If I was running a server that allowed certain user's on my LAN to access the WAN.
How can I reliably authenticate these users?
I could allow by checking MAC/IP adresses, but those details can be spoofed, right..
Ideally, I would like the user to:
1. connect to the LAN via DHCP
2. be re-directed to the server's login page when the user tries to browse
3. have to user enter username - password
4. if authenticated, user must be allowed to browse freely.
What you describe is proxy server,
e.g. Kerio control:
User-specific access management Each user in the network can be required to log in to Kerio Control before connecting to the Internet. That allows for restrictive security and access policies to be applied based on the specific user, rather than the IP address.
You could look for IEEE 802.1x authentication and RADIUS server solutions, e.g. freeRadius. (There is also a Win32 binary based on Cygwin on freeradius.net.)