system toolbox » router

tragajući za info o pppoe serverom došao sam do popularnoh router/firewall rješenja

features

posebno me zainteresovao captive portal

Captive Portal¶

Captive portal allows you to force authentication, or redirection to a click through page for network access. This is commonly used on hot spot networks, but is also widely used in corporate networks for an additional layer of security on wireless or Internet access. For more information on captive portal technology in general, see the Wikipedia article on the topic. The following is a list of features in the pfSense Captive Portal.

• Maximum concurrent connections - Limit the number of connections to the portal itself per client IP. This feature prevents a denial of service from client PCs sending network traffic repeatedly without authenticating or clicking through the splash page.
• Idle timeout - Disconnect clients who are idle for more than the defined number of minutes.
• Hard timeout - Force a disconnect of all clients after the defined number of minutes.
• Logon pop up window - Option to pop up a window with a log off button.
• URL Redirection - after authenticating or clicking through the captive portal, users can be forcefully redirected to the defined URL.
• MAC filtering - by default, pfSense filters using MAC addresses. If you have a subnet behind a router on a captive portal enabled interface, every machine behind the router will be authorized after one user is authorized. MAC filtering can be disabled for these scenarios.
• Authentication options - There are three authentication options available.
  o No authentication - This means the user just clicks through your portal page without entering credentials.
  o Local user manager - A local user database can be configured and used for authentication.
  o RADIUS authentication - This is the preferred authentication method for corporate environments and ISPs. It can be used to authenticate from Microsoft Active Directory and numerous other RADIUS servers.
• RADIUS capabilities
  o Forced re-authentication
  o Able to send Accounting updates
  o RADIUS MAC authentication allows captive portal to authenticate to a RADIUS server using the client's MAC address as the user name and password.
  o Allows configuration of redundant RADIUS servers.
• HTTP or HTTPS - The portal page can be configured to use either HTTP or HTTPS.
• Pass-through MAC and IP addresses - MAC and IP addresses can be white listed to bypass the portal. Any machines with NAT port forwards will need to be bypassed so the reply traffic does not hit the portal. You may wish to exclude some machines for other reasons.
• File Manager - This allows you to upload images for use in your portal pages.

http://doc.pfsense.org/index.php/Main_Page

niz video wink tutoriala - http://doc.pfsense.org/index.php/Tutorials

http://en.wikipedia.org/wiki/Captive_portal

The captive portal technique forces an HTTP client on a network to see a special web page (usually for authentication purposes) before using the Internet normally. A captive portal turns a Web browser into an authentication device.[1] This is done by intercepting all packets, regardless of address or port, until the user opens a browser and tries to access the Internet. At that time the browser is redirected to a web page which may require authentication and/or payment, or simply display an acceptable use policy and require the user to agree. Captive portals are used at most Wi-Fi hotspots, and it can be used to control wired access (e.g. apartment houses, hotel rooms, business centers, "open" Ethernet jacks) as well.

http://coova.org/wiki/index.php/CoovaChilli

http://www.coova.org/wordpress/index.php/overview/gallery