|
||||||||||
Andrew, > I might be doing something wrong. I have only been able to get the captive > portal working for hosts that are directly attached to the LAN interface. > I have a couple of routed networks behind mono, that I have routes for.. but > the portal does'nt seem to get them.. > > AM I doing something wrong, or is this the way it works. I think on one of the other threads, there was mention of how the captive portal works. Here's an excerpt from Dinesh who wrote the captive portal: > maybe i'd explain how the captive portal works. manuel first wrote in > captive portal functionality, and i stepped in later with some improvements > and RADIUS support. > > the captive portal initially sets up IPFW rules to divert all outgoing > connections to another instance of httpd which throws up the authentication > page. upon successful authentication, specific rules opening access are > created for the IP and MAC address of the client host and subsequent access > by this client is allowed thru without being diverted. though the IP > address is used specifically to bypass the divert, it's still tied to the > MAC address. > > this means an IP address, once bound to a MAC address on the captive > portal, will only be allowed access if it continues to be bound to that MAC > address. If you are running a routed network behind m0n0, then all m0n0 sees is the IP of the interface of the router connected to m0n0. That's 1 IP and 1 MAC. I am guessing if you authenticated one host behind it, then the entire network would be permitted by m0n0, because of this IP<-->MAC association by m0n0. There's been talk of modifying the captive portal and not depending on the MAC or whatnot, but that sort of defeats the purpose of the captive portal ;) /sylikc |