[ previous ] [ next ] [ threads ]
 
 From:  Andrew Frazer <andrew dot frazer at sententia dot co dot nz>
 To:  'sylikc' <sylikc at gmail dot com>
 Cc:  "'Mitch (WebCob)'" <mitch at webcob dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Captive Portal for networks that are routed to...
 Date:  Mon, 11 Oct 2004 00:17:05 +1300
Sorry, I mis-inturpreted what I saw..  In fact what happens is, traffic from
the 'routed' networks, does'nt make it through. They get an incomplete web
page. I am told on good authourity that this is because the Portal uses the
MAC address in the code.

>Gave it a try, and what happens is not that hosts on routed networks are
>simply allowed to pass through the portal, but instead they just get an
>empty/truncated page all the time. This is because the captive portal
>script bails out if it's unable to find the MAC address that corresponds to
>the client's IP address. The MAC address is used in various places in the
>code to serve as a unique client identifier. Obviously in a routed network
>it's not possible to get the client's MAC.

This may not be the end of the story ( it may be possible to modify the code
), but right now, this is the case.




-----Original Message-----
From: sylikc [mailto:sylikc at gmail dot com] 
Sent: Sunday, October 10, 2004 11:46 PM
To: Andrew Frazer
Cc: Mitch (WebCob); m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Captive Portal for networks that are routed to...

Andrew,


> In this case I am not running any NAT, on either of Router X, or Y, or on
> Mono.. Just plain old boring straight routing.  In Sylikc's post from
below,
> I imagine he is referring to where the router is doing NAT/PAT for all the
> hosts below it.  In that case, his comments would be correct. I have in
fact
> ( by accident ), have tried that scenario, and the results suggested below
> are what I observed.

Well, right, I was thinking in NAT.  But as Mitch pointed out, even
without NAT, there would be many IPs and 1 MAC.  It's because of the
Layer3 routing that would obscure the the real MAC addresses of your
hosts from m0n0.  I wouldn't know why m0n0 would just bypass the hosts
on the other networks though (I don't have that many routers to play
with).


/sylikc