to handle the actual authentication.
Personally this is much cleaner (AP isn't listed as unsecured, you don't have to wait for the redirection to the portal which is inevitable slow and doesn't work at all if you are using email not a web browser).
dd-wrt then setup hotspot etc etc.
What I think the OP wants is to give people Internet access without simultaneously giving them access to the organization's LAN. He also doesn't want to invest in new hardware, seeing as how they've just done that.
So: how to set up the WLAN APs to block IP packets directed to anything except the gateway (or the Internet) itself?
I can set up a guest wifi network on my router that has a separate WEP/WPA key and does not allow access to the other wired/wifi network unless I specifically say it can. Its a Netgear DGND3300v2 if thats any help...
I only please one person per day. Today is not your day. Tomorrow isn't looking good either. - Scott Adams
No, you're not going to answer because you're an absolute idiot. Log in and post that dumb azz crap. Not to mention you had to see the dozens of other a$$ hats who posted the same stupid thing, but no you had to anonymously post exactly the same crap because....??? Fail. Go back to playing your PS2, and mom should have dinner ready in a few minutes. Try not to complain about the free food in your free house.
You want to get your hands on a patron saint of wifi figurine to put on top of your router.
If you mod me down the terrorists will have won
I sure agree with you, it hurts to see how a good place to exchange information is slowly dying and becoming less and less worth our attention.
It's not my area of expertise, but doesn't the "turning the other cheek" policy apply here? Open your wi-fi. If you run out of bandwidth, buy more bandwidth. Also, isn't praying wireless data transmission? You might want to look into that, they've obviously got some military-grade encryption going there.
Quote at the bottom of the page:
"All Bibles are man-made." -- Thomas Edison
Wasn't this all about sharing?
@almightygod
http://lmgtfy.com/?q=wifi+catch+and+release+for+jesus
Just make the pass phrase a biblical quote. Change it each week and you kill 2 birds. How likely is it that the basketball players will have a bible handy AND your religious classes will have an incentive to read it to find the reference.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
He's pretty sloppy with the ACKs though.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
My Router (Billion 7800N) can have different wifi profiles for different time periods. allowing to do what you need.
Another way would be to use a second router (an old ISP provided router donated by someone would be great) connect it by cable, and have it set on a timer plug that would be really easy to set up
Use enterprise WPA2 with keys. Give each client device a key. Charge $5 to provide a key. Church members who are donating will probably reduce their donation by $5 that month in order to pay for the key.
You can revoke keys individually.
Disclaimer: I don't know what I'm talking about, you might need expensive hotspots to do that, but for large building with more than one hotspot, you probably want special hotspots with decent handover as folk move from one hotspot to another.
That sounds like a great quick-get-the-job-done solution but here's the 'but': adminstration.
Most churches have an admin - one business admin. I don't know how to put it kindley so here's a prediction of what will happen based upon what I've observed with other things that these adminstrators do:
You will be constantly dealing with folks who's key doesn't work. Keys that still work when they shouldn't and a constant searching for keys.
It will be one cluster fuck.
Volunteer IT person?
They turnover fast: they have work projects that take all their time up, can't deal with church committees, they find mega paying jobs on another coast, etc .....
This thread makes me embarrassed to be an atheist...
From what I read, you want to restrict internet access to the sunday school classes. Are we talking censoring or actually only allowing sunday school pupils to connect? If you mean the latter, simply enable wpa or wpa2 security on sundays and only give the wpa/wpa2 password to students. If you mean the former I can and will not help you, for I think each is in his own right to have the freedom to inform oneself by anyway possible as to whether to believe or not to believe.
axi.
--
I am an atheist but I believe in the right of religion even if it makes no sense to me,.
why not get the macs from the PC units and initiate wireless access only by mac address
The best documentation I could recomend for you is The God Delusion by Richard Dawkins XD
If taxation is legalized theft, then Capitalism is a prolonged rape followed by a slow death.
Obligatory non-answer: If it's an uncapped connection, how about just being a good neighbour and leave it on? If you get scary DMCA letters or the users on your wired network gets slowed down, *then* think about access control. Like others have suggested, please consider putting the AP on a timer switch if it's only used a few hours every week, to reduce interference for others.
And a very common word. Word 7 would be better, but still rather short.
I was promised a flying car. Where is my flying car?
If you're going to try to make a joke, at least make it have sense.
You should feel bad about posting that. It was stupid, and so are you.
Yup, the amount of atheist bigotry and unpleasantness here is incredible. Now in their defense, these people are probably Americans who endure a lot of religious bigotry in their daily lives. They are just trying to fight back, but this doesn't really help at all.
Gravitation is a theory, not a fact.
http://coova.org/
Ubuntu Server + CoovaChilli + DD-WRT = an easy and free captive portal system
WARNING: this is not a drop-in solution, some customization and piecing-together required. Throw FreeRADIUS or CoovaRADIUS into the mix for easier user-level authentication.
Next time better ask the question at www.iccm.org or just refrain from mentioning your faith.. apparantly it brings out the worst in some people
The original post stated that the chair was not comfortable allowing unrestricted access to the church's network. The problem does not appear to be one of bandwidth but rather security. The wireless network should be on a separate segment from the church's systems. Increasingly, many visitors use YouVersion or Logos during church activities. I would use an appropriate number of WPA/WEP enabled devices to cover the family life center. Use a simple password that is freely shared with members and guests. One other caveat, If the church does not already have an Internet filter in place consider using something like openDNS. This will help restrict access to porn and other inappropriate material.
Seriously? Just because some religious people behave like dicks to people of different beliefs to them doesn't mean that you have to join in. He asked a technical question, the fact that it's related to a church is irrelevant.
I am TheRaven on Soylent News
Replace 'church' with 'brainwashing center'. You realise why we have to be aggressive.
Its called Nomadix. http://www.nomadix.com/products_overview.php
I've used MikroTik hardware in the past to build wifi hotspots for customers. It's pretty easy to use, very friendly command line. You want something like this in an enclosure something like this. They're reasonably robust, and once configured properly, will do what you want (and a whole lot more should you want to change the setup in future) for a good long time.
You might also want to look at PacketFence.
Using the inline mode (if your APs aren't too "enterprise class"), it'll offer you everything. The current development version also integrates with billing engines (like authorize.net) if you want to charge for network access.
Forwarding from superuser.com:
http://superuser.com/questions/183105/hotel-like-wifi-manager (recommends AnchorFree, SputNik)
http://www.macinstruct.com/node/188
https://en.wikipedia.org/wiki/Captive_portal
NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
You can specify day/time options for wireless access. I know it's on Linksys routers. Probably Netgear too.
