On 03/16/2011 10:25 AM, rh at ffpx dot de wrote:
> thanks a lot for your tips - It works now fine! - But I am wondering,
> why all clients until now were able to connect via http and https to the
> internet only with passtrough by mac-address...?
> NOW as I put in the first IP in allowed IP-Addresses I had also to put
> other addresses to make them work again, since they were now suddenly
> blocked... - strange behaviour -...
> But as I see, security is not really easy to realize - there is a lot
> stuff to know...;-(
It has to do with the design of the captive portal. To log in, you must
open port 80 first. Not 443... And passthrough MAC really is just
logging in without needing a password. Kind of like ssh with
certificates... But allowed IP addresses bypasses the captive portal
completely. Clear as muddy water? :)