I'd like to set up and administer a small network which would supply a captive portal where users type in a unique password and/or username to connect to the internet and to each others' computers, and which would subsequently allow an administrator (myself) to monitor/log browsing history.
I'm imagining a captive portal like the network at a coffee shop, or, on a bigger scale, at an airport, for which you must supply your email address before you can connect to the global internet. At school, we used the Bluesocket network (and we all hated it, but I think we were pushing the capacity to the max), which presented a login page something like this one - You've all seen it. Attempting to browse to another page simply caused a redirect to the original page. I understand that this setup allows my school (and the coffee shop, and airport) to track and manage users on a per-user basis.
I'd like to connect a dozen or fewer users. Right now, I have a small wireless LAN that simply provides a network with a hidden SSID and WPA encryption to prevent unauthorized use. There's a short list of simple logged in, logged out, and error messages provided by the router, but that's about it.
For now, let's assume that I can establish a captive portal to allow login/logout. This seems fairly well documented. What must I do after this to record browsing history?
I'm open to suggestions ranging from
- Buy this better router (And load some sweet firmware), to
- Install this free software and share your connection through any always-on PC, to
- Dig up an old PC and use it as a dedicated server, configured thus.
The users would often be working from shared computers, so a MAC-address based approach won't work. Typical load would be 1-5 users at a time, but more users would be registered with the system. Let's try to keep the cost at or below $200.
EDIT: Two new terms I've learned are "captive portal" and "transparent caching/proxying". This, as I understand it, is how the coffeeshop/airport/university system works. Since that appears to be under control, let's move off of beginner networking terminology (sorry) and focus on implementations of these techniques for the small business or home.
FYI: I'm a computer engineer with experience in C and embedded systems. I'm computer literate, and enjoy learning new things, but I'm completely without experience in the networking sector.
The term you're looking for is a Captive Portal. PFSense has a good one. I believe the one in the 2.0 Beta is even better.
PFSense also gives you transparent caching, multi-WAN load balancing, IPSec tunnels and all the fun stuff that comes in a fully-fledged firewall appliance.
I've had (have, actually) it running on a Celeron 1.1 with 128Mb of RAM. Without using the caching functionality it runs just fine.
Your cheapest & most flexible option is to get a Linksys WRT54G based wifi gateway & try one of the open source firmwares such as OpenWrt, Tomato or DD-WRTwhich suits your needs best.
EDIT:
You will also want to use squid to do transparent proxying so you can log/password protect web traffic.PFSense is a much more userfriendly/configurable solution for this.