And it's free. Does Captive Portal with ease and runs on almost anything, so long as it has 2 Ethernet cards. Runs on top of BSD and uses the pf routing module. Uses a web interface to set up.
I have an office with 40 PC's being served by an P3 something with 512mb ram running PfSense with 3 network cards (balancing dual ADSL2 connections) and a gigbit out to the switch and it works a treat and never dies. It's a sinch to setup and I also have setup captive portal and again, it is DEAD EASY.
http://www.pfsense.org/index.php?option=com_content&task=view&id=71&Itemid=81 This should answer most of your questions.
Oh, and don't be detered by the BSD logo (Beastie!) since I am pretty sure the fella has nothing against Christianity as he is, you know, a cartoon! As for me, whatever floats your boat I say...
What's that?>/a>
I think it's something like Pray for a man and you save him once. Teach him to pray for himself and you save him for a lifetime.
And setup an open, guest only wireless connection and setup another for people to connect to network resources. Believe you can even set different DHCP ranges for the 2 networks and tell it not to route between the 2.
Done.
Dickface, be helpful or get out.
I sure agree with you, it hurts to see how a good place to exchange information is slowly dying and becoming less and less worth our attention.
Yes, that happened ever since "I'm too lazy to Google it and perform basic research" turned into the exact same thing as "I really need a community of experts to offer me advice".
... but you know what the REAL difference is? If you really need a community of experts to offer advice it's because you are doing something new and interesting and unique. If you're doing what every hotel and coffee-shop across the country already does on a daily basis ... then it's time to stop being lazy and research it yourself.
Not that Slashdot does anything but try to shut you up with a downmod for pointing it out
Ramen!!
You religious types are insane. You cause so much violence, you condemn people who don't believe the same as you, you brainwash the youth with your fairy tales, you try to hold back scientific progress and you're a bunch of money grubbing hypocrites. Religion is the cause of all of the major social problems in the world.
How dare you call anyone an idiot or a bigot? Fuck you, fuck your god and fuck your religion.
That, or just people who simply have seen and gone through too much misery to believe in (any) God, like myself.
Give a man a fire and he's warm for the day, but set fire to him and he's warm for the rest of his life.
Just because churches operate as tax exempt non-profits doesn't mean they can't afford to pay someone to do the work. If your church doesn't have a member that is in the IT business (and willing to do the work for free) then hire a local tech company to set it up for you. Support the local nerd economy!
Keep the Classic Slashdot.
Yeah.
And Jesus hates Macintosh.
It sounds like what you want is not catch-and-release, but just to allow certain specific machines in your Sunday school to access the net. In that case you can enable the MAC address filter in the router to limit access to only those machines. Everyone else will be blocked. This solution requires no extra hardware or software, it is built into the router.
http://compnetworking.about.com/cs/wirelessproducts/qt/macaddress.htm
Slashdot is an unpleasant place to express any kind of minority opinion. It has little to do with atheism per se. You get the same response if you try to defend the rightness of copyright law, or say that Windows has a good kernel design, both of which are far more intelligent positions than convicted belief in supernatural beings.
But if one wants to talk about one's belief in supernatural beings, even by just casually mentioning church, one has to expect a reaction. In fact, one desires a reaction - those who have studied Christianity know it's an evangelical religion, and that going on about it is part of the job, part of persuading others to join your belief system. Atheists don't have to accept this insidious practice, here or elsewhere, and while being bigoted and unpleasant is not the best approach to fighting it, it may be acceptable if the aim is laudable.
...would be to get a dual-band WiFi router, something like the Netgear N600, which has a "Guest Access Point" setup screen in the web interface that allows you to setup a network that is completely separate from your production network. You can setup access times on the internal scheduler and you can give it an access password (or not) that everyone who is allowed to be on the network can be given and then you can change it weekly or monthly.
What's that?>/a>
I think it's something like Pray for a man and you save him once. Teach him to pray for himself and you save him for a lifetime.
actually its more like 'pray for a man and he easily ignores you, brainwash a man and he will pray with you'
This is my sig. There are many like it but this one is mine.
If you're going to try to make a joke, at least make it have sense. You should feel bad about posting that. It was stupid, and so are you.
Some people think believing in a god is stupid. Is it bad to say what you think? Or is it only bad when you are talking about religion. How about vegetables, is it OK to say bad things about vegetables?
Just checking, because I like spinach, and some people don't. I think they should keep their opinions to themselves lest they appear to be antispinites. In fact, I think they should be sent to jail until they realize that saying bad things about spinach hurts other peoples feelings.
^--- this. If only I had mod points.
my karma will be here long after I'm gone
OP is probably a volunteer.
Plus he/she knows enough to ask for help rather than assume they know everything already.
You are posting a response to a situation you know nothing about.
Dipshit posters like you are a dime a dozen, but don't worry, you'll be modded down and odds being what they are, your ignorant comment will be replaced by one from someone who is smarter and more helpful that you.
AC
Is your goal to provide internet access to church members or to charge them for internet access like a hotel?
How many people do you expect?
For example the Linksys E class routers have a built in 'guest network' feature that has a second SSID that is broadcast for Guests and allows up to 10 simultaneous users to connect. This gives them internet access only and doesn't allow them access to the actual network. Though it's limited to 10 people. This would be a simple solution but if you had more than ten people wanting access it could cause problems.
I have a NetGear WNR3500L. It has a guest network option that allows me to create a second SSID, allow or disallow access to the rest of my network, and allow or disallow the ability of the machines to connect to each other if they're on that network.
If you aren't looking to charge for it those two options to me seem like the best. Inexpensive and easy to configure.
As a rock-in-roll Physicist once said, No matter where you go, there you are.
Are you talking about religion or a certain politic party?
my karma will be here long after I'm gone
http://www.pfsense.org/
Posting up here, because it's quite a bit of scrolling before you see answers that don't have something to do with peoples anti-religion bigotry. I do not care what your beliefs are, nor do I think it's my place to comment on them when replying to a technical question.
Why don't you set up a guest wifi? Have the internal wifi that's for your private network, and a guest wifi where you publish the key for people to use, but set up a rule so it's only enabled on Sunday from 7am until 1pm? That should cover the Sunday school's hours, and it won't be there at all during the week, when you don't want people accessing the wifi. It will also segregate your internal network from the wifi you're providing for people to use, which will help secure your private files, or any fileserver you're running.
