Captive Portal

I have a working captive-portal. Some Clients should be able to pass through the captive portal without authentification. When they first connect a HTTP-Connection, they are authenticated by monowall, but until that moment, if they try to connect trough other ports (e.g. printing), they are unauthenticated.

is there a way to solve this?

You are not quite clear what you are asking in your post. If they don't need to authenticate at all, add their MAC address to the "Pass-Through MAC" tab.  This will of course pass their HTTP traffic as well.  If you are asking can you just route http and other web traffic through captive portal then not really.  You can have a slight mixture of both, you can add in IP address destinations that are allowed without hitting the CP.  For instance an internal DNS, printers or mail server.  Then as soon as they try to access any other ip addresses then it will take them to the CP page.

Hope this helps.

The MAC-Adresses are on the "Pass-Trough MAC"-Tab, but the (Non-HTTP) traffic from their Computers is only passed-through after they have established a HTTP-Connection to any site. From that moment on all connections are possible and everything is fine.

anyone can help me?   

Thanks for pointing this out. Since I set up the captive portal on my home network, the Tivo lost the ability to connect, throwing vague "n13" errors, even with its MAC address on the pass-through list. Sure enough, this was the problem.

I worked around it tonight by briefly spoofing the Tivo's MAC address from a laptop and firing up a browser, but this is a hurdle for all kinds of networked devices that don't speak HTTP.

You can use Pass-thru IP addresses as well.  Assign your TiVo to a static DHCP assigned IP address and put that IP in the captive portal Pass-Thru IP list.

Do you have a router between the tivo and m0no? That would cause the MAC to not be passed to m0n0 and therefore the tivo would not be able to pass-thru.  That is why you should use IP.

Aaron

Thanks for pointing this out. Since I set up the captive portal on my home network, the Tivo lost the ability to connect, throwing vague "n13" errors, even with its MAC address on the pass-through list. Sure enough, this was the problem.

I worked around it tonight by briefly spoofing the Tivo's MAC address from a laptop and firing up a browser, but this is a hurdle for all kinds of networked devices that don't speak HTTP.

You can use Pass-thru IP addresses as well.  Assign your TiVo to a static DHCP assigned IP address and put that IP in the captive portal Pass-Thru IP list.

Do you have a router between the tivo and m0no? That would cause the MAC to not be passed to m0n0 and therefore the tivo would not be able to pass-thru.  That is why you should use IP.

Aaron

Are you certain this will work? I've had the same issue with Wii game systems in which their MAC is in the pass-through, but since they can't do HTTP first, they never connect to the game services. I never thought about trying this, but it's worth a try on my laptop at least. I'll report back if it works.

You can use Pass-thru IP addresses as well.  Assign your TiVo to a static DHCP assigned IP address and put that IP in the captive portal Pass-Thru IP list.

Do you have a router between the tivo and m0no? That would cause the MAC to not be passed to m0n0 and therefore the tivo would not be able to pass-thru.  That is why you should use IP.

Aaron

Are you certain this will work? I've had the same issue with Wii game systems in which their MAC is in the pass-through, but since they can't do HTTP first, they never connect to the game services. I never thought about trying this, but it's worth a try on my laptop at least. I'll report back if it works.

I just test this on 1.233 it will not work with a static IP and pass-through MAC. You still have to do some kind of http traffic before you can get "authenticated" for a connection.

Hi,

I was wondering if anyone had come up with a solution to this, or if it is something that looks like it might be changed in a future version. I'm running the 1.3b11 version, and it behaves the same. This is causing a bit of a problem for me. I've been so impressed by all monowall can do so far, but this could be a big issue in me using it, due to the devices that need to be used on the network. Even a workaround would be good.

Hope someone can help.

Johnny