[ previous ] [ next ] [ threads ]
 From:  Mikael Bohlin <Mikael dot Bohlin at se dot flextronics dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Odd kind of setup?
 Date:  Thu, 8 Jul 2004 14:44:33 +0200
Good thought, and that is what I will do.
But I also want the guest to logon from a web page, so they do not get full
Internet access at one...
So I'll use MonoWall for the Captive Portal and the logon page there...
Or could I do that in any other way?


-----Original Message-----
From: Bryan Kohlstedt [mailto:bk at aventuremail dot com] 
Sent: den 8 juli 2004 14:41
To: m0n0wall at lists dot m0n0 dot ch; Mikael dot Bohlin at se dot flextronics dot com
Subject: Re: [m0n0wall] Odd kind of setup?

Is there a reason you're not putting the visitors in a dmz? I'm doing
something similar to you except all my visitors are going to go in the dmz
so they have unfiltered access to the internet (wan interface) but no access
to our machines on our network (lan interface).

----- Original Message -----
From: "Mikael Bohlin" <Mikael dot Bohlin at se dot flextronics dot com>
To: m0n0wall at lists dot m0n0 dot ch
Sent: Thursday, July 08, 2004 02:55 AM
Subject: [m0n0wall] Odd kind of setup?

 I'm about to test the Monowall in a slightly different scenario then what I
guess most of you guys do.
 I am about to build a separate network for our viristors and guests. From
this Visitor network our guests should get Internet access but no access to
our company resources.
 On this network I connect the Monowall LAN interface, enables DHCP and DNS
forwarding. I will also use the Captive portal function, forcing them to log
on first.
 On my company network I connect the Monowall WAN interface.
 With this setup there pop's up a couple of questions:
  - Can I disable the Management on the LAN interface??? I do no want any
clever visitor trying to logon to the Monowall and changing stuff.
  - When a user logs on to the Captive portal page, it performs a HTTP POST
sending the user ID and password in clear text. Any user with a network
sniffer will easily find the others credentials... Can this be changed into
a HTTPS-POST??? It would add a lot of security into it.
 Mikael Bohlin
 IT Security Coordinator
 Flextronics Network Services

Broadband ADSL starting from £19.57pm - http://www.budgetadsl.com
AventureHost.com - Worldwide Hosting - http://www.aventurehost.com Sent from
AventureMail.com, 2GB Free Email!