[ previous ] [ next ] [ threads ]
 
 From:  "Rodman Frowert" <frowertr at i dash 1 dot net>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Doh! Captive Portal not letting LAN talk to DMZ (OPT1) without DMZ clients "accepting" to Portal Page
 Date:  Fri, 10 Sep 2004 08:21:08 -0500
Wooohooo!

It is the captive portal that is restricting me from being able to talk to 
the DMZ.  If the captive portal is enabled on OPT1 and an OPT1 client has 
not agreed to the portal contents page, then of course that client cannot 
respond to any requests coming from either the WAN or the LAN (i.e. 
pings!!).  However, once the client does actually pass through the portal, 
they are now subject to normal firewall rules.  I can ping to my hearts 
content any client in the DMZ now as long as I "agree" to the portal 
contents page.

I can't believe this took me 2 days of cursing and throwing stuff to figure 
out.  I was blaming it on everything from corrupted diskettes, to bugs in 
m0n0 wall, and to ghosts and goblins.

So I have a request.  Is it possible to add an option to m0n0's captive 
portal so that it only listen to requests on certain ports?  For example, 
lets say I only wanted it to listen to client requests on ports 80 and 443. 
This would mean that all other traffic from the client could pass through 
the portal without authentication but if the client attempted to access web 
pages, he would need to go through the portal.  I know this isn't a very 
secure portal in this sense, but I think an option to do it this way would 
be beneficial.  The way it is setup right now, I can't put any kind of 
server inside the DMZ if captive portal is enabled since they have no way of 
passing through the portal.

I guess I could add another NIC to the m0n0 box and make another DMZ for 
servers and disable the captive portal on that interface, howerver...

Rodman