It might also be better to have the radius server on the other side of
m0n0wall (eg. The WAN side).
That way the user's cannot acces the radius server to try anything on
it.
Atleast that's how I do it, the radius on the first internal lan where
you connect the WAN of m0n0wall to it, and then the "other" LAN and OPT1
interfaces for your accespoint and stuff.

I hope you can understand me, because my english isn't that good ;)

grtz

On Sat, 2005-04-30 at 21:42, Nicolas Moffa wrote:

> Chris Buechler a écrit :
> > On 4/24/05, Nicolas Moffa <nicolas dot moffa at free dot fr> wrote:
> > 
> >>Hello everybody,
> >>
> >>  Web
> >>   |
> >>   |
> >>Router
> >>   |
> >>   |
> >>m0n0wall
> >>   |
> >>   |
> >>  LAN
> >>   |
> >>   ---- RADIUS
> >>   |
> >>   ---- Access Point ))))) Computers
> >>   |
> >>   -
> >>
> >>I would want to know if it will be possible to set up m0n0wall like the
> >>top ? If not, what changes can I make ?
> >>
> > 
> > 
> > That's possible.  What are you attempting to accomplish, captive
> > portal?  In that situation, you would have to either exclude all your
> > LAN machines from captive portal, or they would also be required to
> > authenticate.  Ideally you should put the access point on a third
> > interface and run captive portal there.  it'd work just as well that
> > way, and then you also protect your LAN from wireless clients.
> > 
> > -Chris
> 
> Yes, I want to accomplish a captive portal.
> Ok for the third interface, it will permit to increase security.
> I had not thought of it immediately.
> 
> Thanks for yor answer.
> 
> 
> Nicolas
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

-- 

Christophe De Coninck | Zarek K   

http://www.zarekk.be
mailto: info at zarekk dot be mailto: god8y at rds dash clan dot be