Chris Bagnall wrote:
>1) limits the visitor to browsing *web* sites, not generally downloading all sorts of rubbish using
<insert choice of P2P app here>
>2) prevents any virus the user may/may not have from spreading out onto the
>net, since they're limited to HTTP traffic on specific ports.
>I'd go a step further and firewall off your PC's wireless LAN link, but
>*not* firewall off your VPN tunnel. That should prevent you from being
>infected by dodgy clients on the WLAN, but still allow you to access
>whatever you need to access when logged in via PPTP.
The only thing I was planning to let my WLAN net talk to was the VPN
server, and a captive portal page explaining why they're locked out --
If they login (which would need to be authenticated via RADIUS, only for
use by visiting PCs) then I'll probably give semi-unrestricted access.
My understanding of the captive portal feature is that it reroutes HTTP
traffic to the captive portal page and locks out everything else unless
I white list the client or the server, is that correct?
How does DHCP work with a captive portal enabled, do I need to use
m0n0wall's DHCP, or can I allow DHCP traffic from my own DHCP server? --
It shouldn't be a problem to use m0n0wall's for this one interface, but
I can't use it globally at this point.
The early bird gets the worm, but the second mouse gets the cheese.