[ previous ] [ next ] [ threads ]
 From:  sylikc <sylikc at gmail dot com>
 To:  Dirk Enrique Seiffert - CaribeNet <ds at caribenet dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Captive Portal (Free)Radius Client-IP-Address
 Date:  Thu, 14 Oct 2004 16:38:03 -0700

> I am new to radius, maybe this question should be on the freeradius-lilst.
> Anyhow:  My Monowall is connecting to a freeradius server on the external
> interface. When a client connects through the captive portal, my radius logs
> show as Client-IP-Address the address of the Monowall. Is there a way to
> transmit the IP of the client accessing the captive portal?

I don't think m0n0 could do packet header manipulation to show the
Client IP Address.  Your RADIUS server gets the ip address of the m0n0
through the packet header (I'm guessing), and since the packet IS from
m0n0 (m0n0 makes the authentication request on behalf of the user),
then the logs will always show m0n0's address.

The reason is because the user is talking directly to m0n0, and m0n0
talks to the RADIUS server for them.  If the user talked directly to
the RADIUS server then m0n0 would have to punch a hole for them. 
However, m0n0 wouldn't be able to figure out whether the user is
really authenticated or not unless it talked directly to the RADIUS
server ;)  Ok, I'm digressing...

Anyway, although I'm not an active developer with the project, I don't
think it's possible to have the client IP be the IP of the actual
client behind m0n0 given that the "client IP" reported in your RADIUS
logs comes from the IP header.