Frederic J. Breitwieser wrote:
>>> Note that this only works if they do http traffic first.
>>> Go to a secure website (https) first, it they will not
>>> authenticate. You might consider allowed IP addresses,
>>> and static DHCP assignments.
> For lack of a better idea, my portal.html in my m0n0wall uses an HTTP
> redirect to a server that's one IP address away, bringing the
> not-authenticated user to a "pay now" screen, and various fields to enter to
> collect dollars. Upon paying, which I can handle through my bank's API
> "kit", I need to somehow tell m0n0wall to let them through - preferably MAC
> address as that would always match the device if they get disconnected and
> immediately reconnect.
Cutting the rest... Wow! Rube Goldburg comes to mine. :) Why not just
put your payment system in "Allowed IP addresses, and a link to that
payment system on your login page? The login in page would be, "Login
Here, or pay for an account Here." At the end of buying an account, you
go back to http://gateway-address:8000 and use that new login. It then
authenticates against the radius database and works for however long you
All the parts are there, and you don't need to reinvent this mac stuff.