sysadmin/DHCPPortalOverview written at 16:08:21; Add Comment
How our 'plug in and go' laptop network DHCP portal works
As I mentioned in the last entry, we have an internal subnet for laptops and other generic user machines. For various reasons, we require machines on this subnet to be registered so that we can identify who is (theoretically) responsible for them. One of the ways that people can do this is with a 'plug in and go' registration portal; you plug in, try to go somewhere, and you wind up on a simple registration web page instead.
Behind the scenes, it works like this:
In terms of servers, the special fake DNS server and all of the web stuff run on one machine, while the DHCP stuff runs on another (and the firewall is a third machine). This is mostly a historical accident, in that we already had the DHCP server running in production before we started building this registration portal system.
Redirecting people's connections with DNS instead of with firewall magic is much simpler but has some side effects, especially since the machine that responds to the wildcard A record's IP address does have an ssh server. We should probably do some work to make the wildcard record's IP address block access to at least the ssh server.
* * *
Atom feeds are available; see the bottom of most pages.