Re: [m0n0wall] Doh! Captive Portal not letting LAN talk to DMZ (OPT1) without DMZ clients "accepting" to Portal Page

From:	"Rodman Frowert" <frowertr at i dash 1 dot net>
Cc:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] Doh! Captive Portal not letting LAN talk to DMZ (OPT1) without DMZ clients "accepting" to Portal Page
Date:	Fri, 10 Sep 2004 10:31:01 -0500

Melvin wrote:

> OK.  I agree that this is an issue if the hotspot is there, but I would be 
> concerned about putting servers on that leg, essentially for the same 
> reason I wouldn't want the hotspot on the LAN.  I think the new NIC is the 
> best solution.

Agreed.  This is what I will do.  Since I will need telnet capabilities 
(among other services) to the server, there is no point opening that up to 
my wifi clients as well.

> I also see how not being able to ping things there would be an issue. 
> Perhaps rather than only blocking certainly ports, a better choice would 
> be the ability to allow specific ports/protocols, which you would define 
> as whatever your choice for diagnostics would be

Good idea!  Punching a hole through the portal for it to not listen on 
certain ports while it listens on everything else in a great idea.

Rodman