[ previous ] [ next ] [ threads ]
 
 From:  "Mitch \(WebCob\)" <mitch at webcob dot com>
 To:  "sylikc" <sylikc at gmail dot com>, "Andrew Frazer" <andrew dot frazer at sententia dot co dot nz>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Captive Portal for networks that are routed to...
 Date:  Fri, 8 Oct 2004 23:27:01 -0700
> If you are running a routed network behind m0n0, then all m0n0 sees is
> the IP of the interface of the router connected to m0n0.  That's 1 IP
> and 1 MAC.  I am guessing if you authenticated one host behind it,
> then the entire network would be permitted by m0n0, because of this
> IP<-->MAC association by m0n0.  There's been talk of modifying the
> captive portal and not depending on the MAC or whatnot, but that sort
> of defeats the purpose of the captive portal ;)
>

Not quite true...

The mono see's ALL the IP's, but only one MAC... this gets back to the case
surrounding the posting you are quoting - my desire to use the gateway as a
password protected firewall to allow users IN to a network.

The problem iirc is that in this case, the code would have to be changed to
ignore the MAC - I think Dinesh was going to look at this at some point...

m/