Re: [m0n0wall] captive portal and DNS

From:	A dot L dot M dot Buxey at lboro dot ac dot uk
To:	ks at misat dash tech dot com
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] captive portal and DNS
Date:	Thu, 24 Feb 2005 20:31:21 +0000

Hi,

> I have DNS server and HTTP proxy on the same machine in second subnet.
> I have to set DNS IP as "pass throu IP" in Captive portal config.
> All client can access http via proxy without using captive portal, because IP of 
> Proxy is the same as IP of DNS.
> Do somebody have an idea how to "fix" it?
> or How to allow "pass throu" only DNS UDP packet for unauthorised clients? 

bad config really. 

I would give the DNS and HTTP server a second IP address
on a subinterface...and get the DNS to listen on that interface

eg

/sbin/ifconfig eth0:1 10.0.0.1 netmask 255.255.255.0
/sbin/ifconfig eth0:1 up

(PS you might need to load ip_alias if you run Linux and dont have it built
into the kernel...eg /sbin/modprobe ip_alias)

..then edit your named to listen to eth0:1

now, you'll only allow the m0n0 to passthrough that eth0:1 address.
jobs done

alan