It is the captive portal that is restricting me from being able to talk to
the DMZ. If the captive portal is enabled on OPT1 and an OPT1 client has
not agreed to the portal contents page, then of course that client cannot
respond to any requests coming from either the WAN or the LAN (i.e.
pings!!). However, once the client does actually pass through the portal,
they are now subject to normal firewall rules. I can ping to my hearts
content any client in the DMZ now as long as I "agree" to the portal
I can't believe this took me 2 days of cursing and throwing stuff to figure
out. I was blaming it on everything from corrupted diskettes, to bugs in
m0n0 wall, and to ghosts and goblins.
So I have a request. Is it possible to add an option to m0n0's captive
portal so that it only listen to requests on certain ports? For example,
lets say I only wanted it to listen to client requests on ports 80 and 443.
This would mean that all other traffic from the client could pass through
the portal without authentication but if the client attempted to access web
pages, he would need to go through the portal. I know this isn't a very
secure portal in this sense, but I think an option to do it this way would
be beneficial. The way it is setup right now, I can't put any kind of
server inside the DMZ if captive portal is enabled since they have no way of
passing through the portal.
I guess I could add another NIC to the m0n0 box and make another DMZ for
servers and disable the captive portal on that interface, howerver...