Results 1 to 2 of 2

Thread: IP restrictions until user pays Internet Cafe idea

  1. #1
    Join Date
    Jun 2008
    Beans
    5

    Question IP restrictions until user pays Internet Cafe idea

    Hey, ive looked around and havnt noticed anything like what im looking for but i would assume it exists. I am looking for some software to install on a server that when someone connects their computer to the network it will restrict all access to the network until they visit a page and pay a fee and get the conformation code. If you could give me ideas of stuff that already work or even a maybe whether i could configure dhcp or something else to work like that. Any help would be great, thanks.

  2. #2
    Join Date
    Sep 2006
    Location
    Dublin IE
    Beans
    3,275
    Distro
    Ubuntu

    Re: IP restrictions until user pays Internet Cafe idea

    Hi there,

    I'd use iptables, personally. You could split your idea into three tasks ...

    1: Configure iptables
    Set iptables up to block all traffic destined for external addresses, except your own PC, and the iptables router itself. I would suggest filtering by MAC address, to make circumventing payment that little bit less than trivial.

    2: Get internet access authorisation working (without payment)
    That should be a matter of writing a script to allow a particular IP address to route packets to the internet for a limited time (eg an hour).
    • You'll need to alter your /etc/sudoers (carefully!!) to allow a web server running on your router to modify your iptables rules.
    • I'd suggest having the web server create a temporary file (eg /tmp/cafe/192.168.5.6), so you can use its timestamp to determine when to remove the corresponding rule.
    • A cron task running every few minutes could check /tmp/cafe for iptables rules to remove.


    3: Have your payment gateway execute your authorisation script
    How to do that depends on what you're using to verify payment, but it typically involves having the gateway use your authorisation script as a callback.


    Alternatively, you could do something similar involving an authenticating proxy. That would make configuring your router more straightforward, but your users would have to suffer all the down-sides of using a proxied internet connection.

    I hope that gives you some ideas.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •