short dhcp lease and long captive portal timeout?

From:	"=?ISO-8859-1?Q?R=F6nnblom_Jan=E5ke_?= /Teknous" <jan dash ake dot ronnblom at skeria dot skelleftea dot se>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	short dhcp lease and long captive portal timeout?
Date:	Thu, 25 Oct 2007 13:39:32 +0200

Hi!

Let med describe a scenario and then perhaps somebody tell me if this is the
expected result?

I have a short dhcp lease time for 300 seconds and an idle timeout in the
captive portal for 900 seconds. It is possible for a client to connect, login
and then turn off the computer without logging out. Now the dhcp will expire
and a new client can get the same ip address. However this user is prohibited
to connect the captive portal until the first clients captive portal session
expires! The first clients mac address is still locked in the 20000+ firewall
rules which blockes the second client.

The "fix" would be to allow longer dhcpd lease times and/or shorter idle
timeout. However I like short lease times and longer idle timeout values...

This theory could be behind my previous problem (se the thread "critical
problem with captive portal and access in monowall") but then even when the
previous session is expired the mac address filter is not removed!

=====================================================
Janåke Rönnblom
IT avdelningen, Teknous, Skellefteå Kommun
Assistentgatan 23
931 77 Skelleftea (Sweden)
-----------------------------------------------------
Phone  : +46-910-58 54 24
Mobile : 070-397 07 43
Fax    : +46-910-58 54 99
URL    : http://skeria.skelleftea.se
-----------------------------------------------------
"Those who do not understand Unix are condemned to reinvent it, poorly." --
Henry Spencer