Another way was to use MAC address based access control to the wireless device, but since the MAC address can be easily spoofed I decided that it is a bad idea also.
The only thing remaining was to implement a user/password based authentication and I remembered that I did install a PPPoE server a few years ago. So this is how it works:
On the Linux box that splits the internet connection I have 2 network cards (eth0 – WAN, eth1 – LAN).
You will need ppp and rp-pppoe server from Roaring Penguin.
1. Make sure you have an active internet connection. If not, set it up by using your favorite text editor (I use vim):
vim /etc/network/interfaces
auto lo iface lo inet loopback iface eth0 inet static address 89.xxx.yyy.zzz #Your public IP address netmask 255.255.255.240 #Your subnet mask gateway 89.xxx.xxx.xxx #Your gateway iface eth1 inet static address 192.168.1.254 netmask 255.255.255.0
Set up one or more nameservers (I use the free ones provided by Google):
echo "nameserver 8.8.8.8" > /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf
Ping some website to make sure your internet connection is working:
cristian@desktop:~$ ping google.com PING google.com (209.85.229.147) 56(84) bytes of data. 64 bytes from ww-in-f147.1e100.net (209.85.229.147): icmp_req=1 ttl=52 time=83.0 ms
2. Install ppp daemon:
sudo apt-get install ppp
3. Now get rp-pppoe from here.
wget http://www.roaringpenguin.com/files/download/rp-pppoe-3.10.tar.gz
And extract it
tar -zxvf rp-pppoe-3.10.tar.gz
Now compile it
cd rp-pppoe-3.10/src/ ./configure make && make install
4. Now, we shall edit the PPPoE server options:
vim /etc/ppp/pppoe-server-options
require-chap login lcp-echo-interval 10 lcp-echo-failure 2 ms-dns 8.8.8.8 ms-dns 8.8.4.4 netmask 255.255.255.0 defaultroute noipdefault usepeerdns
5. Add usernames and passwords:
vim /etc/ppp/chap-secrets
# Secrets for authentication using CHAP # client server secret IP addresses #USERNAME SERVER PASSWORD CLIENT IP ADDRESS "cristanhuza" * "My_s3cret_pa$$w0rd" 192.168.1.1 "friend1" * "My_friend's_s3cret_pa$sW0rd" 192.168.1.2
6. Set up the IP addresses pool:
echo "192.168.1.1-20" > /etc/ppp/allip
This will assign the future clients one IP address from the 192.168.1.1 until 192.168.1.20 range.
7. Start the PPPoE server:
pppoe-server -C isp -L 192.168.1.254 -p /etc/ppp/allip -I eth1
8. Enable packet forwarding between network interfaces:
echo 1 > /proc/sys/net/ipv4/ip_forward
9. Set up NAT in order to provide internet access to the LAN computers:
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
Congratulations! You have just set up a PPPoE server and you can be worry free now that nobody else will be able to use your internet connection without permission.