On 12/09/2004 12:55 Mitch (WebCob) said the following:
> Don't think keep alive is a good idea - you'd need one apache thread for
> every user.... the refresh to the portal keeps the portal from closing down
> access until the user either logs out or times out as defined by the captive
> portal setup - right dinesh?
maybe i'd explain how the captive portal works. manuel first wrote in
captive portal functionality, and i stepped in later with some improvements
and RADIUS support.
the captive portal initially sets up IPFW rules to divert all outgoing
connections to another instance of httpd which throws up the authentication
page. upon successful authentication, specific rules opening access are
created for the IP and MAC address of the client host and subsequent access
by this client is allowed thru without being diverted. though the IP
address is used specifically to bypass the divert, it's still tied to the
this means an IP address, once bound to a MAC address on the captive
portal, will only be allowed access if it continues to be bound to that MAC
because of the binding to MAC addresses, it would not be possible to twist
the m0n0wall around to face the WAN in a NATted environment and then to use
the captive portal functionality as a authentication service of sorts.
Regards, /\_/\ "All dogs go to heaven."
dinesh at alphaque dot com (0 0) http://www.alphaque.com/
| for a in past present future; do |
| for b in clients employers associates relatives neighbours pets; do |
| echo "The opinions here in no way reflect the opinions of my $a $b." |
| done; done |