From owner-freebsd-questions@FreeBSD.ORG  Wed Dec  3 05:09:19 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B6501106564A
	for <freebsd-questions@freebsd.org>;
	Wed,  3 Dec 2008 05:09:19 +0000 (UTC) (envelope-from on@cs.ait.ac.th)
Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16])
	by mx1.freebsd.org (Postfix) with ESMTP id 3986E8FC08
	for <freebsd-questions@freebsd.org>;
	Wed,  3 Dec 2008 05:09:15 +0000 (UTC) (envelope-from on@cs.ait.ac.th)
Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5])
	by mail.cs.ait.ac.th (8.13.1/8.13.1) with ESMTP id mB357B2s080628
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <freebsd-questions@freebsd.org>;
	Wed, 3 Dec 2008 12:07:11 +0700 (ICT)
	(envelope-from on@banyan.cs.ait.ac.th)
Received: (from on@localhost)
	by banyan.cs.ait.ac.th (8.14.2/8.12.11) id mB358SUx095910;
	Wed, 3 Dec 2008 12:08:28 +0700 (ICT)
Date: Wed, 3 Dec 2008 12:08:28 +0700 (ICT)
Message-Id: <200812030508.mB358SUx095910@banyan.cs.ait.ac.th>
From: Olivier Nicole <on@cs.ait.ac.th>
To: freebsd-questions@freebsd.org
X-Virus-Scanned: on CSIM by amavisd-milter (http://www.amavis.org/)
Subject: Firewall with bridged interfaces and captive portal
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Dec 2008 05:09:19 -0000

Hi,

I need to implement a firewall with bridged interfaces that offers
captive portal (authentication before opening the traffic).

I need bridged intefaces because we are a Computer Science department
and we sometime have traffic other than plain IP, need multicast,
IPv6, etc, so bridged interfaces (layer 2) is the best. So far I have
been using ipf and it has been running fine for many years.

Now the country regulation imposes that we have authentication for
every users of Internet, so I need a captive portal (redirect http
request to an authentication portal before opening the firewall).

Is there any solution that exists?

I looked at pfSense, but captive portal does not work on bridged
interfaces; it's one or the other.

Any other suggestion?

Best regards,

Olivier