Tim,
Thanks for all the tips. I should add this this box will need to handle as many as 400 connections.
99.9% of the users won't know how to change their MAC address. The MAC filter is basically just to get their attention. :)
-Montana
On Thu, May 14, 2009 at 10:10 AM, Tim Lavoie tim@fractaldragon.net wrote:
Montana Quiring montanaq@gmail.com wrote:
Hello,
Can anyone recommend an appliance that runs Linux and does: -packet shaping to throttle p2p traffic -authentication (ldap or other way of needing people to log in with ID
and pass
in order to gain Internet access) with ability to -MAC filtering to let people through (bypass authentication) or block
people
-firewall -web admin interface
Firewall-oriented distros such as IPCop and Smoothwall probably do much of what you're looking for. I believe the latter is available in appliance form if you didn't want to throw together an old PC.
I use pfSense, which is FreeBSD-based, but is otherwise similar to the Linux versions mentioned above. All have fairly easy setup, with web-based admin interfaces. pfSense does have traffic shaping and a captive portal (e.g. log in first) option, I believe RADIUS and web-admin-defined users are supported. Not sure if the Linux distros do the shaping and portal options, it's been a while since I used them.
MAC filtering should be seen as a convenience only, as it provides no real added security. If you can see successful traffic passing on the wire, you can spoof your own MAC to match. Either way, I don't recall if it's an option in the web interfaces, but you can always muck with lower-level settings in the shell if it isn't.
Cheers, Tim
-- "Programming is like sex: one mistake and you have to support it for the rest of your life." -Michael Sinz