And if you're hosting some kind of event, like a Parish council meeting, where you want to give people access to the 'net, just turn the guest wifi on manually during the event.
It'll be cheaper, and easier than setting up a catch-and-release system, as a fair number of wireless routers have that ability these days, and if it doesn't, you could always install Tomato or DD-WRT to have access to it.
Most religions have been superseded in the 21st Century by finding several Seem-To-Be-Truths by and through Yourself, also known as rational, open-minded, scientific Spiritualism.
If you want to stick to old, close-minded, blind-faith-based, Zero Century religious institutions, be my guest, but please don't talk about it openly as if it's a good or even acceptable thing to do.
So this is flamebait?
I don't understand, why it is OK to tout religion, but not to defame it?
Freedom of speech / opinion does not encompass religion?
I think religion is harmful, I think it does much more harm than good to society, and the good that it does is thinly veiled proselytising.
But I can't say that? Why not?
Seriously, why?
For the asker, maybe is something new and interesting. Not everyone knows how to proper configure wireless internet. And about Google, many times the Google results throws you exactly here or in some obscure forum, where the first response is "Search in the google, moron!". Interesting infinite loop problem.
Religion: The greatest weapon of mass destruction of all time
If only there were more upstanding citizens such as yourself around to keep us straight.
<xml><I><am><so><damn>Web 2.0</damn></so></am></I></xml>
Firstly, let me state that I hate the term "The Cloud" - it's over hyped in the industry to the point where it means nothing anymore. However, management of public WiFi via the Internet makes sense to me.
There are a lot of suggestions here to use captive portal implementations based on Linux distros - and they're good suggestions if you know what you're doing with network configurations and setup and also have some time to throw at implementing the setup successfully. If so, this is a good route to take and can be as fancy - or not - as you want it to be.
However, I am assuming the poster has limited exposure to networking beyond what someone would do in their home. If this is the case, consider a solution like Meraki (http://meraki.com/). You buy the access points, plug them into an internet connection and configure them via a website on the Internet. Full captive portal functionality is available with just a few clicks complete with a ticket system - someone wants access and you provide them with a code that enables say 2 hours of web surfing.
We have only bench tested Meraki at this point, but we were impressed with the simplicity and functionality of the system. We are considering implementing their system simply to free up our time from managing public WiFi so we can get back to working on more impactful projects.
Note: I work for a municipal government an have no affiliation with Meraki.
Check out pfsense.org
He made an inappropriate (and wildly inaccurate assumption) about any faith I do or do not happen to believe in and continued his tirade blindly. Very similar to the blind tirades of the crusades.
Point of fact. Religious people are all bigots.
How may religious people do you hear saying "Maybe my God is not the real God, maybe yours is." Not very many, in fact I think it is actively discouraged by the various reference texts that these cults consider required reading.
Until someone comes up with a religion that says it is OK to believe in "all the gods", your statement is nonsensical.
Give a man a fish and he's gone for a night. Show him how to use the 'net and he won't bug you for weeks.
Somehow, I don't think they're a non-prophet organisation.
I seriously doubt that the vast majority of (US-based) strident atheists on Slashdot "endure a lot of religious bigotry in their daily lives". In our area, atheism is the new cool thing to be, having replaced Buddhism a while back. I know several Buddhists that really don't like Christianity, but for the most part their beliefs constrain them to be at least polite. Atheism has no such constraints.
just set a password and only list it in the areas that you want people to have the wifi.
And that does not cost anything to put it.
Linksys homeowner AP's have the ability to add time restrictions to wifi access, but that would only work if the basketball and sunday school are on different schedules. Also If you just don't want the guests to have access to your internal network, set up a guest SSID vlan tag it and add a route to go straight out to the internet, doesn't really touch your internal network and in an environment like this its a simple solution that covers due diligence on your part.
"Catch and Release"? From where I come from, that phrase mostly refers to a type of fishing! How are you going to get the wireless devices inside all of the fish?
What? Read the article? This is Slashdot, we don't have to read no stinking article!
buddism?
Bring back the old version of slashdot.
Give a man a fish and he's gone for a night. Show him how to use the 'net and he won't bug you for weeks.
Teach him how to fish and he'll dynamite the reef, haul out every damn fish he can find, then blame you when there are no fish left for his children.
Give a man a fire and he's warm for a night. Set a man on fire and he's warm for the rest of his life.
Many newer access points (APs) will automatically set up two SSIDs when you run through the initial setup. The primary one is one you can use for your everyday office use. You assign it a key that will only be used on computers owned or authorized by the church. The secondary SSID is for a guest account. The guest account is configured with no security (for the initial connection--no AP security), but it presents you with a splash screen where a guest password must be entered when you initially connect (if you assign a password during setup). That guest password is one you can had out to your Sunday School teachers or other authorized users.
Traffic on the guest network is fully segmented from that on the primary network, thereby keeping your church office network free from curious eyes while facilitating Internet access for anyone else who may need it.
The Cisco E3000 ($100) is one device that provides for such guest networks. It handles current and legacy protocols (802.11b/g/n). I've been using one for about six months and it has been great. My home PCs have access to the primary connection, and we give out the guest password to our kids' friends when they are over.
I use irony whenever I can, but my shirts are still wrinkled...
Why would you not solve the problem before doing that first bit?
I'm always amused by some of the comments here as it shows a profound ignorance (not yours). Heck anyone who has seen Bill Maher's "religulous" will hear senior vatican officals saying something like "Its all hooey, people need their stories." Even senior officals in the anglican community say the same thing:
http://religion.blogs.cnn.com/2011/12/29/my-take-the-3-biggest-biblical-misconceptions/
The whole bible being taken literally is a recent phenominom. One should be taking the central message from the bible, not viewing it as a historical truth, a set of laws etc.
As for myself, I am religious but I don't push my faith on other people, nor do I want them pushing other people's faiths on me.
Bring back the old version of slashdot.
Many thanks for all the helpful suggestions. I honestly didn't know that what I was looking for was called a "captive portal." I genuinely appreciate all the people who pointed me in the right direction.
Have a blessed day!
Why not go with a Public VLAN and Secure VLAN? Setup the public just to have internet access and the secure to have full access. Make the Public password simple and let it out by word of mouth. That will allow users to access the internet and get mail when they are on campus and keep them away from the important stuff. Obviously, since you admit you don't know what you're doing, you'll hire someone to do this, yes?
