captive portal allows anyone in without redirecting to login page

From:	"Darren Cockburn" <DCockburn at cigionline dot org>
To:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	captive portal allows anyone in without redirecting to login page
Date:	Fri, 13 Oct 2006 14:17:55 -0400

Hi All,

I have a peculiar issue:
I have been using this wonderful tool for about a year
4 months ago I set-up Captive Portal with a wireless access point and it
worked as it should

... but NOW ... Captive Portal allows anyone in without redirecting to
login page.

What might have caused it:
The only change I have made is to customize the html on the login page.
I did make a mistake - I accidentally uploaded it as a php page -
noticing the mistake I renamed it .html and re-uploaded it.

How I noticed it:
Today I fired up a newly purchased laptop and did not get redirected to
the log-in page - but I can surf.

A few details:
- the lighttpd service is running (I restarted it)
- captive portal activity is empty (showing no activity - I currently
have 30 "MAC Address allowed" computers currently using the connection -
I see them in my arp table)
- as a test, if I block port 80 on the IF - when I do that, no-one can
surf wirelessly (so I know that Captive portal is working the correct
Interface and I am focusing on the correct one)

My first priority is to secure it.

So, here are my questions:

1) Could someone please send me the rules they use for their captive
portal interface?
2) Does anyone have an opinion as to why it would no-longer redirect?

Thanks,

Darren