Re: [m0n0wall] Doh! Captive Portal not letting LAN talk to DMZ (OPT1) without DMZ clients "accepting" to Portal Page

From:	Dinesh Nair <dinesh at alphaque dot com>
To:	Rodman Frowert <frowertr at i dash 1 dot net>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Doh! Captive Portal not letting LAN talk to DMZ (OPT1) without DMZ clients "accepting" to Portal Page
Date:	Sun, 12 Sep 2004 15:54:33 +0800

On 10/09/2004 23:31 Rodman Frowert said the following:
> 
> Melvin wrote:
>> I also see how not being able to ping things there would be an issue. 
>> Perhaps rather than only blocking certainly ports, a better choice 
>> would be the ability to allow specific ports/protocols, which you 
>> would define as whatever your choice for diagnostics would be
> 
> Good idea!  Punching a hole through the portal for it to not listen on 
> certain ports while it listens on everything else in a great idea.

ideally, the captive portal blocks all access until the ToS/RADIUS is 
agreed to. one can use the Allowed IP and Passthru MACs databases to allow 
connections to/from specific IP addies or from specific MAC addresses 
without going thru ToS/RADIUS.

to attempt to do this just based on protocols/port numbers would be 
possible, but somehow it defeats the purpose of a captive portal.

-- 
Regards,                           /\_/\   "All dogs go to heaven."
dinesh at alphaque dot com                (0 0)    http://www.alphaque.com/
+==========================----oOO--(_)--OOo----==========================+
| for a in past present future; do                                        |
|   for b in clients employers associates relatives neighbours pets; do   |
|   echo "The opinions here in no way reflect the opinions of my $a $b."  |
| done; done                                                              |
+=========================================================================+