Catch and Release? I too have to question that naming, but from the summary, I get that they want to set up some sort of system where you first log in in some way and then you have access to the network.
Turns out, the type of system is a bit easier than you might think.
Let's start with the basics:
DHCPD. It's a process that we're all familiar with... at least in the sense that we all know what it's for. Turns out, you can specify MAC addresses for special treatment and assignment to specific pools. That's a great start isn't it? You just set up the default pool to offer a non-routing IP range, giving out a DNS server which resolves all requests to the same server IP which hosts a page offering the user a chance to enter a password or whatever.
That page has a PHP (or whatever language you like on the backend) thing that accepts the input, adds it to a table in MySQL, then updates the DHCPD configuration to reflect the new lease information... that is to say, the MAC address of the user now has an assignment to the "live" pool rather than the default.
That's a simplistic description of a simple process. Of course there are details to work out. There are background processes which would periodically check the connections and lease times and stuff like that, but once you have the basic of the system working, those details can be accounted for as development progresses. I feel like I'm reinventing the wheel, but I've not seen a free version of what I describe anywhere.
(I'm quite sure they exist, I've just never seen one... next up, someone will link me to precisely that...)
Sorry for the anonymous post. Hadn't logged in yet from work. Thanks for all the suggestions, and for pointing me at "Captive portal." All your suggestions are greatly appreciated. Have a blessed week.
buddism?
Buddhism is a philosophy. I suppose one could argue that it is a religion, but I don't think it espouses a god.
When researching for the same setup, I came across this: http://www.intellinet-network.com/en-US/products/9236-guestgate-mk-ii . We have a very large building, and trying to provide any kind of technical support to anyone who might possibly need it would be impossible, so encryption with a key was out of the question. For us, the main point of the capture portal is to keep people from driving by and using our internet connection. I basically use the Guest Gate because it provides a catch-and-release portal, but its internal DHCP server provides also each client with an IP on a different subnet (a little bit of security there). I couple it with Netgear access points that have client separation enabled so no two wireless clients can talk to each other. The Guest Gate has some rudimentary web filtering, but I wanted something a little more granular so I installed a Linux proxy with white/blacklisting capabilities outside of the portal. Now I can manage some content, and when guests or church members want internet access, I just need to give them the password for the portal. By the way, this setup is connected directly to the dual-WAN router and the router's firewall is setup so that none of the traffic on the wireless network has access to the internal network. The church staff can't access any internal network resources over the wireless network, but they've pretty much been content to have access to the internet itself. It's probably not the cheapest or easiest solution (unless you used the Guest Gate by itself), but it does exactly what I want, and everyone seems to be happy.
What I do is get an additional separate network from my ISP. Connect my routers through my patch panel and then use Netgear Wireless Routers that allow you to restrict based on time.
Good luck if you need any additional help contact me
Nick Dreyfus
Nick@Dreyfustc.com
Religion does not imply belief in a god. You are confusing religion with theism.
I read write up and first thing I thought of was run Linux with IPTABLES/CHAINS. Force proxy through squid set the ACL to only allow surfing during the required hours. What's hard about that? You could even get freaky and set your internal network on a different address and ADD ROUTE for the Guests, then again it would require some reading on the posters part and a bit of googling.
I wish you the best of luck in setting this up and administering the network.
I am Bennett Haselton! I am Bennett Haselton!
That is more like an exercise in philosophy than religion. Actually, I could enjoy that, but I don't know how long they would put up with me.
Amazing though, that the google search has done that for years, yet anyone mildly familiar with it can weed out the necessary from the search usually by reading the description in google.
I am Bennett Haselton! I am Bennett Haselton!
Just schedule times when connecting to the wifi is allowed? I'm assuming that the sunday school classes are always within a certain time frame (ie: sundays at 11am-2pm) and many routers I've seen have on/off times which can be set up through the interface. So, just set up the scheduling. My DD-WRT flashed WRT54G has that very capability set up (just looked into it while typing this post in fact) and it's quite simple to do, you can set up allow/disallow times with just a few clicks.
Religion does not imply belief in a god. You are confusing religion with theism.
Well now, doesn't that just throw another abstraction into the mix. OK, from now on I'll try to be more explicit.
It meets the US government's criteria for a religion, which as I understand, means it has defined rituals. There a thing with water every year that symbolizes community.
Given that the first principle is to respect everyone's worth and dignity as an individual, they'll likely put up with you for quite a while, as long as you'll put up with them as well. My church has quite a few outspoken "devout atheists", who will complain about any use of religious texts in the services. One in particular has been a member for 30 years, and doesn't look like he'll be kicked out anytime soon.
You do not have a moral or legal right to do absolutely anything you want.
Of course as soon as I hit submit, I remember the phrase my now-wife used to describe it: It's religion without dogma.
You do not have a moral or legal right to do absolutely anything you want.
Buy a digital Timer. Set it to power up the wireless AP only when you want it available. Keep the AP and timer out of reach of those that may want to mess with it. If a special event comes up and wireless access is needed anybody can push the timers "ON" button to turn on the wireless and then the "OFF" button later to return it to timer mode.
I have used this solution in the past to great success in a warehouse/office environment to cut the internet at night because warehouse night staff were surfing instead of working.
Look at www.fon.com
You know you're going to hell that.
Seriously, is it worth risking your immortal soul to be wrong?
All you have to do is let Jesus into your life and ask forgiveness for all your sins.
Who knew such unabashed idiocy and bigotry would exist on slashdot?
everyone
Can you not just change the key after each weekend, and re-issue it to the next weekends visitors? You want the simplest solution here, nothing complicated - changing the encryption key is usually pretty easy and someone could easily write a guide with screenshots - that way if someone leaves or moves away who has this as their job, the person who takes over can easily pick it up and carry on in the same way.
You can get open source firmware updates for some wireless routers/access points which will let you set up login names etc. but someone has to manage this for each new visitor - having a weekly changing key you can print off and hand out may well be much much simpler.
Ahh, so you're that guy. You're not even trying to steer the conversation anymore, just cutting directly to it now, eh?
I'm on an IT committee at my church as well. We've set up an old Dell Dimension 2400 with pfSense 2.0. 3 NICs (1 on-board, 2 PCI) and set up two VLANs, one VLAN being their office LAN and the other being a Captive Portal enabled VLAN with three WRT54G WAPs loaded with Tomato.
