We have a simple small business windows network with very basic internal security. We are a small college and want to provide access to the internet to your student body, but not to the internal network. We only have one outgoing broadband connection. Currently we achieve this by configuring the routers (currently 3) that all student PCs and Wireless network connect to so that they only have access to the outgoing broadband and no internal access.
This works fine, but is a little bit cumbersome and means in certain areas of the college even if you are staff you can only get access externally.
I have heard about packetfence which would allow us to set up rules for every device that connects to the network, removing the need for different subnets. However I have very little (virtually none) experience with linux, and even less with a machine with two network cards in it.
What I would like to be able to do is.
- Put CentOS or other on an old PC and add a second network card.
- Install PacketFence.
- Make a simple config change to all the routers we have (maybe 10 - 15);
- Start doling out access rights to devices on the network.
Is this possible? Am I being ridiculously simplistic?
If its possible, does someone know of a really good simple tutorial to do all the setup?
If not is there an alternative (I would consider a reasonable cost solution, but not huge cost).
Update:
Further Detail Requested.
I dont have a network diagram, and I'm not a network engineer, but I'll try my best.
- We have lots of computers, routers and switches connected together all on Subnet 192.168.1.xxx
- 1 Single outbound internet router on this subnet (254)
- 3 routers connected to this main network but only providing access to their clients to the outbound router (254) they provide dhcp to their clients wired and wireless (mainly wireless) on 192.168.123.xxx
I don't mind putting another machine into the network specifically to run packetfence, or buying a couple of new routers if needed.
0 Answers