Re: [m0n0wall] Doh! Captive Portal not letting LAN talk to DMZ (OPT1) without DMZ clients "accepting" to Portal Page

From:	Fred Wright <fw at well dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Doh! Captive Portal not letting LAN talk to DMZ (OPT1) without DMZ clients "accepting" to Portal Page
Date:	Sun, 12 Sep 2004 13:25:20 -0700 (PDT)

On Fri, 10 Sep 2004, Rodman Frowert wrote:

> So I have a request.  Is it possible to add an option to m0n0's captive 
> portal so that it only listen to requests on certain ports?  For example, 
> lets say I only wanted it to listen to client requests on ports 80 and 443. 
> This would mean that all other traffic from the client could pass through 
> the portal without authentication but if the client attempted to access web 
> pages, he would need to go through the portal.  I know this isn't a very 
> secure portal in this sense, but I think an option to do it this way would 
> be beneficial.  The way it is setup right now, I can't put any kind of 
> server inside the DMZ if captive portal is enabled since they have no way of 
> passing through the portal.

Aside from the general issue of "default pass" versus "default block", I
think allowing pings through the portal without authentication would be
desirable, at least by default.

					Fred Wright