From: Dooza on
On 18/06/2010 04:06, Markla wrote:
> Thanks Dooza& Ken, appreciated.
>
> My understanding to do this with a proxy, I'd need each user to configure a
> proxy, which would be complex when anyone can join. Whereas using a DNS, the
> DNS server is assigned with a DHCP IP address, so I can control by DNS
> easier, and only while people are on my locally created network. Correct me
> if I'm wrong.

Not sure, but doesn't DHCP set the default gateway? Isn't that the proxy
address?

Dooza
From: Grant Taylor on
Markla wrote:
> My understanding to do this with a proxy, I'd need each user to
> configure a proxy, which would be complex when anyone can join.

You can set your proxy up as a /transparent/ proxy and the users would
not have to make any configuration changes.

> Whereas using a DNS, the DNS server is assigned with a DHCP IP
> address, so I can control by DNS easier, and only while people are on
> my locally created network. Correct me if I'm wrong.

See my comment about transparent caching above.

You are correct about controlling things via DNS.

> I've found some internet access hardware which says it supports it,
> although haven't been able to get confirmation yet, have been looking
> at the Cisco 881 in particular.

Seeing that you are using Cisco equipment, you might want to look in to
WCCP.

Link - Configuring Web Cache Services Using WCCP
-
http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf018_ps1835_TSD_Products_Configuration_Guide_Chapter.html

> I'm also told this type of solution is called a "walled garden",
> searching for that has found some options as well.

There are two types of walled gardens. 1) presents a splash page that
users have to acknowledge something to be able to proceeded to the
internet at large. 2) is a completely isolated network that you can't
access the internet from yet pretends to be everything.

> I acknowledge this isn't going be an IIS solution so I'll look for
> another forum. If anyone knows a forum where I might get further
> info, I'd appreciate it.

You can probably configure DNS to resolve all host names to the IIS
server and configure IIS to answer requests on any host name. So, you
might be able to do a (limited?) form of what you are wanting with IIS &
DNS (poisoning).



Grant. . . .
From: Markla on


"Dooza" wrote:

> Not sure, but doesn't DHCP set the default gateway? Isn't that the proxy
> address?

Yes- my networking is rusty, I'd been thinking of the proxy settings in
browsers.

I believe what I need to find, is a device as that gateway/proxy, which can
be configured to redirect port 80 traffic to a specified address. It becomes
then a question of function, capacity and cost. Any suggestions on such a
device appreciated. I'm looking at the Cisco 88x series or a PC configured
for it, at the moment.

Thanks for your responses, much appreciated.
+M
From: Markla on
Thanks, that's given me another leg-up to the solution. A few questions:

> You can set your proxy up as a /transparent/ proxy and the users would
> not have to make any configuration changes.

I follow the words but am stuck on the gap to how, can you guide me to a
product or web page which describes specifics of how?

> Seeing that you are using Cisco equipment, you might want to look in to
> WCCP.

Looking into it. My issue with Cisco is IOS can be a pain, and in the middle
of an event I won't have a Cisco tech handy when things go wrong... the
upside is they're reliable.

Looking further, my options appears to be one of these, configured to
redirect all traffic to a single IP address of an IIS server:
1. DNS poisoning (configured on the gateway)
2. Router which supports redirection (eg. WCCP, above)
3. PC running Linux and router software (eg. pfSense, MicroTik) (unless
someone can suggest a windows alternative)

Given I'm at an event including weekends, simplicity for support is vital.
Also important is while only 20-40 people might be browsing at one time, 100+
could be connected but idle, as they walk around, so I need to be wary of
user limits catching the higher number. Performance should be ok given it's a
relatively light web traffic load.

I'd appreciate if someone can confirm my understanding, that (2) or (3) will
offer more complete solutions by also redirecting/catching people who type in
direct IP addresses?

I think based on cost, (3) with a not-too-old PC wins, and also make it
easier to find a spare if one fails. I'd prefer windows simply because other
SW I use needs Win device drivers, and I'd prefer just one platform, but I
can't find a win based alternative at the moment.

Thanks,
+M
From: Markla on
While looking into the responses further, I've just found this page on
captive portals & walled gardens, which gives a good overview along the lines
of the posts above, and some additional links:
http://en.wikipedia.org/wiki/Captive_portal

With this plus the very helpful replies above, it's all making sense now.
Thanks for taking the time, appreciated.
+M