[ previous ] [ next ] [ threads ]
 
 From:  "=?ISO-8859-1?Q?R=F6nnblom_Jan=E5ke_?= /Teknous" <jan dash ake dot ronnblom at skeria dot skelleftea dot se>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] Captive Portal and HTTP Proxy
 Date:  Fri, 02 Dec 2005 15:09:25 +0100
Russell Ashdown <russell at ashdown dot net dot au> skrev den 2 december 2005 klockan
14:00 +0000:
>> 
>> One connected to the WAN, one to an DMZ with the squid proxy
>> in it and one with the captive portal and your clients behind it?
>> 
>I haven't tried that, but the box that the proxy runs on is the main
>Linux box.  It runs just about everything in the place from DHCP, DNS,
>Radius, Samba, Squid, Print spooler, etc.  I don't know what the effect
>of putting all this into the DMZ will be.  Presumably the DMZ in this
>case would have to be facing "inward" toward the LAN and not as expected
>"outward" toward the Internet.  Again, I don't know if that can be
>achieved.

When I'm thinking about it a little bit furher I don't think the DMZ is an
solution since
the captive portal looks for traffic on port 80(?) and squid works on
other ports so 
the captive portal would never detect the traffic.
>
>Thinking about it, I assume the concept will fail on the DHCP alone as
>the initial IP of a booting machine is set to zero and the DHCP packet
>is requested as a broadcast which has the Ethernet address decoded from
>that and gets its IP address sent back to the Ethernet address.  With
>the firewall in the middle, the address in the packet would be replaced
>by the Ethernet address of the firewall!

Nope, you use dhcprelay in m0n0wall. The dhcpserver looks inside
the dhcp-packet to see which machine (mac-address) it is that is requesting
an address and ignores the packets mac-address (the router/m0n0wall).

=====================================================


Assistentgatan 23
931 77 Skelleftea (Sweden)
-----------------------------------------------------
Phone  : +46-910-58 54 24
Mobile : 070-397 07 43
Fax    : +46-910-58 54 99
URL    : http://skeria.skelleftea.se
-----------------------------------------------------
"Those who do not understand Unix are condemned to reinvent it, poorly."
-- Henry Spencer