Tim,<br><br>Thanks for all the tips.<br>I should add this this box will need to handle as many as 400 connections.<br><br>99.9% of the users won't know how to change their MAC address. The MAC filter is basically just to get their attention. :)<br>
<br>-Montana<br><br><div class="gmail_quote">On Thu, May 14, 2009 at 10:10 AM, Tim Lavoie <span dir="ltr"><<a href="mailto:tim@fractaldragon.net">tim@fractaldragon.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im">Montana Quiring <<a href="mailto:montanaq@gmail.com">montanaq@gmail.com</a>> wrote:<br>
<br>
> Hello,<br>
><br>
> Can anyone recommend an appliance that runs Linux and does:<br>
> -packet shaping to throttle p2p traffic<br>
> -authentication (ldap or other way of needing people to log in with ID and pass<br>
> in order to gain Internet access) with ability to<br>
> -MAC filtering to let people through (bypass authentication) or block people<br>
> -firewall<br>
> -web admin interface<br>
<br>
</div>Firewall-oriented distros such as IPCop and Smoothwall probably do much<br>
of what you're looking for. I believe the latter is available in<br>
appliance form if you didn't want to throw together an old PC.<br>
<br>
I use pfSense, which is FreeBSD-based, but is otherwise similar to the<br>
Linux versions mentioned above. All have fairly easy setup, with<br>
web-based admin interfaces. pfSense does have traffic shaping and a<br>
captive portal (e.g. log in first) option, I believe RADIUS and<br>
web-admin-defined users are supported. Not sure if the Linux distros do<br>
the shaping and portal options, it's been a while since I used them.<br>
<br>
MAC filtering should be seen as a convenience only, as it provides no<br>
real added security. If you can see successful traffic passing on the<br>
wire, you can spoof your own MAC to match. Either way, I don't recall if<br>
it's an option in the web interfaces, but you can always muck with<br>
lower-level settings in the shell if it isn't.<br>
<br>
Cheers,<br>
Tim<br>
<font color="#888888"><br>
--<br>
"Programming is like sex: one mistake and you have to support it for<br>
the rest of your life." -Michael Sinz<br>
</font></blockquote></div><br><br clear="all"><br>-- <br>-Montana<br>Blog:<br><a href="http://montanaquiring.info">http://montanaquiring.info</a><br>My Friend Feed:<br><a href="http://friendfeed.com/antikx">http://friendfeed.com/antikx</a><br>
<br>