In my case this is roughly what I have..
The internet is reachable from hosts on network X, and Y via Mono. The
internet is also reacheable from a host on the LAN side of the Mono. However
only the hosts on the LAN side, are redirected to the captive portal. Hosts
of network X, and Network Y are allowed straight through. So as a 'router'
Monowall works fine. The only problem is for some reason mono does'nt seem
to want to force the other users through the captive portal.
In this case I am not running any NAT, on either of Router X, or Y, or on
Mono.. Just plain old boring straight routing. In Sylikc's post from below,
I imagine he is referring to where the router is doing NAT/PAT for all the
hosts below it. In that case, his comments would be correct. I have in fact
( by accident ), have tried that scenario, and the results suggested below
are what I observed.
From: Mitch (WebCob) [mailto:mitch at webcob dot com]
Sent: Saturday, October 09, 2004 7:27 PM
To: sylikc; Andrew Frazer
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Captive Portal for networks that are routed to...
> If you are running a routed network behind m0n0, then all m0n0 sees is
> the IP of the interface of the router connected to m0n0. That's 1 IP
> and 1 MAC. I am guessing if you authenticated one host behind it,
> then the entire network would be permitted by m0n0, because of this
> IP<-->MAC association by m0n0. There's been talk of modifying the
> captive portal and not depending on the MAC or whatnot, but that sort
> of defeats the purpose of the captive portal ;)
Not quite true...
The mono see's ALL the IP's, but only one MAC... this gets back to the case
surrounding the posting you are quoting - my desire to use the gateway as a
password protected firewall to allow users IN to a network.
The problem iirc is that in this case, the code would have to be changed to
ignore the MAC - I think Dinesh was going to look at this at some point...