[ previous ] [ next ] [ threads ]
 
 From:  A dot L dot M dot Buxey at lboro dot ac dot uk
 To:  ks at misat dash tech dot com
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] captive portal and DNS
 Date:  Thu, 24 Feb 2005 20:31:21 +0000
Hi,

> I have DNS server and HTTP proxy on the same machine in second subnet.
> I have to set DNS IP as "pass throu IP" in Captive portal config.
> All client can access http via proxy without using captive portal, because IP of 
> Proxy is the same as IP of DNS.
> Do somebody have an idea how to "fix" it?
> or How to allow "pass throu" only DNS UDP packet for unauthorised clients? 

bad config really. 

I would give the DNS and HTTP server a second IP address
on a subinterface...and get the DNS to listen on that interface

eg

/sbin/ifconfig eth0:1 10.0.0.1 netmask 255.255.255.0
/sbin/ifconfig eth0:1 up

(PS you might need to load ip_alias if you run Linux and dont have it built
into the kernel...eg /sbin/modprobe ip_alias)

..then edit your named to listen to eth0:1

now, you'll only allow the m0n0 to passthrough that eth0:1 address.
jobs done

alan