Re: [m0n0wall] captive portal and unlimited interface access

From:	"Tarun Kundhi" <tkundhi at inebraska dot com>
To:	"Chris Buechler" <cbuechler at gmail dot com>, "m0n0wall list" <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] captive portal and unlimited interface access
Date:	Fri, 28 Oct 2005 09:36:17 -0500

Thanks that makes sense. Any suggestions or guidance on preventing webGUI 
access? I see it in the Advanced setting (I know they are unsupported) but I 
can't seem to get filter rules in place that allow traffic to pass through 
the interface but prevent the webGUI from displaying. I end up either 
blocking all HTTP traffic or allowing it.

Personally I don't like the fact that a unathenticated user can easily get 
to the webGUI. If I can figure this out I'd be glad to attempt some 
documentation for basic captive portal setup.

t.

----- Original Message ----- 
From: "Chris Buechler" <cbuechler at gmail dot com>
Cc: "m0n0wall list" <m0n0wall at lists dot m0n0 dot ch>
Sent: Thursday, October 27, 2005 2:34 PM
Subject: Re: [m0n0wall] captive portal and unlimited interface access

On 10/27/05, Tarun Kundhi <tkundhi at inebraska dot com> wrote:
> I've been playing around with captive portal recently and have experienced 
> something that I don't quite understand. Does captive portal only come 
> into play when traffic goes from one interface to another? For example LAN 
> to WAN or LAN to DMZ or DMZ to WAN, etc... I'm able to access devices and 
> services on same interface without needing athenticating. Is that correct?
>

Yes, traffic between machines on the same interface never involves
your router or firewall (in this case m0n0wall), so it can't do
anything about that traffic.

-Chris

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch