Hello all,
I have been asked to setup a gateway for a wireless ISP. After doing
some research, I have come up with a way for people to login to the
server, but have some questions about its security, expandabilty and
stability.
First off, I am using Roaring Penguin's pppoe-server program as the
PPPoE server. I am familiar with PPPoE for DSL, so I figured, since it
is widely used, it would be easy for the clients to connect using it.
Once the pppoe-server was setup and running, I just had to make up a few
firewall rules.
For now I am using NAT. Since, whenever someone connects via pppoe it
creates a ppp interface, I figured, to restrict access, I would let the
NAT take place thru the pppx connections, but not thru the wireless
interface (I tested it with ethernet so that'd be eth1 for me). If I
didn't disalow NAT on eth1 then I could access the internet without
logging in via PPPoE. These are my firewall rules:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i ppp+ -j ACCEPT
iptables -A FORWARD -i eth1 -j DROP
where eth0 is my internet connection, eth1 is the ethernet card (will be
the wireless interface with the WISP) going out to the computers which
require PPPoE authentication, and ppp+ are all the verified ppp connections.
First of all, how secure is this way of authentication? I was thinking
to myself, since passwords probably aren't encrypted, it would be easy
for hackers to find peoples login names and passwords. So, is there a
way to encrypt PPPoE passwords with my setup? Secondly, how do I make
sure two people are not logged in with the same login name? For
bandwidth control should I use 'tc' or is there a better way? And
finally, should I run a DHCP server off eth1? pppoe-server gives the
connected computer an IP address, but should I assign an IP to the
client's wireless card? They're not connecting to the internet through
it, but I am wondering what the professionals think.
Thank you for all your help in advance, I really appreciate it.
Kevin Brown.
|
Linear Mode
