Captive Portal MAC Pass-Through + Radius Reauthentication

From:	Peter Allgeyer <allgeyer at web dot de>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Captive Portal MAC Pass-Through + Radius Reauthentication
Date:	Tue, 22 Apr 2008 21:17:57 +0200

Hi,

we have configured the captive portal to authenticate users against a
Radius server with reauthentication every minute. When using the MAC
Pass-Through feature, we have problems reaching hosts on the WAN side on
other ports then port 80. The log says, that the connections passes the
filter, but tcpdump tells me that the packet never reaches the next hop
router.

I've found some messages in the captive portal log, which make me
believe, that it has something to do with radius reauthentication:

Apr 22 18:18:20 RADIUS_DISCONNECT: unauthenticated, 00:02:a5:fa:b9:35,
192.168.1.198 
Apr 22 18:16:14 RADIUS_DISCONNECT: unauthenticated, 00:02:a5:fa:b9:35,
192.168.1.198 
Apr 22 18:07:06 RADIUS_DISCONNECT: unauthenticated, 00:08:02:0b:84:c2,
192.168.1.151 
Apr 22 18:06:01 RADIUS_DISCONNECT: unauthenticated, 00:08:02:0b:84:c2,
192.168.1.151 
Apr 22 18:04:55 RADIUS_DISCONNECT: unauthenticated, 00:08:02:0b:84:c2,
192.168.1.151 
Apr 22 18:03:50 RADIUS_DISCONNECT: unauthenticated, 00:08:02:0b:84:c2,
192.168.1.151

Can we please exclude the Pass-Through mac addresses from radius
reauthentication?

Regards,
 PIT


---------------------------------------------------------------------------
 copyleft(c) by |   _-_     #define SIGILL 6 /* blech */   -- Larry Wall
 Peter Allgeyer | 0(o_o)0   in perl.c from the perl source code
---------------oOO--(_)--OOo-----------------------------------------------