[ previous ] [ next ] [ threads ]
 From:  Dinesh Nair <dinesh at alphaque dot com>
 To:  Michael Mee <mm2001 at pobox dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] captive portal thru wet-11 strangeness
 Date:  Mon, 7 Jun 2004 12:56:32 +0800 (MYT)
On Sun, 6 Jun 2004, Michael Mee wrote:

> computers to a Wet-11 wireless to ethernet bridge, the captive portal blocks
> them, but also doesn't display the page. I also get the log message:
> Jun  6 10:08:24 m0n0-home /kernel: arp: moved from
> 00:90:4b:b1:58:6b to 00:06:25:12:48:47 on wi0
> where 00:90:4b:b1:8:6b is the MAC of the computer behind the Wet-11 and
> 00:06:25:12:48:47 is the Wet-11 itself. Not sure what this message means or
> why it appears...

looks like the Wet-11 is doing proxy arp for the clients behind it. since
the captive portal uses the mac address to determine if a box should be
let through or not, and at the same time checks if the mac address and the
ip address are bound, you're seeing the above behaviour. the log message
is m0n0wall telling you that it has detected that was initially
seen tied to one mac address (your client), and then changed to another
(wet-11). this is a clear indication that the wet-11 is proxy arping for
clients behind it.

could you turn of proxy arps on the wet-11 ? alternatively, you could not
use pass-through macs, but use the allowed ip outgoing instead. place in
the ip addresses of the clients who're allowed to bypass the captive
portal sign on page, and they'll go thru. allowed ips are not subject to
mac address checking/filtering on the captive portal, though the firewall
ruleset will act on them.

Regards,                           /\_/\   "All dogs go to heaven."
dinesh at alphaque dot com                (0 0)    http://www.alphaque.com/
| for a in past present future; do                                        |
|   for b in clients employers associates relatives neighbours pets; do   |
|   echo "The opinions here in no way reflect the opinions of my $a $b."  |
| done; done                                                              |