On Wed, Nov 19, 2008 at 2:09 AM, Chris Buechler <[EMAIL PROTECTED]> wrote: > On Wed, Nov 19, 2008 at 1:58 AM, Olivier Nicole <[EMAIL PROTECTED]> wrote: >> Hi Dimitri, >> >> Thanks for the clues, i will look at what i can do with the switch. >> >>> Is there a particular reason you are trying to do a captive portal using a >>> bridge setup vs NAT? >> >> We have the right amount of public IP available (only a class C, but >> for around 150 users, that's plenty enough), so no reason to NAT. >> >> I have been running a bridged firewall (FreeBSD + ipf) for ages (since >> FreeBSD 4.0 maybe), it is working smoothly, it is invisible (obscurity >> is not security, but it contributes to security), it simplifies >> routing (one less hop) and in case of problem, it can be replaced with >> an Ethernet cable. That's among the reasons why I like bridged >> firewall. >> > > All valid, but a captive portal implementation by definition cannot be > transparent. It has to redirect hosts to an IP on one of its > interfaces to serve the portal content.
He still needs an IP on some interface for management (presumably LAN). Any chance CP could be used on that interface? It's been so long since I've looked at CP, I don't remember what we're doing under the covers to force the http traffic to the portal (just an rdr to localhost if memory serves). --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
