From owner-freebsd-questions@FreeBSD.ORG Wed Dec 3 22:25:21 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A404E1065676 for ; Wed, 3 Dec 2008 22:25:21 +0000 (UTC) (envelope-from ccowart@rescomp.berkeley.edu) Received: from hal.rescomp.berkeley.edu (hal.Rescomp.Berkeley.EDU [169.229.70.150]) by mx1.freebsd.org (Postfix) with ESMTP id 8C7918FC0A for ; Wed, 3 Dec 2008 22:25:21 +0000 (UTC) (envelope-from ccowart@rescomp.berkeley.edu) Received: by hal.rescomp.berkeley.edu (Postfix, from userid 1225) id E29603C046B; Wed, 3 Dec 2008 14:25:20 -0800 (PST) Date: Wed, 3 Dec 2008 14:25:20 -0800 From: Christopher Cowart To: Olivier Nicole Message-ID: <20081203222520.GA19693@hal.rescomp.berkeley.edu> Mail-Followup-To: Olivier Nicole , freebsd-questions@freebsd.org References: <200812030508.mB358SUx095910@banyan.cs.ait.ac.th> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-ripemd160; protocol="application/pgp-signature"; boundary="0OAP2g/MAC+5xKAE" Content-Disposition: inline In-Reply-To: <200812030508.mB358SUx095910@banyan.cs.ait.ac.th> Organization: RSSP-IT, UC Berkeley User-Agent: Mutt/1.5.16 (2007-06-09) Cc: freebsd-questions@freebsd.org Subject: Re: Firewall with bridged interfaces and captive portal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Dec 2008 22:25:21 -0000 --0OAP2g/MAC+5xKAE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Olivier Nicole wrote: > I need to implement a firewall with bridged interfaces that offers > captive portal (authentication before opening the traffic). [...] >=20 > Is there any solution that exists? >=20 > I looked at pfSense, but captive portal does not work on bridged > interfaces; it's one or the other. >=20 > Any other suggestion? Hello, We are using a combination of squid+ipfw. Although we are NATing the users, that really just introduces needless complexity that could be avoided with a bridging solution. Our web-app/captive portal/authentication program is written in-house; it's very tightly integrated with several existing pieces of infrastructure. I don't know if there are any solutions that will work out-of-the-box. I can get you more technical details if this is a direction you'd be interested in moving. --=20 Chris Cowart Network Technical Lead Network & Infrastructure Services, RSSP-IT UC Berkeley --0OAP2g/MAC+5xKAE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iQIcBAEBAwAGBQJJNwdQAAoJEIGh6j3cHUNPDqoQAJFjjQyrrCAH8McW7oRUJlI3 /fBvH+Y2uaomi8K77h7bFRISH8L3wz0H2iS/Krmett/eP81Zj5gCW3krp+XNE/Kj qK2u8d+XffYS75lcE24IF9Bo30RAeI5WuRUHM/IZifKmmXGpwsxbK494XOzdLfcD dyUWC/wCLWQstxhBS78Ddce2YFvwzWli8OQOSsNyoRJ2c/1i5vVeL5CAWMm/aPtA twSYeQ/jXBxLNpCDjJi8yqscu+5CMXILCoKHcHCS/CokOC8qpLmTS4hqOPj1tP43 4xv7J1xm2eS5PLvYzKc2IYCqlaGAPpUKIN2cMCCNRObNpFJWSFgWAea7/c9Qhoz2 U8OMfzuuPmJhY8tBH9iZcCcCSXr20Pe42/OgIjgoSJj9TAGZAdb5X+yoz+cAMtY5 4vLKsXKWJEtDgJW7II8VBF2YP9zYEXeId4S4NQ3wjKyv0AQrHOv9wdX5+Dj240LQ twlMu7p5yflghAG8ePkd7qP9MQ5curdX+aRS7CDABTz4DrS4FNZBIP7xfIShql4+ Jj3TbVecRX2BV46dTAKe+jQA1C5M3m/DQstWGUjCPQ4YZFHz7/UpLTAmZdUV5bZJ L0y8i0fMVdrhFPrZVkruE8OwrUeW5NqobJ89EjyZ8eRT+iSlAONTYBCstEHkKWQS 8/bHh7/4tbKa8ee9sh8y =f9Ec -----END PGP SIGNATURE----- --0OAP2g/MAC+5xKAE--