Sobari Tanuwijaya wrote: > > Dear All, > > If I want make a lan users (with private IP) can access the internet > just after passing the verification, what options do I have? > > What I want is: > * If I user want to access the internet > * He (must) run the browser > * whatever the address he typed on the address bar, he will be > brought to the verification location, which will be 'force' him > to enter his username and password > * if he passed the verification the internet access is available for > him, but if not the internet keep unavailable for him. > > The method will be the for all users, either he use the wire > or wireless > connection. > > Will the iptables help me to solve this? How? > > Thanks in advance for the help You can use a combo of iptables and squid proxy server. Have iptables redirect all port 80, 443 (and any other traffic squid can handle) to the appropriate squid port if it is coming from a given ip address range (or not from a given range, you get the idea). Then have squid authenticate all traffic, you can use mysql, MS AD, combine it with cookies or session information in mysql so users only need to authenticate once with their browsers as long as their mac address is authenticated within the last X minutes or such. You can then set a session time-limit, or record bandwidth and combine it with a bandwidth limit, squid can do all sorts of nifty stuff. -Ross ______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos