Captive Portal

Hello folks,
do anybody know a way to support client isolation at wired networks
which little bit prevents one client communicating with another client ?

thanks
greets frank
 

Static VLAN is a possibility ?
One port is connected to monowall , each other port is a different VLAN?
Has anyone tried this together with CP?

Some Switches have a function called client isolation. This function creates an extra VLAN for every port und merges them to one port. With a L3-Switch and VLANs you can do this, too.

The only way to do this is via capabilities of your switch. Communication within a network does not touch your default gateway so the firewall cannot control it.

Currently the only way to achieve this is with your switch if it supports pvlan's (private vlans). Although Nomadix has an interesting way of doing this. Their router responds and masquerades to all arp requests. So it answers as all mac addresses unless it it added to a list. This in effect causes client isolation. Pretty cool idea if you ask me.

I've been looking for a way for m0n0wall to handle client isolation.

I know the GuestGate switch creates a new VLAN for each DHCP client. Since the GuestGate has only 1 LAN port, like most m0n0wall configurations, I figured that maybe m0n0wall can be set up this way.

Does someone know if m0n0wall can dynamically create VLANs for DHCP clients while retaining the CP on all VLANs? Or, if at least client isolation this way is possible.

i did it by assigning sub net different from the Sub net of LAN
for example /24. while LAN sub net is /16
so if LAN IP address is 192.168.0.1/16
clients assigned 192.168.1.0/24 cannot communicate with clients assigned 192.168.2.0/24.
this on IP level only, and this needed to modify m0n0wall image to allow assigning special Sub net mask for Clients.

regards.
Mohammed.