Firewall rules were created in pfSense to prevent wireless users from accessing the office LAN and wireless segregation was enabled on the access points to prevent chatter between wireless clients (prevents infected clients from attacking potentially vulnerable clients on the same network).
pfSense has a voucher system that allows you to create several rolls of time-based vouchers. You can either give the teachers a roll of active vouchers that are only good for a certain length of time, (say, the length of the Sunday school class) or you can set pfSense scheduling to restrict all access to the Captive Portal off-hours.
You can also add MAC address exceptions to the Captive Portal instead, (not really completely secure, but keeps your average users out) limit the number of associated users and bandwidth per associated client to prevent one user from monopolizing the entire connection.
Did you know that using the word "all" made your statement wrong?
Look closely at your signature.
Why is it so hard to only have politicians for a few years, then have them go away?
Here's a blunt force method, which is extremely cheap, unhackable, and understandable to even the old ladies in the pews. Intermatic makes digital timers that can have 8 different programs. Turn the access points off when you don't want them accessible, turn them on when you do...
http://www.amazon.com/Intermatic-TB121C-Digital-Tabletop-Appliance/dp/B000E8XGBI
Providing an internet connection which a user then misuses does not make you a criminal. Otherwise ISPs could not function.
I hope you meant socializing, not socialization. Otherwise it sound pretty creepy.
http://www.acetonestudio.com
Is this so the eeeeevul atheists can't use it??
Those of us that has been hanging around in these parts of the woods for ten plus years might know the answers to such 'obvious' questions now, but at some time we all start out. You might be sad that you no longer only find questions that challenge your intellect, I find it sad that I hardly anymore can recommend Slashdot to those who starts out, including my sons, I had hoped they could join the crowd where I love to hang out without meeting such ugly statements.
It's flamebait because 'scientific spiritualism' is nonsense. Like 'Socialist Libertarian'. Self contradictory. All it tells you is the person making the statement is a bloody idiot.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
Get a new wireless access point. Many new models include what you're looking for. They appear as if they are multiple Access Points. Make two networks:
ChurchBusiness: WPA2 security, user accounts or strong password; full access to internal network
ChurchGuest: Security either as WPA2 password, or no wireless encryption and web redirect to authentication page; has only access to Internet, no church net access.
Many new routers under $200 have the ability to do the above. The Apple Airport Extreme can do the above, as can various Netgear or Linksys. Pick one up at a local retailer, give it a try.
church != NPO (non-profit organization)
"kittens for kripples" is a NPO. Pure and simple; no ulterior motives. Whereas a church has a whole social and political agenda that likely conflicts with many of the ideals that slashdot was founded on.
Trashware PC with dual Ethernet cards and run the Easyhotspot either as the ISO or run a regular distro e.g. Ubuntu, add the bits and run the Easyhotspot interface (there is a manual on setting this up - I wrote much of one of the manuals). Generate and print out "token" passwords that are valid for the training week. I have only patched bugs on this, I am not related to the original coders, I am a secular humanist, I have a dog.
You honestly believe this? I just got back from a trip where I spent a week using the wireless network of a parish school across the street - it was widely known in the neighborhood, whether they were parishioners or not. My mom isn't a parishioner, and had the password on a sticky next to her monitor!
You might as well run a network with no password, as that's essentially what you're already doing, and save yourself and your parishioners the trouble.
maybe I should have post about how atheists like Stalin and Mao killed many millions of people?
You like way too many other people just don't get it point so I will spell it out for you.
Guess what PEOPLE do really great things. Some PEOPLE do really crappy things. The people that do the worst things will use anything they can as an excuse for their acts. It doesn't matter if it is a member of the KKK, or a Bigot on Slashdot bashing someone for going to church. They will find some way that makes them feel like they are better than someone else and give them an excuse to attack.
Then you have the other less than pleasant people that are jumping down this guys throat for even asking this question when he or she could just Google it. Well maybe but it is NOT the authors fault that it is on Slashdot. THE EDITORS DECIDED THAT THIS WAS A QUESTION WORTH ASKING. So those that are complaining about this being a stupid thing to ask should really be complaining to the editors for not well editing what ends up on Slashdot.
So what it comes down to is if YOU HAVE NOTHING TO SAY THAT WILL HELP ANSWER THE QUESTION THEN DO NOT POST. IF YOU THINK THIS QUESTION IS STUPID THEN BLAME SLASHDOT. IF YOU DO NOT CHOOSE TO GO TO CHURCH THEN PRETEND THAT HE IS ASKING ABOUT SETTING IT UP AT A FREAKING HO TRAIN CLUB!
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
I did indeed. Although, through exchanging ideas, socialization does occur.
The church also does tend to lean left politically (due to the preference for letting people do and think what they want, rather than what some authoritative government/corporation/book tells them to), so socialism is often discussed, too...
You do not have a moral or legal right to do absolutely anything you want.
The version I've always liked is:
Light a man a fire and he's warm for a day; light a man afire and he's warm for the rest of his life.
Of course that really only works in text form.
Depends on what you're looking for. Roughly speaking, if you are looking for something popular you will find with some ease. If not, you will easily fall into some obscure forum or page where the answer - if any - will be "Google search, noob." But what to do if you got there exactly looking at Google? Go again to Google search, find another forum and get another "search on Google, loser"? More clear now the problem?
Religion: The greatest weapon of mass destruction of all time
I wouldn't trust Wikipedia's definition for anything religious or spiritual -- it's garbage. e.g. The article on Gnostic is a joke.
a) Wikipedia asserts without any references that religion is external, not internal which is nonsense. Religion doesn't depend on "popularity."
TRUE religion is the act of living the life to prove your beliefs; or said another way "Religion is Applied Philosophy". Thomas Paine also has an interesting perspective on Religion: http://www.deism.com/paine_essay_religion.htm
b) While Sunderland is correct with his definition of Religion he is also [appears? to be] ignorant of the fact that _everyone_ has faith; but he is correct not everyone has Religion or religion. Initially you can't prove your beliefs -- you take them on faith. If you don't have faith in your beliefs then why do you have them [beliefs] in the first place? The belief in God is orthogonal to Religion. Which is what the point he was driving at.
Note: These two reasons are why Science is a Religion:
Faith? Check mark.
Desire to Prove Beliefs? And Check mark again.
QED.
Science is only _one_ way to arrive at the answers / proof.
i.e.
Scientists take it on faith that the speed of light is constant throughout the universe.
Scientists take it on faith that there was no 'time nor space' before the Big Bang.
etc.
