[ previous ] [ next ] [ threads ]
 
 From:  "Jonathan De Graeve" <Jonathan dot De dot Graeve at imelda dot be>
 To:  "Krzysztof Syguda" <ks at koszecin dot net dot pl>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Captive portal dont work when proxy server is conigured in web browser
 Date:  Fri, 17 Mar 2006 16:43:01 +0100 
> -----Oorspronkelijk bericht-----
> Van: Krzysztof Syguda [mailto:ks at koszecin dot net dot pl]
> Verzonden: vrijdag 17 maart 2006 11:57
> Aan: Paul Taylor
> CC: m0n0wall at lists dot m0n0 dot ch
> Onderwerp: Re: [m0n0wall] Captive portal dont work when proxy server
is
> conigured in web browser
> 
> Let me explain it more detailed
> 
> I have an internal network e.g. 10.1.1.0/24  m0n0wall has LAN
interface
> in this network with 10.1.1.2/24  IP address.
> m0n0wall has one WAN interface and one OPT (OPT1) interface with
> 10.1.4.2/24 IP address to connect DMZ.
> 
> In DMZ I have a www/ftp proxy server with IP: 10.1.4.4/24 working on
> port 8080.
> 
> 10.1.1.0/24(LAN)-----10.1.1.2(m0n0wall)10.1.4.2
> (opt1)----DMZ---10.1.4.4/24wwwProxy
> 
> User has configured web browser to connect using proxy 10.1.4.4:8080
> Firewall serve captive portal login page only when request is send to
> servers on port 80.
> 8080 (http protocol) is blocked.
> 
> Solution for this situation is to tell m0n0wall that http works on
> bought ports 80 and 8080 and if he get a request from LAN to access
> something on port 8080 he should redirect it to captive portal such as
> with normal http request

A Proxy request isn't the same as a normal http request, (somebody
correct me if I'm wrong) but normally this 'solution' shouldn't work.

Only 'solution' I can think about is setting up a proxy on the lan,
redirect every traffic to the 'internet' port 8080 on the m0n0wall to
the proxy and setup authentication on the proxy too.

> I have tried it with Linux box and it is no problem to redirect http
> request to from client to server running on 8080 port to any server
> running on port 80. I have no idea how to implement it in bsd and
> captive portal.

This won't work. The proxy will be authenticated instead of the real
client.


> Many people use proxy in their network and in this case they can not
use
> m0n0wall captive portal because it is very uncomfortable for clients
to
> switch on proxy in browser to log in and then switch on to log on.
> 
> I use www proxy server in my network to balance traffic between  two
ISP
> - it is elegant and simple solution.

I use a proxy too but AFTER the captive portal in a different segment
and fully transparent to the user.

> 
> Do somebody have some ideas how to tell m0n0wall that requests send to
> specific port (e.g. 8080) are http too and it should handle it as
> request send to 80 tcp port?
> 
> KS

If anybody has a cleaner idea to solve this problem I'm willing to
consider implementing this into m0n0wall


J.


--
Jonathan De Graeve
Network/System Engineer
Imelda vzw
Informatica Dienst
015/50.52.98
Jonathan dot de dot graeve at imelda dot be

> 
> 
> 
> 
> Paul Taylor wrote:
> 
> >The captive portal works on a MAC and IP Address level.  If you are
> running
> >the users through a proxy server, they are hitting the proxy and that
> >machine (the proxy) is performing the web surfing on their behalf.
If
> the
> >proxy is getting out, I'm assuming you've configured the captive
portal
> to
> >have a pass-through MAC or IP Address for the proxy.
> >
> >There really isn't anything to fix, as the captive portal is working
as
> >designed.
> >
> >Perhaps if you can explain the way you want things to work, someone
can
> >offer a suggestion on how to achieve that.
> >
> >Unless you are saying that people who have their web browsers
configured
> to
> >use a proxy server (at another location?) aren't hitting your captive
> portal
> >page when they come to your business, and therefore can't surf.  I
don't
> >really know of any fix for this, if that's the problem, other than
having
> >the end-user reconfigure their browser to avoid using a proxy server.
> >
> >Paul
> >
> >-----Original Message-----
> >From: Krzysztof Syguda [mailto:ks at koszecin dot net dot pl]
> >Sent: Thursday, March 16, 2006 5:26 PM
> >To: m0n0wall at lists dot m0n0 dot ch
> >Subject: [m0n0wall] Captive portal dont work when proxyserver is
> configured
> >in web browser
> >
> >I have problem with captive portal.
> >If user have configured proxy server in web browser (eg on port 8080)
he
> >is not able to authenticate with captive portal.
> >Only users without any proxy configured in web browser are able to
reach
> >captive portal page.
> >How to fix it?
> >
> >KS
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
> >
> >
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>