On 12/09/2004 12:55 Mitch (WebCob) said the following:
> Don't think keep alive is a good idea - you'd need one apache thread for
> every user.... the refresh to the portal keeps the portal from closing down

absolutely true.

> access until the user either logs out or times out as defined by the captive
> portal setup - right dinesh?

maybe i'd explain how the captive portal works. manuel first wrote in 
captive portal functionality, and i stepped in later with some improvements 
and RADIUS support.

the captive portal initially sets up IPFW rules to divert all outgoing 
connections to another instance of httpd which throws up the authentication 
page. upon successful authentication, specific rules opening access are 
created for the IP and MAC address of the client host and subsequent access 
by this client is allowed thru without being diverted. though the IP 
address is used specifically to bypass the divert, it's still tied to the 
MAC address.

this means an IP address, once bound to a MAC address on the captive 
portal, will only be allowed access if it continues to be bound to that MAC 
address.

because of the binding to MAC addresses, it would not be possible to twist 
the m0n0wall around to face the WAN in a NATted environment and then to use 
the captive portal functionality as a authentication service of sorts.

-- 
Regards,                           /\_/\   "All dogs go to heaven."
dinesh at alphaque dot com                (0 0)    http://www.alphaque.com/
+==========================----oOO--(_)--OOo----==========================+
| for a in past present future; do                                        |
|   for b in clients employers associates relatives neighbours pets; do   |
|   echo "The opinions here in no way reflect the opinions of my $a $b."  |
| done; done                                                              |
+=========================================================================+