|
||||||||
Is there a reason you're not putting the visitors in a dmz? I'm doing something similar to you except all my visitors are going to go in the dmz so they have unfiltered access to the internet (wan interface) but no access to our machines on our network (lan interface). Bryan ----- Original Message ----- From: "Mikael Bohlin" <Mikael dot Bohlin at se dot flextronics dot com> To: m0n0wall at lists dot m0n0 dot ch Sent: Thursday, July 08, 2004 02:55 AM Subject: [m0n0wall] Odd kind of setup? Everyone, I'm about to test the Monowall in a slightly different scenario then what I guess most of you guys do. I am about to build a separate network for our viristors and guests. From this Visitor network our guests should get Internet access but no access to our company resources. On this network I connect the Monowall LAN interface, enables DHCP and DNS forwarding. I will also use the Captive portal function, forcing them to log on first. On my company network I connect the Monowall WAN interface. With this setup there pop's up a couple of questions: - Can I disable the Management on the LAN interface??? I do no want any clever visitor trying to logon to the Monowall and changing stuff. - When a user logs on to the Captive portal page, it performs a HTTP POST sending the user ID and password in clear text. Any user with a network sniffer will easily find the others credentials... Can this be changed into a HTTPS-POST??? It would add a lot of security into it. Thanks, Mikael ____________________________________________ Mikael Bohlin IT Security Coordinator Flextronics Network Services -------------------------- Broadband ADSL starting from £19.57pm - http://www.budgetadsl.com AventureHost.com - Worldwide Hosting - http://www.aventurehost.com Sent from AventureMail.com, 2GB Free Email! |