[ previous ] [ next ] [ threads ]
 
 From:  Jim Thompson <jim at netgate dot com>
 To:  agordon <agordon at btpa1 dot com>
 Cc:  "m0n0wall dash dev at lists dot m0n0 dot ch" <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall-dev] (No subject header)
 Date:  Tue, 26 Jan 2010 17:45:59 -0800
On Jan 26, 2010, at 5:09 PM, "agordon" <agordon at btpa1 dot com> wrote:

> Hi all. Thanks for sharing such a great product. This is my
> first m0n0wall and so far it will do most of what I want. My
> company does support for guest at hotels and there are
> several things that the chain hotels require.

>
I was the founding CTO for Wayport, (now AT&T), a company that was  
doing guest networks in hotels in 1997 (and is still doing this, as  
well as doing wireless in nearly every McDonalds in the western world.)

Now (as Netgate) we ship hundreds of units containing pfSense (a  
derivation of m0n0wall) every month.

We even have the terminity to have named one product line m1n1wall. :-)

> 1. When a computer connects to the network with a static IP, like  
> from a work network we have to be able to translate the ip and let  
> the user connect and be on the internet. I have look through most of  
> the documentation and cant see anything that will work. I am trying  
> to brainstorm and figure out how this could be accomplished.

This was important 12 years ago, but DHCP is the state of the art now.

That said, it was less than a man-week to write, test and deploy back  
then.

Basically you listen on a raw socket for ARP requests for an address  
outside the range encoded by the address/netmask of the interface, and  
respond to the request (for reasons I won't go into here, you want to  
respond to the second or later) with the MAC address of your interface  
*and* install a NAT translation for the foreign MAC address.

You'll want to eventually clean-up, of course.

It's less than 300 lines of C.

> 2. Sort of like the first if a user connects and has a proxy
> set for work or some such like we have to be able to work
> around the proxy setting and pass the user to the internet.

You pass them your own PAC file via WPAD, of course.

This is not an endorsment of the stupidity that is WPAD/PAC.

> Any ideas on either of these would be helpful. Thanks
>
> Alan Gordon.

Your website seems broken, too.

-- Jim