[ previous ] [ next ] [ threads ]
 
 From:  "Thomas Hertz" <term at cynisk dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Odd kind of setup?
 Date:  Thu, 8 Jul 2004 15:11:39 +0200
How about letting the visitors use PPTP connections? And then only letting
through traffic from authenticated PPTP clients.

// Thomas Hertz

> -----Original Message-----
> From: Mikael Bohlin [mailto:Mikael dot Bohlin at se dot flextronics dot com]
> Sent: den 8 juli 2004 14:45
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] Odd kind of setup?
> 
> 
> Good thought, and that is what I will do.
> But I also want the guest to logon from a web page, so they do not get
> full
> Internet access at one...
> So I'll use MonoWall for the Captive Portal and the logon page there...
> Or could I do that in any other way?
> 
> 
> //
> Mikael
> 
> 
> -----Original Message-----
> From: Bryan Kohlstedt [mailto:bk at aventuremail dot com]
> Sent: den 8 juli 2004 14:41
> To: m0n0wall at lists dot m0n0 dot ch; Mikael dot Bohlin at se dot flextronics dot com
> Subject: Re: [m0n0wall] Odd kind of setup?
> 
> 
> 
> Is there a reason you're not putting the visitors in a dmz? I'm doing
> something similar to you except all my visitors are going to go in the dmz
> so they have unfiltered access to the internet (wan interface) but no
> access
> to our machines on our network (lan interface).
> 
> Bryan
> ----- Original Message -----
> From: "Mikael Bohlin" <Mikael dot Bohlin at se dot flextronics dot com>
> To: m0n0wall at lists dot m0n0 dot ch
> Sent: Thursday, July 08, 2004 02:55 AM
> Subject: [m0n0wall] Odd kind of setup?
> 
>  Everyone,
> 
>  I'm about to test the Monowall in a slightly different scenario then what
> I
> guess most of you guys do.
> 
>  I am about to build a separate network for our viristors and guests. From
> this Visitor network our guests should get Internet access but no access
> to
> our company resources.
>  On this network I connect the Monowall LAN interface, enables DHCP and
> DNS
> forwarding. I will also use the Captive portal function, forcing them to
> log
> on first.
>  On my company network I connect the Monowall WAN interface.
> 
>  With this setup there pop's up a couple of questions:
> 
>   - Can I disable the Management on the LAN interface??? I do no want any
> clever visitor trying to logon to the Monowall and changing stuff.
>   - When a user logs on to the Captive portal page, it performs a HTTP
> POST
> sending the user ID and password in clear text. Any user with a network
> sniffer will easily find the others credentials... Can this be changed
> into
> a HTTPS-POST??? It would add a lot of security into it.
> 
> 
>  Thanks,
> 
>  Mikael
> 
> 
>  ____________________________________________
> 
>  Mikael Bohlin
>  IT Security Coordinator
>  Flextronics Network Services
> 
> --------------------------

> AventureHost.com - Worldwide Hosting - http://www.aventurehost.com Sent
> from
> AventureMail.com, 2GB Free Email!
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch