[ previous ] [ next ] [ threads ]
 From:  "MAALVAREZ at telefonica dot net" <MAALVAREZ at telefonica dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Reenv: Static IP and Captive Portal
 Date:  Mon, 11 Jul 2005 10:36:47 +0200 (MEST)
and thank you for your quick answer.

I will explain the case properly because my last message was so brief... sorry.

In my IT School we have often students from companies and our policiy is 
to filter any attempt to use Internet directly. Therefore we have used succesfully 
m0n0wall and the captive portal option to force this visitors to ask our 
IT staff for a temporary user and password (local users have been a great 
idea in the new beta).

The problem is that this visitors usually use static IP addresses and their 
own DNS servers (it is their home configuration and they don´t want to change 
that as they are returning to their companies in the same day) so when they 
try to browse the Internet the captive portal page doesn´t show as they 
can´t reach our m0n0wall gateway.

I would like to know if is it possible to use something like proxy ARP in 
the LAN to fake that m0n0wall is their default gateway and DNS server. Once 
they are authenticated and connected I suppose m0n0wall could stop that 
proxy arp service for that IP addresses. I think this is called zero configuration 
and some commercial captive portals use that option.

I know this is not implemented and it is difficult but I would like to know 
any clues to try developing this on my own.

Thank you again,

----Mensaje original----
De: A dot L dot M dot Buxey at lboro dot ac dot uk
Recibido: Jul 11, 2005 10:12:58 AM
Para: <"MAALVAREZ at telefonica dot net" <MAALVAREZ at telefonica dot net>>
CC: <m0n0wall at lists dot m0n0 dot ch>
Asunto: Re: [m0n0wall] Reenv: Static IP and Captive Portal


> Hi,I have been using m0n0wall for months and, as you already know, it is great. 
> One of the most valuable feature for me is the captive portal option 
with the recent improvements in RADIUS and local db authentication but I 
would like to know how could I show the captive portal page to those users 
with static IP addresses, static DNS entries and proxies configured.
> Is this possible with M0n0 or FreeBSD?

for proxies, you need to capture/contain their port. m0n0 need to have an 
option to redirect
traffic from unauthorised machines for a number of ports....eg 1080, 3128.

for other folks, if they do not have a valid MAC allow, then they should be 
anyway and will see the 'please login'/'please click yes' type page when 
they first 
browse the web