[ previous ] [ next ] [ threads ]
 From:  Dave Warren <maillist at devilsplayground dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] feature request: dhcp before pptp
 Date:  Mon, 02 Aug 2004 16:44:08 -0600
Chris Bagnall wrote:

>1) limits the visitor to browsing *web* sites, not generally downloading all sorts of rubbish using
<insert choice of P2P app here>
>2) prevents any virus the user may/may not have from spreading out onto the
>net, since they're limited to HTTP traffic on specific ports.
>I'd go a step further and firewall off your PC's wireless LAN link, but
>*not* firewall off your VPN tunnel. That should prevent you from being
>infected by dodgy clients on the WLAN, but still allow you to access
>whatever you need to access when logged in via PPTP.
The only thing I was planning to let my WLAN net talk to was the VPN 
server, and a captive portal page explaining why they're locked out -- 
If they login (which would need to be authenticated via RADIUS, only for 
use by visiting PCs) then I'll probably give semi-unrestricted access.

My understanding of the captive portal feature is that it reroutes HTTP 
traffic to the captive portal page and locks out everything else unless 
I white list the client or the server, is that correct?

How does DHCP work with a captive portal enabled, do I need to use 
m0n0wall's DHCP, or can I allow DHCP traffic from my own DHCP server? -- 
It shouldn't be a problem to use m0n0wall's for this one interface, but 
I can't use it globally at this point.

The early bird gets the worm, but the second mouse gets the cheese.