|
||||||||
Wooohooo! It is the captive portal that is restricting me from being able to talk to the DMZ. If the captive portal is enabled on OPT1 and an OPT1 client has not agreed to the portal contents page, then of course that client cannot respond to any requests coming from either the WAN or the LAN (i.e. pings!!). However, once the client does actually pass through the portal, they are now subject to normal firewall rules. I can ping to my hearts content any client in the DMZ now as long as I "agree" to the portal contents page. I can't believe this took me 2 days of cursing and throwing stuff to figure out. I was blaming it on everything from corrupted diskettes, to bugs in m0n0 wall, and to ghosts and goblins. So I have a request. Is it possible to add an option to m0n0's captive portal so that it only listen to requests on certain ports? For example, lets say I only wanted it to listen to client requests on ports 80 and 443. This would mean that all other traffic from the client could pass through the portal without authentication but if the client attempted to access web pages, he would need to go through the portal. I know this isn't a very secure portal in this sense, but I think an option to do it this way would be beneficial. The way it is setup right now, I can't put any kind of server inside the DMZ if captive portal is enabled since they have no way of passing through the portal. I guess I could add another NIC to the m0n0 box and make another DMZ for servers and disable the captive portal on that interface, howerver... Rodman |