[ previous ] [ next ] [ threads ]
 
 From:  Krzysztof Syguda <ks at koszecin dot net dot pl>
 To:  Paul Taylor <PaulTaylor at winn dash dixie dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Captive portal dont work when proxy server is conigured in web browser
 Date:  Fri, 17 Mar 2006 11:57:22 +0100
Let me explain it more detailed

I have an internal network e.g. 10.1.1.0/24  m0n0wall has LAN interface 
in this network with 10.1.1.2/24  IP address.
m0n0wall has one WAN interface and one OPT (OPT1) interface with 
10.1.4.2/24 IP address to connect DMZ.

In DMZ I have a www/ftp proxy server with IP: 10.1.4.4/24 working on 
port 8080.

10.1.1.0/24(LAN)-----10.1.1.2(m0n0wall)10.1.4.2 
(opt1)----DMZ---10.1.4.4/24wwwProxy

User has configured web browser to connect using proxy 10.1.4.4:8080
Firewall serve captive portal login page only when request is send to 
servers on port 80.
8080 (http protocol) is blocked.

Solution for this situation is to tell m0n0wall that http works on 
bought ports 80 and 8080 and if he get a request from LAN to access 
something on port 8080 he should redirect it to captive portal such as 
with normal http request

I have tried it with Linux box and it is no problem to redirect http 
request to from client to server running on 8080 port to any server 
running on port 80. I have no idea how to implement it in bsd and 
captive portal.

Many people use proxy in their network and in this case they can not use 
m0n0wall captive portal because it is very uncomfortable for clients to 
switch on proxy in browser to log in and then switch on to log on.

I use www proxy server in my network to balance traffic between  two ISP 
- it is elegant and simple solution.

Do somebody have some ideas how to tell m0n0wall that requests send to 
specific port (e.g. 8080) are http too and it should handle it as 
request send to 80 tcp port?

KS




Paul Taylor wrote:

>The captive portal works on a MAC and IP Address level.  If you are running
>the users through a proxy server, they are hitting the proxy and that
>machine (the proxy) is performing the web surfing on their behalf.  If the
>proxy is getting out, I'm assuming you've configured the captive portal to
>have a pass-through MAC or IP Address for the proxy.  
>
>There really isn't anything to fix, as the captive portal is working as
>designed.  
>
>Perhaps if you can explain the way you want things to work, someone can
>offer a suggestion on how to achieve that.  
>
>Unless you are saying that people who have their web browsers configured to
>use a proxy server (at another location?) aren't hitting your captive portal
>page when they come to your business, and therefore can't surf.  I don't
>really know of any fix for this, if that's the problem, other than having
>the end-user reconfigure their browser to avoid using a proxy server.
>
>Paul
>
>-----Original Message-----
>From: Krzysztof Syguda [mailto:ks at koszecin dot net dot pl] 
>Sent: Thursday, March 16, 2006 5:26 PM
>To: m0n0wall at lists dot m0n0 dot ch
>Subject: [m0n0wall] Captive portal dont work when proxyserver is configured
>in web browser
>
>I have problem with captive portal.
>If user have configured proxy server in web browser (eg on port 8080) he 
>is not able to authenticate with captive portal.
>Only users without any proxy configured in web browser are able to reach 
>captive portal page.
>How to fix it?
>
>KS
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
>  
>