[ previous ] [ next ] [ threads ]
 
 From:  "Tarun Kundhi" <tkundhi at inebraska dot com>
 To:  "m0n0wall list" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  captive portal and unlimited interface access
 Date:  Thu, 27 Oct 2005 14:25:27 -0500
I've been playing around with captive portal recently and have experienced something that I don't
quite understand. Does captive portal only come into play when traffic goes from one interface to
another? For example LAN to WAN or LAN to DMZ or DMZ to WAN, etc... I'm able to access devices and
services on same interface without needing athenticating. Is that correct?

Here is my setup.

m0n0wall 1.2 WAN
--- LAN  --- switch - clients
        |-------netgear MR314 (AP only)- wired & wireless clients 
--- DMZ  --- switch - HTTP server

captive portal is on LAN

I can access clients on the LAN and the m0n0wall box without logging in to the captive portal. If I
attempt to get to the WAN or the DMZ I get the captive portal webpage as intented. Is this normal? 

If so then I understand it is wise to put the wireless on a seperate interface so access to LAN
clients is protected. But what about someone trying to compromise m0n0wall itself since it appears
that the ip address of the interface is accessible without passing through the captive portal?

Better setup to protect the LAN clients. But is still allows allows access to m0n0wall without
passing through captive portal.

m0n0wall 1.2 WAN
--- LAN  --- switch - clients
--- OPT2 --- netgear MR314 (AP only) - wireless clients 
--- DMZ  --- switch - HTTP server


I would appreciate any insights.  Thanks,

t.