[freeside-users] Freeside Broadband Development

Shivkumar shivkumar at outbackwifi.com
Tue Jul 12 10:13:41 PDT 2005 

Bryan,
I have done something similar.
I have a Solaris Box with Freeside
I have a Linux Box with the signup  stuff
both talk  to each other over an ssh tunnel.
I also have a RADIUS server (also on Solaris)
Now i use a program called NoCat (www.nocat.net) which is a captive 
gateway  capable of RADIUS auth+acct installed on a barebones linux box 
(could even be an SBC).  The NoCat  system works by dynamically changing 
the iptables rules to let through only those packets  from  machines 
which have successfuly authenticated.
The Box with Nocat is now placed at a public hotspot. It talks only to 
the RADIUS server and also contains a link to the signup server to let 
people signup for new accounts using  either credit-card  or prepay.
Whenever a customer signs up, freeside creates(exports the account 
details) the user on the RADIUS server as well.
you can also use m0n0wall (www.m0n0.ch/wall), or WiFiDoG  or ChilliSpot  
as your captive gateway.  They all  can talk to the RADIUS  server. This 
way you can even enforce session  limits etc.

Regards,
Shivkumar

bryan said the following:

>Hello.
>
>Was wondering if someone could lend me a hand with the following.
>Here is what I am after:
>
>Freeside backend/billing <-- freeradius/mqsql <-- signup server sitting on /
>a linux box that does mac address authentication.
>
>I believe that I have all of the elements physically in place. The only
>thing
>I am lacking is getting the back end to talk to the front end.
>
>Basically, I need a hand getting Freeside to push an iptables command to
>the routerbox/signup server. The box has an "iptables default redirect" to
>the
>signup server that captures the mac address. The person "signs up", and
>passes
>an "/sbin/iptables -t nat -I PREROUTING -m mac --mac-source xxxxx -j ACCEPT"
>to
>the local box, allowing them through.
>
>I'm guessing that the "router export" should be able to handle this via ssh
>to
>the routerbox/signup server. Is this correct, and could someone lead me a
>bit in
>this process? Also, is it a possibility for the signup server to capture the
>mac
>address in the "signup process" and push this into their billing record in
>the
>first place?
>
> Thanks!
>Bryan
>
>_______________________________________________
>freeside-users mailing list
>freeside-users at sisd.com
>http://420.am/cgi-bin/mailman/listinfo/freeside-users
>
>  
>

More information about the freeside-users mailing list