Re: [m0n0wall] Doh! Captive Portal not letting LAN talk to DMZ (OPT1) without DMZ clients "accepting" to Portal Page

From:	"Rodman Frowert" <frowertr at i dash 1 dot net>
Cc:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] Doh! Captive Portal not letting LAN talk to DMZ (OPT1) without DMZ clients "accepting" to Portal Page
Date:	Fri, 10 Sep 2004 10:03:36 -0500

Melvin wrote:

> As you've already pointed out you could add another NIC, but from the 
> sounds of things your concept of the DMZ doesn't really match what I would 
> expect either.  DMZ would normally indicate public servers with some 
> protection from the outside, but accessible to everyone.  Why would you 
> have the portal enabled there?  Perhaps I've just missed the point, but I 
> would expect to see it enabled on the LAN side, not the DMZ.  If you 
> wanted multiple LAN segments, then it might make sense, but then I 
> wouldn't expect to see servers in that group.
>
> -- 

The reason I have a captive portal enabled in the DMZ is because it is being 
used as a public hotspot for wi-fi internet access.  My LAN is only used for 
my employees so I have no need for a portal in there.  Obviously, I needed 
an area to put the hotspot so that it was off my LAN and the DMZ seemed to 
be like the best logical place.  I am wanting to add a few servers into the 
DMZ now (i.e. web, dns, mail, etc...).

It will probably make more sense now to add another NIC to the box setting 
up a second DMZ for the servers...