Hitler and Nazis in general where Pagan.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
The problem isn't in searching Google, it's HOW you search it. It's akin to knowing what to ask and how to ask it, ala http://catb.org/~esr/faqs/smart-questions.html
Hitler and Nazis in general where Pagan.
No, in general they were Christian. They even made up their own version that got rid of the jewish parts: http://en.wikipedia.org/wiki/Positive_Christianity
Like many modern Christians who are into astrology etc. they mixed in other, sometime pagan beliefs. You could argue that some/all of them were using religion to promote another agenda but you could say the same thing about some modern Christians (e.g. televangelists/politicians).
Most routers already give you access/restriction options very similar to what you want, right in the administration settings.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Whitelist the specific sites you use (bible references, your church's website etc.), whatever generally useful sites you would like to allow (maps, taxi companies, airport schedules) and social media you want to allow (facebook, twitter). That should make most people happy and stop most abusive behaviour. The neighbors who want to surf pron will get frustrated and give up and any sites they do view should use minimal bandwidth.
maybe I should have post about how atheists like Stalin and Mao killed many millions of people? You like way too many other people just don't get it point so I will spell it out for you.
Thank you.
Guess what PEOPLE do really great things. Some PEOPLE do really crappy things. The people that do the worst things will use anything they can as an excuse for their acts. It doesn't matter if it is a member of the KKK, or a Bigot on Slashdot bashing someone for going to church. They will find some way that makes them feel like they are better than someone else and give them an excuse to attack.
You were the one presenting individuals as examples, I think you are making my point here.
Then you have the other less than pleasant people that are jumping down this guys throat for even asking this question when he or she could just Google it.
I didn't say that. Although I confess to thinking it.
Well maybe but it is NOT the authors fault that it is on Slashdot. THE EDITORS DECIDED THAT THIS WAS A QUESTION WORTH ASKING. So those that are complaining about this being a stupid thing to ask should really be complaining to the editors for not well editing what ends up on Slashdot.
I think that is the effect of conversations like the one you mention above. (Just Google it)
So what it comes down to is if YOU HAVE NOTHING TO SAY THAT WILL HELP ANSWER THE QUESTION THEN DO NOT POST. IF YOU THINK THIS QUESTION IS STUPID THEN BLAME SLASHDOT. IF YOU DO NOT CHOOSE TO GO TO CHURCH THEN PRETEND THAT HE IS ASKING ABOUT SETTING IT UP AT A FREAKING HO TRAIN CLUB!
So I should pretend that the post is something that it is not? I could pretend that you make sense, or that all of the above is relevant to our conversation too. I could pretend you are a pretty girl and be nicer to you, or that I am sitting on a horsey as I type this. Wouldn't change anything.
I feel personally threatened by religion. There are millions of people in the midwest US who are waiting for the rapture. So much so that they would love to see a nuclear holocaust or the like. They certainly are comfortable with the way we have destroyed the environment. Michelle Bachman actually claimed, on video, that the severe weather we are having is God's way of telling the US administration to get their accounting straightened out. (or words to that effect) The middle east is a hotbed for war, we know it is about oil, but religion is the excuse that is used. Hell, The Jewish and Muslim peoples both have the same ancestry in the middle east. The Israelis have been perpetuating genocide on the Palestinians since 1948, and they get away with it partly because they are supported by the rapture crowd. Science is perpetually hobbled by religion. In fact, religious people would have us believe that Jesus used dinosaurs like ponies. etc. etc. ad infinitum.
I have no problem with what people do, say, or believe as long as it is not a threat to me or society. Religion does not fall into any of those categories. It's fucking dangerous. And if you argue that most people do not really believe these things, it doesn't relly matter, because the vast majority of people who only pay lip service to religion lend credence to all of the religion, including the bad things.
Literary hygiene hint; all caps is annoying, and not in the way you intend.
It's flamebait because 'scientific spiritualism' is nonsense. Like 'Socialist Libertarian'. Self contradictory. All it tells you is the person making the statement is a bloody idiot.
I can't say that I disagree with that. A lot of people avoid saying that they are atheists by touting mother nature as their god.
History has proven time and time again though that rationality and religion are mutually exclusive.
No point in trying to apply logic then.
So what is an "Adherent of the Repeated Meme." I wouldn't ask except that I had to write a script to figure out even that much.
Why not run an unrestricted network. Are you afraid some one will run a spam mill or bot network through it. With modern AV those are not very likely. Or is it that you are more concerned that someone may actually use the network to view (oh my Gad!!!) porn. /. help you?
Now isn't that your real concern.
So why should
You feel threatened by some people so you hate all that fall in that grouping... So how is that different than hating all people with a certain color skin because someone with that color skin beat you up once?
Wow you attack people because you feel threatened by them for some nebulas reason. So hating all atheists because several governments that proclaimed atheism killed millions of people and at least one still is makes sense as well?
Your bigotry is showing.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
I wouldn't trust Wikipedia's definition for anything religious or spiritual -- it's garbage. e.g. ...
I haven't looked, but I don't have to. Any article that is the subject of faith is the basis for a raging battle on the talk page, and probably full of inaccuracies.
Note: These two reasons are why Science is a Religion: Faith? Check mark. Desire to Prove Beliefs? And Check mark again. QED. Science is only _one_ way to arrive at the answers / proof.
i.e. Scientists take it on faith that the speed of light is constant throughout the universe. Scientists take it on faith that there was no 'time nor space' before the Big Bang. etc.
I'm not sure that follows. Scientists ahve to allow for things to remain unexplained because they fit with particular models where proof is available. I think you are making a huge assumption by saying that all scientists actually accept things on faith. There are scientific endeavours to research that which we may take on faith because we do not like doing that.
There will always be holes in science and we will forever be trying to fill them. Taking things on faith is not what science asks you to do, it's what religion asks you to do. Science only sees it as a temporary measure, and perhaps as a useful tool to keep philosophers busy.
One of these: https://www.google.com/search?q=mikrotik+RB751U-2HND
Documentation on configuring it is at: http://wiki.mikrotik.com/wiki/Hotspot
You can set up user/password authentication, mac address authentication, or whatever sort of authentication meets your criteria.
How may religious people do you hear saying "Maybe my God is not the real God, maybe yours is." Not very many, in fact I think it is actively discouraged by the various reference texts that these cults consider required reading.
Actually, I hear quite a few saying that. You haven't spent much time around the pagan community, have you? Most of them, the ones who believe in gods at all, believe that there's many of them, and that each have their own strengths and weaknesses. With that understanding, it goes without saying that exploration is encouraged. Everybody has their own path to walk, and must come to their own conclusions.
