Hi,

I have few friends in Local service providers who provide internet to home users by taking uplink’s from relatively larger Local ISP’s. State of affairs is not so developed where we have large Telco’s directly handing out the Internet line, at least at my place.

Requirement

A local internet service provider approached me for a appealingly small problem, he has an uplink of 100 Mpbs from an ISP and he has been distributing the the same 100mb via Lan and Wlan for his customers. keeping aside legality of how he could distribute it or what not, rest assured all his traffic which is uplinked will be going to a very popular ISP, I am not going into the discussion of Legalities here. So far so good, the real problem is with their authentication, he has no idea on what is to be done nor how to cut off people on a monthly basis, more or less like plug and play, but atleast WLAN has a password.

When approached me, I was asked to provide a solution and sure enough he wanted for Firewall filtering capability and wanted to block some specific sites related to Adult content as well. I understood he was looking for a firewall, now the question, with the client size of 240 members to 400 members at peak, I am really not sure if Cisco ASA/ Checkpoint/ Palo alto /  Juniper SRX would be a affordable option atleast for him as he dint wanted to spend much, understandably so as he said he is not doing good with his business.

I thought and researched about this a lot and finally came to an understanding that it should be a VM within a  VirtualBox.  Initally i wanted to deploy PFSENSE and ENDIAN, but again pfsense is something which normal people or LAN admin may not be able to understand and this being a favor from me, I wont be responsible for adding a user or making changes once deployed.

I deployed it for having a sneak-peak into other product lines and this is under testing phase for 50 clients as of now.

First things first,

I have to deploy it in a virtual-box, why simple easy to manage, integrate and revert or may be Vmplayer will also work.

This is the network.

untangle_captive_portal

Untangle – Free Version

http://www.untangle.com/untangle-ng-firewall/appliances

Virtualbox

https://www.virtualbox.org/

First, installing Untangle onto any Vbox or Vmware Workstation, this is straight forward. I wont cover how to setup Untangle as its fairly easy and documented as well.

Once you have installed, this is how it looks like

image-1

Looking deeper into captive portal

image-2 image-3

You have radius and other protocol authentications as well, but I will be using local database for this solution, again keeping in mind about LAN admin and his knowledge.

A insight into Web-Filtering, this is a paid feature with 14-day Trial, so i have installed it for him to experience the power.

image-4

Now when booted into windows, this is what is see.

image-6

Do remember, that Untangle is also doing NAT and DHCP server in this case, you can also run in bridged mode though.

image-7

And finally we see the portal page, I have put this in deployment and should check on stability over a period of time, but all in all, a Happy client for now.

Thanks

Rakesh

Advertisements