Michal Harajda wrote:
> Mr. Dinesh,
> ok I will try this, and let u know
> Wednesday, May 19, 2004, 11:51:06 AM, you wrote:
> DN> On Wed, 19 May 2004, Michal Harajda wrote:
>>>its a problem, because clients with disabled internet access use ip
>>>addresses of not active clients with internet access. And I cannot do
> DN> one way of perhaps trying to do what you want to do is by using a
> DN> side-effect of the captive portal with the following steps:
> DN> 1. make sure the captive portal interface is not bridged
> DN> 2. turn on the captive portal on the interface
> DN> 3. when uploading a portal page, omit the accept button
> DN> 4. explicitly add the allowed mac addresses under pass-through mac
> DN> now only mac addresses with an explicit pass-through will be allowed thru,
> DN> but others will be thrown up the portal page (which may contain a warning
> DN> notice) without an accept button.
> DN> do note however that this is not a fool-proof manner because someone could
> DN> still forge a http request to m0n0wall and subvert this.
> DN> however, once i have added in radius support for the captive portal,
> DN> things _may_ (no promises) be different.
> DN> Regards, /\_/\ "All dogs go to heaven."
> DN> dinesh at alphaque dot com (0 0) http://www.alphaque.com/
> DN> +==========================----oOO--(_)--OOo----==========================+
> DN> | for a in past present future; do
> DN> | for b in clients employers associates relatives neighbours pets; do |
> DN> | echo "The opinions here in no way reflect the opinions of my $a $b." |
> DN> | done; done
> DN> +=========================================================================+
If I remember correctly (correct me if I'm wrong Dinesh?) This
approach will require the clients to initate their WAN access with a
HTTP request, which may be a problem for some users (such as if they
use a mailchecker or similar non-http util in their startup