Until someone comes up with a religion that says it is OK to believe in "all the gods", your statement is nonsensical
Been there, done that. There are religions which state that it's ok to believe in "all the gods". There's also religions which don't care whether you follow a god at all. Perhaps you should set aside your obvious prejudices, and do a little research before you make yourself look like a complete moron.
Actually, why not just share the internet? (with proper precautions of course) IMO, one of the missions of the church is to provide. Just isolate it from the office network so there are no surprises and give the people what they want :)
You feel threatened by some people so you hate all that fall in that grouping...
An astonishing conclusion.
So how is that different than hating all people with a certain color skin because someone with that color skin beat you up once? Wow you attack people because you feel threatened by them for some nebulas reason. So hating all atheists because several governments that proclaimed atheism killed millions of people and at least one still is makes sense as well? Your bigotry is showing.
You have me hating people now. That is a bit of a leap, how did we get there? I'm not attacking anyone in particular, I'm attacking religion. Religion maintains a set of beliefs that guide peoples lives and affects others. I disagree with it, and I stand by my right to do so. I don't hate people because they are religious, I do think that better education would reduce the harm that religion does, and I don't think that we will ever be rid of it.
If by pagan you mean catholic then yes they were pagan.
Build one with DD-WRT. Here's a set of instructions:
http://www.smallnetbuilder.com/wireless/wireless-howto/30150-how-to-build-an-open-source-wi-fi-hotspot-with-dd-wrt
John
Give a man a match and he is warm for a day.
Light him on fire, and he is warm for the rest of his life.
-
Yeah but this is a church and their primary motivation has always been control. They can't allow people to do whatever they want...
1. Setup the routers on their own isolated network (e.g. if the church run 192.168.x.x run it in 172.16.x.x, both with different netmasks) and have a central gateway that can then just push the wireless network directly to the internet; best if the routers are cabled directly to that system too if you can help it; otherwise someone with the right smarts might jump networks if they know enough about the other networks config. You could couple this with a MAC Address DHCP assignment for staff computers so that staff can use the wireless on the normal network if you like; but I'd suggest that you make them VPN into the other network instead for better security.
2. The ideas of Captive Portals, etc. are probably what you want as well.
So, it's not really a single solution - capture them into one network (e.g. 172.16.x.x); grant them Internet Access after they agree to your terms, and then allow VPN to the other network (e.g. 192.168.x.x).
Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
Somehow, I don't think they're a non-prophet organisation.
That was SO bad, it made me laugh! Then groan.
#DeleteChrome
Scientific spiritualism means that I am not willing to state, authoritatively, that there is nothing but atoms and energy.
It means that I must -- out of open mind and an earnest search for Truth, wherever it may lead -- examine every belief system I have, regularly, and cast out that which I can disprove and accept that I do not have many answers at all.
I am not a materialist, I am not a god worshipper (I have absolutely no proof that there's some cosmic being anything like a god), but I also do not discount synchronicities, the possibility that consciousness affects and may even pervade the Cosmos.
There probably is something bigger than Me. But I'm just not positive! Ergo, I'm a scientific spiritualist.
Slashdot Valentines Beta Massacre: iT WORKED! The boycotts killed Beta!!
I don't know what your topology looks like and what your equipment can do; but if your APs can support multiple BSSIDs then set up one for the sunday school/staff with WPA2, turn the broadcast off, put them in their own subnet and vlan if possible and push the configuration out via whatever central management tool you're systems use be it NIS or Active Directory or something else. (you can probably also set this up to have a domain account be a required part of authentication if you are using newer systems.)
Then you can set up a BYOD (bring your own device) BSSID if you wish, this can go in yet another subnet and vlan if possible, and can go through thicker filtering and network access restrictions, possibly even bandwidth throttling.
That is what I would do. I'm not exactly sure I understand how a hotel style access system would fix the problem.
Just pick up an Apple Airport Extreme WiFi base station. They're "mesh"-able so you can stack additional units into a network to expand it out -- but for your use case, you can set up a guest access network that you can change the password to. This way, your base network does not have to change their settings at all, and you can simply set up the guest network on a per event basis with new credentials.
Unit: http://store.apple.com/us/product/MD031/AirPort-Extreme?afid=p219|GOUS&cid=AOS-US-KWG
Cost: $179
Support article on guest network: http://support.apple.com/kb/HT3477
Upside, you also get some wicked strong WiFi, dual band 802.11n/a/b/g.
Downside, max out @ 50 clients (according to product page)
jeezbus is going to ignore his dad's copyright and duplicate all the fish
I'm the last dude to start spouting religion, but seriously, WWJD? Would he restrict access? Charge for it? You're a church for God's sake, or at least part of it. Why not make it wide open and invite anyone who wants to come, even if you get to spew out a little religious html their way?
I am working and have worked in the HSI for guest industry for over a decade as a support rep, software developer and network engineer. I can tell you that the standard install solution used by all the top vendors for hotels is Nomadix or SolutionIP Server as the registration portal page and guest management software, then for the network it is typically segmented as needed with vlans. The registration server uses these vlans to provide different registration methods to the client. Wireless AP's typically are Rukkus devices. They have smart antana's that will redirect and calibrate based on the conditions of the connected clients to provide the best signal. But this is not an affordable option for most.
There are a lot of already developed options that provide similar functions, ones that can be flashed on home devices like a linksys wifi router, there are options for software that can be loaded on linux in conjunction with a bridged wifi AP also.
However, if you do understand the process of how to provide an auto-redirect captive portal page you can, and I have, program your own linux server with open source software and then put any wireless device in bridge mode.
The method used by Nomadix and SolutionIP server software are both patented, although it is just arp spoofing, there are lots of lawsuits and the industry is slowly becoming a monopoly by Docomo. BUT... you can duplicate the results as I have with the following.
OpenSuSE for the base Linux install.
In order of connection process:
1. Client does DHCP (ISC-DCHP)
For DHCP we create a default pool (10.1.0.0) for all new / unknown clients. This has a very short lease time so that when we register them, we move them to another pool (10.6.1.0) so that we can manage their registration and IPTables access. We track their DHCP entries that we have moved to the known clients pool in dhcpd.registrations with the following type of entry:
host 70F39570CB12 {
hardware ethernet 70:F3:95:70:CB:12;
fixed-address 10.6.1.92;
}
This will provide a specific IP that will be given out to a specific device based on it's MAC Address. We can manage this file with some programming and data stored in MySQL.
