[ previous ] [ next ] [ threads ]
 From:  "Quark IT - Hilton Travis" <hilton at quarkit dot com dot au>
 To:  <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall-dev] DHCP Server request
 Date:  Mon, 21 Feb 2005 17:52:47 +1000
Hi All,

OK.  So I have now configured Captive Portal for the users on that
network.  Works fine as far as captive portal issues go - all blocked
until they agree, and I can configure certain users to bypass the
captive portal.  Nice.

Unfortunately, this doesn't address my first concern - the ability to
block certain (or all unspecified) MAC addresses from gaining access to
the Internet.

Unfortunately, it also doesn't address my second concern - the ability
to have the MAC addresses in a list and be able to turn them on/off with
a checkbox.  Even in Captive Portal when a MAC is deleted from the
"Pass-through MAC" area, it is deleted, not just disabled.

So, what I'd like to see for the Captive Portal section is the

1. The ability to just disable a particular MAC/IP from being on the
"Pass-Thru" or "Block" list, not having to delete it totally - somewhat
like in the Firewall Rules section where a rule can be configured but

2. The ability to block a particular MAC address in a similar way to
"Pass-through MAC", but called something like "Blocked MAC".

3. Same goes with IP address as well as MAC address.

4. What would be really nice is a checkbox in the "Blocked" sections for
"Block all MACs/IPs not listed in the Pass-Thru Section" which would be
a really, really quick and dirty "close" of the network to all non-admin
(or whoever's allowed to pass thru) users.

Unfortunately, many of the tennants aren't sheep, so they can configure
IPs and MACs to get around simple blocks.  Hence why the "Blocked MACs"
and "Blocked IPs" would be nice.



Hilton Travis                          Phone: +61 (0)7 3344 3889
(Brisbane, Australia)                  Phone: +61 (0)419 792 394
Manager, Quark IT                      http://www.quarkit.com.au
         Quark AudioVisual             http://www.quarkav.net

http://www.threatcode.com/ <-- its now time to shame poor coders 
into writing code that is acceptable for use on today's networks

War doesn't determine who is right.  War determines who is left.

This document and any attachments are for the intended recipient 
  only.  It may contain confidential, privileged or copyright 
     material which must not be disclosed or distributed. 

> -----Original Message-----
> From: Chris Dickens [mailto:chris at object dash zone dot net] 
> Sent: Saturday, 19 February 2005 06:11
> Jesse:
> Welcome to the wonderful world of corporate sheep.  99% 
> of people have no clue what a static IP is or how to 
> figure out one to code in, and this level of 
> obfuscation sadly works - but not against you or I. :)
> --Chris
> -----Original Message-----
> From: Jesse Guardiani [mailto:jesse at wingnet dot net] 
> Sent: Friday, February 18, 2005 3:05 PM
> On Friday 18 February 2005 2:27 pm, Quark IT - Hilton Travis wrote:
> > Hi All,
> > 
> > I have a request for an additional feature in the "DHCP 
> > Server" page.  Currently, it is easy to add MAC 
> > addresses for static mappings.  It is also easy to 
> > remove them.  I have a client who leases "space" on 
> > their Internet pipe to building tenants, and if these 
> > tenants have not paid their bill in time, they need to 
> > have Internet access blocked.  Currently, it is 
> > required to have a list of the MAC addresses of 
> > registered machines so that once the client has paid 
> > (late) the list is consulted to re-add them to the list 
> > of allowed MACs.
> > 
> > What would be nice is a "Disable this address" option 
> > in DHCP Server just as there is in the Firewall rules 
> > that would not delete that MAC address from the list, 
> > but not allow it to access the Internet - allowing a 
> > simple checkbox operation to re-add this MAC address to 
> > the allowed list.
> > 
> > It would make this feature much more usable in 
> > situations like this.
> AFAIK, disabling DHCP won't actually prevent the user 
> from getting on the internet. It'll just prevent them 
> from getting an IP. It's easy to setup a static IP, 
> even under Windows 98, so why don't you use Captive 
> Portal instead? Then you can add your MAC addresses 
> and delete them in the way you describe, along with 
> popping up a message stating that the tenant's bill
> might be due if their MAC isn't found...
> -- 
> Jesse Guardiani, Systems Administrator
> WingNET Internet Services,
> P.O. Box 2605 // Cleveland, TN 37320-2605
> 423-559-LINK (v)  423-559-5145 (f)
> http://www.wingnet.net