[ previous ] [ next ] [ threads ]
 From:  "Quark IT - Hilton Travis" <hilton at quarkit dot com dot au>
 To:  <m0n0wall dash dev at lists dot m0n0 dot ch>
 Cc:  "Jesse Guardiani" <jesse at wingnet dot net>
 Subject:  RE: [m0n0wall-dev] DHCP Server request
 Date:  Tue, 8 Mar 2005 21:41:01 +1000
Hi Chris,

I clearly explained earlier that I know the difference between the
Internet and an internal machine.  Suggesting so is totally and utterly
missing the whole point of my original question.

As this is a firewall/gateway device, there's NO WAY that it can stop a
machine talking to another machine on the same physical segment.  A
firewall/gateway, in case there's anyone out there still unclear on this
(and if there is, WHY are they on the dev list???) can only block
traffic passing through it - not traffic on a local LAN, nor traffic on
the local freeway or train line.

What I was asking was if there was a way to utilize Captive Portal
without a RADIUS Server, instead authenticating to a file of user/pass
or a local database or some other means of auth.



Hilton Travis                          Phone: +61 (0)7 3344 3889
(Brisbane, Australia)                  Phone: +61 (0)419 792 394
Manager, Quark IT                      http://www.quarkit.com.au
         Quark AudioVisual             http://www.quarkav.net

http://www.threatcode.com/ <-- its now time to shame poor coders 
into writing code that is acceptable for use on today's networks

War doesn't determine who is right.  War determines who is left.

This document and any attachments are for the intended recipient 
  only.  It may contain confidential, privileged or copyright 
     material which must not be disclosed or distributed. 

> -----Original Message-----
> From: Chris Dickens [mailto:chris at object dash zone dot net] 
> Sent: Tuesday, 8 March 2005 13:23
> To: m0n0wall dash dev at lists dot m0n0 dot ch
> Cc: 'Jesse Guardiani'
> Subject: RE: [m0n0wall-dev] DHCP Server request
> Jesse:
> My apologies - I didn't realize you weren't the original 
> poster.  I was most
> definitely referring to the original poster, Quark IT - 
> Hilton Travis.  I am
> also quite confused so I will be interested to hear back from Quark.
> --Chris
> -----Original Message-----
> From: Jesse Guardiani [mailto:jesse at wingnet dot net] 
> Sent: Monday, March 07, 2005 9:51 AM
> To: m0n0wall dash dev at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall-dev] DHCP Server request
> On Monday 07 March 2005 8:00 am, Chris Dickens wrote:
> > Well, that's just dumb and I didn't think anyone would even bother 
> > with the captive portal if they didn't intend to also auth with 
> > RADIUS.  Afterall, it's pretty useless then to give someone carte 
> > blanche access just by clicking one button?
> > 
> > They should just set up a RADIUS server and get over it.  
> I'm basing 
> > my response on your assertion that Jesse is competent 
> enough to handle 
> > administering such a service.
> Hey Hey, let's get our facts straight before we start 
> throwing names around.
> I'm not the original poster. I was just trying to give him answers and
> suggestions. Quark IT - Hilton Travis is the original poster.
> Also, Quark IT - Hilton Travis seems to jump around a bit. 
> I've re-read all
> of his posts, and I don't see anything about RADIUS mentioned 
> there. He
> started out talking about DHCP, then I suggested Captive Portal.
> Then he said this:
> "Unfortunately, this doesn't address my first concern - the 
> ability to block
> certain (or all unspecified) MAC addresses from gaining access to the
> Internet."
> But I'm sorry, Captive Portal does indeed do this. I use it 
> on my local WLAN
> network for just that purpose. Unless Quark IT - Hilton 
> Travis's idea of the
> Internet is actually other machines on the LAN, in which case 
> he's correct.
> It doesn't do that. But in that case he's using incorrect terminology.
> He then says this:
> "Unfortunately, it also doesn't address my second concern - 
> the ability to
> have the MAC addresses in a list and be able to turn them 
> on/off with a
> checkbox.  Even in Captive Portal when a MAC is deleted from the
> "Pass-through MAC" area, it is deleted, not just disabled."
> This is true. There isn't a checkbox to temporarily disable 
> MACs or IPs in
> the pass-through section. I believe this functionality would 
> be useful too.
> Perhaps he should write a patch.
> The rest of his posts seem to be founded on the assumption 
> that Captive
> Portal does not block unspecified MACs, when indeed it does. 
> And now this
> post about RADIUS? So what exactly is it that we're discussing here?
> -- 
> Jesse Guardiani, Systems Administrator
> WingNET Internet Services,
> P.O. Box 2605 // Cleveland, TN 37320-2605
> 423-559-LINK (v)  423-559-5145 (f)
> http://www.wingnet.net
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch