|
||||||||||
Michal Harajda wrote: > Mr. Dinesh, > > ok I will try this, and let u know > > Wednesday, May 19, 2004, 11:51:06 AM, you wrote: > > > DN> On Wed, 19 May 2004, Michal Harajda wrote: > > >>>its a problem, because clients with disabled internet access use ip >>>addresses of not active clients with internet access. And I cannot do >>>anything. > > > DN> one way of perhaps trying to do what you want to do is by using a > DN> side-effect of the captive portal with the following steps: > > DN> 1. make sure the captive portal interface is not bridged > DN> 2. turn on the captive portal on the interface > DN> 3. when uploading a portal page, omit the accept button > DN> 4. explicitly add the allowed mac addresses under pass-through mac > > DN> now only mac addresses with an explicit pass-through will be allowed thru, > DN> but others will be thrown up the portal page (which may contain a warning > DN> notice) without an accept button. > > DN> do note however that this is not a fool-proof manner because someone could > DN> still forge a http request to m0n0wall and subvert this. > > DN> however, once i have added in radius support for the captive portal, > DN> things _may_ (no promises) be different. > > DN> Regards, /\_/\ "All dogs go to heaven." > DN> dinesh at alphaque dot com (0 0) http://www.alphaque.com/ > DN> +==========================----oOO--(_)--OOo----==========================+ > DN> | for a in past present future; do > DN> | for b in clients employers associates relatives neighbours pets; do | > DN> | echo "The opinions here in no way reflect the opinions of my $a $b." | > DN> | done; done > DN> +=========================================================================+ > > > If I remember correctly (correct me if I'm wrong Dinesh?) This approach will require the clients to initate their WAN access with a HTTP request, which may be a problem for some users (such as if they use a mailchecker or similar non-http util in their startup folder/script.) Adam. |