[ previous ] [ next ] [ threads ]
 
 From:  Henning Wangerin <mailinglists dash after dash 041101 underscore reply dash not dash possible at hpc dot dk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] captive portal and DNS
 Date:  Thu, 24 Feb 2005 20:50:56 +0100
On Thu, 2005-02-24 at 20:08, Krzysztof Syguda wrote:
> HI
> I have DNS server and HTTP proxy on the same machine in second subnet.
> I have to set DNS IP as "pass throu IP" in Captive portal config.
> All client can access http via proxy without using captive portal, because IP of 
> Proxy is the same as IP of DNS.

That's a bad thing ;-)

> Do somebody have an idea how to "fix" it?

One way would be to give the server an additional IP, and only let the
DNS-server listen on it - maybe it's easier to block that via a
firewall-rule ;-)

> or How to allow "pass throu" only DNS UDP packet for unauthorised clients? 

I'm not sure that it's possible to se the difference, but by seting up
an additional IP and using that for the allowed services (blocking
everything else) unauthrized all users could get thru to the DNS, and
only auth'ed users would be able to reach the real IP of the server.

Should do the job - just like to separate servers ;-)

-- 
Henning Wangerin <mailinglists dash after dash 041101 underscore reply dash not dash possible at hpc dot dk>