[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-ipfw
Subject: layer 2 captive portal questions
From: Mike Bloom <mike () databloom ! com>
Date: 2008-04-14 13:50:45
Message-ID: 48036135.1080707 () databloom ! com
[Download RAW message or body]
Hi All,
I'm replacing a commercial java sesm capture portal with location
specific vlans with ipfw and I'd like to allow a user to enter their
credentials to a webserver running on the gateway of their local vlan,
and be allowed to surf as long as their mac address and ip address stay
the same.
so far I have a working ip layer captive portal as such:
00100 228 49451 divert 8668 ip from any to any via fxp0
00100 40 6771 allow ip from 10.1.4.5 to any
00200 0 0 fwd 10.1.4.1,8080 tcp from any to any dst-port 80 in
00300 296 77558 allow ip from any to any
00400 0 0 deny ip from any to any
65535 294 25712 deny ip from any to any
fxp0 is WAN, 10.1.4.1 is the gateway ip for my vlan's subnet.
If I do a
00100 40 6771 allow ip from 10.1.4.5 to any
before the fwd statement, my user is free to browse the web without the capture \
portal.
However, what I would like to do is lock down their mac address (which I collect from \
arping their ip on the vlan interface) **and** ip.
as such:
00100 0 0 allow ip from 10.1.4.5 to any via vlan4 MAC 00:1b:63:ac:3a:84 any
00100 0 0 allow ip from 10.1.4.5 to any via vlan4 MAC any 00:1b:63:ac:3a:84
I think I'm mixing layer2 and layer 3 criteria and probably I just need to seperate \
these rules out by blocking layer2 between fxp0 and vlan4 (where the 10.1.4.x subnet \
exists) **then** allowing ip through via the previously mentioned scheme.
Any thoughts or suggestions would be greatly appreciated.
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic