[ previous ] [ next ] [ threads ]
 
 From:  Dinesh Nair <dinesh at alphaque dot com>
 To:  Manuel Kasper <mk at neon1 dot net>
 Cc:  m0n0wall dash dev at lists dot m0n0 dot ch, <mm2001 at pobox dot com>
 Subject:  Re: [m0n0wall-dev] Captive portal support!
 Date:  Mon, 10 May 2004 12:59:21 +0800 (MYT) 
On Sun, 9 May 2004, Manuel Kasper wrote:

> since the weather was so bad this weekend in Switzerland, I got bored
> and decided to give the captive portal issue a stab. I'm happy to
> announce that m0n0wall 1.1b7 is now available and includes captive

switzerland's bad weather is our good fortune. i know this sounds selfish,
but good work, manuel !

> but there may be some bugs left of course.

what bugs ? i could help fix them.

> - true to the spirit of m0n0wall, the captive portal has been done
> (almost ;) without any C coding - it's all in PHP, and I tried to keep
> it as simple as possible

manuel, are the sources to the mini_httpd and other C proggies you used
archived anywhere ?

> - the PHP script shows the AUP page, and if the user clicks the
> agree/continue button, ipfw rules to permit his IP and MAC address
> are added and the time/ipfw rule number/IP/MAC is recorded in a

perhaps a manner to upload the AUP page by using a file upload, in the
manner which the firmware is uploaded. if you chaps are willing to wait,
i could hack something like this up in the next couple of hours or so.

> - PHP is invoked every minute (by means of a simple "minicron"
> program that I wrote in a jiffy) to check for expired clients. It

sources for the minicron ?

> - If some day we can get a concurrency/connection limit in
> mini_httpd, that would be nice (for some basic DoS protection).

once again, i could hack this up with the mini_httpd.c if it's available.

> - The captive portal rules expire after the timeout has elapsed,
> regardless of client activity (this is not an idle timeout).

i think this makes more sense than disconnects based on idle time. many
captive portals would rather their users reauth on a fixed time period,
instead of idle timeout. however, the risks of the user losing his
connection in the midst of a large file download is there, but
unavoidable.

Regards,                           /\_/\   "All dogs go to heaven."
dinesh at alphaque dot com                (0 0)    http://www.alphaque.com/
+==========================----oOO--(_)--OOo----==========================+
| for a in past present future; do                                        |
|   for b in clients employers associates relatives neighbours pets; do   |
|   echo "The opinions here in no way reflect the opinions of my $a $b."  |
| done; done                                                              |
+=========================================================================+