|
||||||||
Chris Bagnall wrote: >1) limits the visitor to browsing *web* sites, not generally downloading all sorts of rubbish using <insert choice of P2P app here> > >2) prevents any virus the user may/may not have from spreading out onto the >net, since they're limited to HTTP traffic on specific ports. > >I'd go a step further and firewall off your PC's wireless LAN link, but >*not* firewall off your VPN tunnel. That should prevent you from being >infected by dodgy clients on the WLAN, but still allow you to access >whatever you need to access when logged in via PPTP. > > The only thing I was planning to let my WLAN net talk to was the VPN server, and a captive portal page explaining why they're locked out -- If they login (which would need to be authenticated via RADIUS, only for use by visiting PCs) then I'll probably give semi-unrestricted access. My understanding of the captive portal feature is that it reroutes HTTP traffic to the captive portal page and locks out everything else unless I white list the client or the server, is that correct? How does DHCP work with a captive portal enabled, do I need to use m0n0wall's DHCP, or can I allow DHCP traffic from my own DHCP server? -- It shouldn't be a problem to use m0n0wall's for this one interface, but I can't use it globally at this point. -- The early bird gets the worm, but the second mouse gets the cheese. |