Is there a reason you're not putting the visitors in a dmz? I'm doing something similar to you
except all my visitors are going to go in the dmz so they have unfiltered access to the internet
(wan interface) but no access to our machines on our network (lan interface).
----- Original Message -----
From: "Mikael Bohlin" <Mikael dot Bohlin at se dot flextronics dot com>
To: m0n0wall at lists dot m0n0 dot ch
Sent: Thursday, July 08, 2004 02:55 AM
Subject: [m0n0wall] Odd kind of setup?
I'm about to test the Monowall in a slightly different scenario then what I
guess most of you guys do.
I am about to build a separate network for our viristors and guests. From
this Visitor network our guests should get Internet access but no access to
our company resources.
On this network I connect the Monowall LAN interface, enables DHCP and DNS
forwarding. I will also use the Captive portal function, forcing them to log
On my company network I connect the Monowall WAN interface.
With this setup there pop's up a couple of questions:
- Can I disable the Management on the LAN interface??? I do no want any
clever visitor trying to logon to the Monowall and changing stuff.
- When a user logs on to the Captive portal page, it performs a HTTP POST
sending the user ID and password in clear text. Any user with a network
sniffer will easily find the others credentials... Can this be changed into
a HTTPS-POST??? It would add a lot of security into it.
IT Security Coordinator
Flextronics Network Services
AventureHost.com - Worldwide Hosting - http://www.aventurehost.com
Sent from AventureMail.com, 2GB Free Email!