Sorry, I mis-inturpreted what I saw.. In fact what happens is, traffic from
the 'routed' networks, does'nt make it through. They get an incomplete web
page. I am told on good authourity that this is because the Portal uses the
MAC address in the code.
>Gave it a try, and what happens is not that hosts on routed networks are
>simply allowed to pass through the portal, but instead they just get an
>empty/truncated page all the time. This is because the captive portal
>script bails out if it's unable to find the MAC address that corresponds to
>the client's IP address. The MAC address is used in various places in the
>code to serve as a unique client identifier. Obviously in a routed network
>it's not possible to get the client's MAC.
This may not be the end of the story ( it may be possible to modify the code
), but right now, this is the case.
From: sylikc [mailto:sylikc at gmail dot com]
Sent: Sunday, October 10, 2004 11:46 PM
To: Andrew Frazer
Cc: Mitch (WebCob); m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Captive Portal for networks that are routed to...
> In this case I am not running any NAT, on either of Router X, or Y, or on
> Mono.. Just plain old boring straight routing. In Sylikc's post from
> I imagine he is referring to where the router is doing NAT/PAT for all the
> hosts below it. In that case, his comments would be correct. I have in
> ( by accident ), have tried that scenario, and the results suggested below
> are what I observed.
Well, right, I was thinking in NAT. But as Mitch pointed out, even
without NAT, there would be many IPs and 1 MAC. It's because of the
Layer3 routing that would obscure the the real MAC addresses of your
hosts from m0n0. I wouldn't know why m0n0 would just bypass the hosts
on the other networks though (I don't have that many routers to play