[ previous ] [ next ] [ threads ]
 From:  Russell Ashdown <russell at ashdown dot net dot au>
 To:  Jonathan De Graeve <Jonathan dot De dot Graeve at imelda dot be>, m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall-dev] Captive Portal and HTTP Proxy
 Date:  Fri, 02 Dec 2005 21:14:39 +1000
On Fri, 2005-12-02 at 11:11 +0100, Jonathan De Graeve wrote:
> We are not working with cookies in here.
> The only thing todo this is to use the 'HTTP_X_FORWARDED_FOR' http
> header as the clientip
> And not all proxies sent this field. If you have a proxy you should
> enable it to sent this header.

I have it enabled in Squid (just checked the squid.conf) with the same
result as before.  I would prefer to not have this option enabled as it
will potentially expose the internal IP addressing schema to the
> I will work on a captive portal enhancement for this if its really
> necessary.

> Can't you just put the http proxy AFTER the m0n0wall box instead of
> before? And even then you can enable authentication on the proxy
> resulting in no need for a captive portal.

No. Putting the proxy after m0n0wall will expose the proxy to the
Internet (you knew that didn't you?)  I could install two m0n0wall
boxes.  One as the firewall, the other as the Captive Portal with the
Proxy in the middle.  Bit silly really.  Much better to use an optional