[ previous ] [ next ] [ threads ]
 
 From:  "Lee Sharp" <leesharp at hal dash pc dot org>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] captive portal and wireless repeater (wds) problem
 Date:  Thu, 13 Apr 2006 09:13:04 -0500
From: "dny" <mail2dny at gmail dot com>
> On 4/8/06, Lee Sharp <leesharp at hal dash pc dot org> wrote:
>> From: "dny" <mail2dny at gmail dot com>

>> > i'm pretty sure it didnt do any natting.
>> > and these facts support my believe:
>> > - all wireless clients can ping each other, and firewall can ping to
>> > all clients, regardless which ap/repeater they connect to.
>> > - all clients can ping to firewall
>> > - all ip is in same network/subnet and retrieved by dhcp from firewall
>> > - the firewall settings already disabled from all wireless ap/repeater 
>> > gui
>> > - windows network neighbourhood can see all computers, regardless
>> > which ap/repeater they connect to.

>> > all my wireless is linksys wrt54g flashed with ddwrt firmware.

>> If you can, flash to Tofu.  It does the client connection better...  And 
>> WDS
>> may not be properly proxying your MAC address, which would cause this
>> problem.  Try setting one in client mode, and connect to the ethernet 
>> port.
>> If it works, it is a WDS thing.

> so, in my case, there's no way i can use captive portal??

Yes there is, but you may have to do some additional steps, or use some 
extra hardware.

> did you tried tofu firmware with wds? can it really works?
> i really cant try it yet, since all my wrt54g unit is in use.....

I only tried it in client mode.  It works in client mode.  I am using it 
now.

> also, another problem with captive portal.....

> it seems that captive portal lock the login with mac address.

> so, when A connect and login correctly, and then didnt logout but just
> turn off the pc.
> then B steal the A's mac address and then he can use the internet without 
> login.

This is how it works.  Authentication is based on mac.

> so, imho, it's better use other method perhaps cookies or something
> else to identify the real computer instead of using mac address.

Because no one could fake a cookie...  Nothing is perfect.  For more 
security, use VPN to access the internet...

                        Lee