The 3rd pool is for if we need another pool for any specific reason.
dhcpd.conf:
authoritative;
option domain-name "mynetwork.ca";
ddns-update-style none;
omapi-port 7911;
omapi-key mykey;
key mykey {
algorithm hmac-md5;
secret "SECRETKEY";
}
include "/etc/dhcpd.registrations";
shared-network clients {
subnet 10.6.0.0 netmask 255.255.0.0 {
deny unknown-clients;
option domain-name-servers 10.6.0.1;
option dhcp-server-identifier 10.6.0.1;
option routers 10.6.0.1;
default-lease-time 60;
max-lease-time 60;
}
subnet 10.1.0.0 netmask 255.255.0.0 {
pool {
allow unknown-clients;
range 10.1.0.2 10.1.255.254;
option domain-name-servers 10.1.0.1;
option dhcp-server-identifier 10.1.0.1;
I dont see how giving people access to the internet is a problem. if you run out of bandwidth and see someone lurking outside with a laptop call the cops.
We use untangle were I work for the public Wifi, its fantastic. needs only a really simple machine and almost any noob can set it up.
Providing an internet connection which a user then misuses does not make you a criminal. Otherwise ISPs could not function.
ISPs can provide the name an address of a subscriber to law enforcement given an IP address. The provider of an open access wireless connection generally cannot. Police don't like it when an investigative trail goes cold.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
For the love of GOD please someone mod down ALL Tsingi's post in this article. He is ruining my /. experience with the enormous amount of his post on the same issue and I have a RIGHT to complaint about it.
Thank you,
A long time Slashdot reader.
Wow, that'sawfulthat someone made you go there! I think forcing someone to go into a church against his will is illegal.
Idiot.
I thought they were in tight with the Catholics. You know "Gott mit Uns" and all that stuff.
Not everyone has the time to re-invent the wheel with a home-brew hack-a-thon frankenstein Linux thing... I'm sad to say, many of the things mentioned here are abandon-ware, don't work right, or have never worked right....
If you like Windows, DNS Redirector does what you want really well: http://www.dnsredirector.com
I don't even think it's that hard. Just use some cron jobs to control iptables.
Hey, maybe you've already made up your mind, but my advice is: just don't.
Really, why do Sunday morning classes need wifi? So the teens can watch a YouTube video? Just download it onto a flash drive--then you won't have to worry about slow or down connections. Or do you want people surfing on the iPhones even more, instead of paying attention?
If they really must have wifi at times, then my advice is: Give the password to church staff and class teachers who need it, and tell them not to share it. Undoubtedly someone will share it with a friend or relative eventually, so change it once a month.
Sometimes the best answer is really: "You know, we don't even need to do this at all."
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."
This is azalin posting as anon because of previous moderation (while this was still a tech thread).
If there ever was a time to spend all 15 mod points on "Offtopic" this discussion would be it.
A guy asks a technical question he probably couldn't google (hint: he doesn't even know the right terminology) and the editors decide it might be interesting to have a discussion on various controlled WiFi access methods (captive portal, radius server etc).
It was even a topic I was mildly interested in as I had similar problem a few years ago (very small hotel with a limited budget and a not so tech savvy owner). He also wanted some sort of control over it to prevent abuse. The usual commercially available and simple solutions where just to expensive (of his guests about 5 per week asked for Internet) and I had never done anything like this before.
I did the research myself and came up with a solution that works pretty well, but has some minor drawbacks (creating new vouchers is cumbersome, and can't be done by the owners).
So I thought maybe it would be a good idea to find up what is en vogue these days, and read through the comments. What did I find? A few captain obvious post ("turn it of while not in use" - though this might actually help in the given case), a few helpful ones (like noting the correct search term), a few decent links, a few dumb ones ("turn off SSID"), and dozens of anti religious rants.
This is a f***ing tech site (well used to be) not an "I'm an atheist and therefore smarter than you" anti religious hate board.
So get your sh*t together and either participate in the tech discussion or shut the f*ck up and go somewhere else.
~azalin
One of the best firmwares out there is Tomato, and its various forks like TomatoUSB. I am running TomatoUSB on my Linksys E2000 router right now, it's rock solid. For a captive portal specifically, there is a "Tomato RAF" version by Victek. Check it out here:
http://victek.is-a-geek.com/tomato.html
Even logging in manually to turn on the wifi has the problem of:
* Various people have to know to log in.
* Remember to turn it off.
How about wiring a plug into coat room light circuit. Plug with wifi hub into that plug. When the coat room light is on, you have wifi. When people are gone, the wife is turned off with the lights.
Third Career: Tree Farmer Second Career: Computer Geek First Career: Teacher, Outdoor Instructor, Photographer.
The Cisco/Linksys E4200v2 wireless router can support up to 50 wireless devices using the guest network. This network is separate from the regular wireless network and users connect to it by typing in a password you define into a default web page, similar to hotel access. You could then change the password every x weeks without affecting your normal wireless network configurations.
The church also does tend to lean left politically (due to the preference for letting people do and think what they want, rather than what some authoritative government/corporation/book tells them to
Is that really a left idea? As far as I have seen the left, they are the ones that are always trying to nudge people to do what they want them to do. The Democrats seem to be the ones pushing for more cigarette taxes, and alcohol taxes.
Or, is this one of those issues where Democrats aren't really left?
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
History has also proven time and time again that religion and rationality coexist very well. Christianity was where the university system started, it is where science was born. The Catholic church is consistently on the side of science. The problem is, the news organizations focus on those that aren't really religious, but try to use religion to nudge people in the direction they believe. Creationism isn't a Catholic belief, the Catholic church believes that evolution is a fact, they just believe a higher power directs evolution, rather than simple randomness.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
That's one of those issues where whether it's liberal or not depends on your perspective on other things.
On the one hand, respect for personal liberty would mean that you should be free and unrestricted to use whatever substances you want on/in your own body. On the other hand, cigarettes and alcohol (abuse) raise healthcare and other costs for the rest of society. Some Democrats believe that personal liberty is more important, and some Democrats believe that a lower cost of living is more important. The same dilemma is present in the recent (and current) health insurance debates. Some Democrats believe the freedom to choose one's own insurance (or none) is more important, and some Democrats believe the lower costs for everyone (brought on by having a giant insurance group) are more important.
These are issues where the left-right political spectrum is ridiculously inadequate.
You do not have a moral or legal right to do absolutely anything you want.
Now, there''s a Freudian slip worth investigating.