[Dnsmasq-discuss] DHCP for captive portal
webwiz at pl.net
Sun Nov 2 21:32:08 GMT 2008
> I would probably allow more address for temp users, so that they can
> be likely to get the same address every time they connect -- thus make
> it simpler for you to analyze log files.
The temp users wouldnt return. They log in to a webpage, which captures there ip and mac-address, and creates a firewall rule allowing their internet access. Casual users per se dont exist. Each house has 5 IP allocations. Each month they get a bill for their usage based on the netfilter counters.
Under static ips this works pretty well. People that dont know what they are doing cant figure out how to connect anything and give up. All the perl/php code for this is at http://www.webspaces.net.nz
Under a dhcp, dnsmasq would need to reread the hosts list without restarting, which from the archives doesnt seem to be possible, is that right?
As for dhcp-hostslist , the reason i didnt know about that is that it arrived with 2.4. Debian Etch carrys 2.35.
> I suggest to make dnsmasq authoritative.
> No, but read all the advice that I got when I asked this list a
> similar question some weeks ago.
FTR thats the thread starting here: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2008q3/002356.html
Ok, yeah interesting. Sounds like im safer on static ips for now, until theres a budget for more gear. At least with the current setup a rogue dhcp server doesnt do much, because if it issues someone an ip, yes, they get an ip, but if that ip isnt registered it wont connect anyway, and the only interference that will occur is if a user gets (or sets) a duplicate ip, in which case both parties get warned by their OSes. Hasnt happened yet, to my knowledge, and perennial disbelief.
Also on static the captive portal keeps a list of registered ips, and armed with that and a straightforward broadcast ping i can quickly find any stray devices.
Im in a very similar situation to you, http://www.earthsong.org.nz. Theres a 16 port unmanaged primary switch which branches out to a 8 port switch in each block of 4 houses. And some of those secondary switches have 3rd and 4th level switches and gees even level 5 switches! Its all pretty dodgy really, 70m undergound UTP runs, the works. Functions though! and users are getting a broadband account for nz$10 (us$6). I administer it as a hobby slash incubator for work projects.
The only problem we have had is with the really cheap switches (and we talking $20). They are prone to tripping into an unstable state after power supply incidents, brownouts or spikes. The symptom is that some nodes get arbitrarily ignored. Weve gradually been upgrading the key switches to 16 port TPlinks, and after power problems the hardware that isnt on ups all gets rebooted.
BTW theres a promising looking QOS cookbook recipe in the advanced routing HOWTO which caught my eye, tailored to a uni dorm of 190 students sharing one dsl connection, phew.
Sorry, list-owner for all the way way way OT chitchat...
More information about the Dnsmasq-discuss