On Thu, 2005-02-17 at 11:32, Nicolas Moffa wrote:
> Hello everybody,
> 
> I am testing m0n0wall 1.2b3 for an captive portal installation in French
> university. My tests interest the university but, to limit the client
> configuration, I want to know if it is possible that users don't change their
> own configuration ?? (IP, mask, gateway, DNS and server proxy adress in their
> browser if they use it).

Not if they are in control of their own pc's. If we're talking of the
property of university, it can be made hard to change those things, but
as long as people has hand-on access to the pc's there is no way to stop
them.

> Because, for example, when users have configurate a
> server proxy adress in his browser, they can't access to captive portal
> authentication page of m0n0wall.

Do it but means of information. Tell them what they have to do to get
online, _AND_ what will _not_ work. If they do it anyway, it should be
their own responsibility.

> Is there an answer to this problem in m0n0wall ?? Proxy ARP ??
> If someone have an answer, can he explain me please ??

Basicly it has noting to do with m0n0wall (or any other captive portal
system). You can't force your users not to do things the way you want.

You can make it hard for them to make changes, but don't under-estimate
your users. 

Yes I know some don't share my opinion, but as long as users have access
to their computers, and want something, some might find a way to do it.

A security-policy will not solve the access-problem, but will make it
clear to everybody what the consequenses will be.

-- 
Henning Wangerin <mailinglists dash after dash 041101 underscore reply dash not dash possible at hpc dot dk>