and thank you for your quick answer.
I will explain the case properly because my last message was so brief... sorry.
In my IT School we have often students from companies and our policiy is
to filter any attempt to use Internet directly. Therefore we have used succesfully
m0n0wall and the captive portal option to force this visitors to ask our
IT staff for a temporary user and password (local users have been a great
idea in the new beta).
The problem is that this visitors usually use static IP addresses and their
own DNS servers (it is their home configuration and they donÂ´t want to change
that as they are returning to their companies in the same day) so when they
try to browse the Internet the captive portal page doesnÂ´t show as they
canÂ´t reach our m0n0wall gateway.
I would like to know if is it possible to use something like proxy ARP in
the LAN to fake that m0n0wall is their default gateway and DNS server. Once
they are authenticated and connected I suppose m0n0wall could stop that
proxy arp service for that IP addresses. I think this is called zero configuration
and some commercial captive portals use that option.
I know this is not implemented and it is difficult but I would like to know
any clues to try developing this on my own.
Thank you again,
De: A dot L dot M dot Buxey at lboro dot ac dot uk
Recibido: Jul 11, 2005 10:12:58 AM
Para: <"MAALVAREZ at telefonica dot net" <MAALVAREZ at telefonica dot net>>
CC: <m0n0wall at lists dot m0n0 dot ch>
Asunto: Re: [m0n0wall] Reenv: Static IP and Captive Portal
> Hi,I have been using m0n0wall for months and, as you already know, it is great.
> One of the most valuable feature for me is the captive portal option
with the recent improvements in RADIUS and local db authentication but I
would like to know how could I show the captive portal page to those users
with static IP addresses, static DNS entries and proxies configured.
> Is this possible with M0n0 or FreeBSD?
for proxies, you need to capture/contain their port. m0n0 need to have an
option to redirect
traffic from unauthorised machines for a number of ports....eg 1080, 3128.
for other folks, if they do not have a valid MAC allow, then they should be
anyway and will see the 'please login'/'please click yes' type page when
browse the web