Re: [pfSense Support] captive portal - Is this possible?

Mon, 14 Nov 2005 09:02:59 -0800 

If I remember how that feature works (since I enabled it - someone
else actually wrote the code I believe, I'd have to look back about 6
months in cvs history!) it is supposed to do an arp -s for each IP in
the list and then an ifconfig staticarp.  According to the FBSD man
page on ifconfig, staticarp doesn't do what I thought it did.

     staticarp
             If the Address Resolution Protocol is enabled, the host will only
             reply to requests for its addresses, and will never send any
             requests.

For some reason, this used to work as advertised I thought (at least,
that's the impression I got from the person that submitted the code
originally).  This should in a round about way only allow the firewall
to communicate with devices in it's ARP table - maybe the devices that
are communicating with it are already in it's ARP table (although it
looks like it flushes the ARP table before adding the static entries,
but after setting staticarp, so nothing new should be added.)

--Bill

On 11/14/05, Szasz Revai Endre <[EMAIL PROTECTED]> wrote:
> No, it never turns 'permanent'.
> Either way about the other unspecified entries.. shouldn't those cover
> the rest of the subnet with bogus macs? Or they aren't supposed to
> have access anyway?
>
> On 11/14/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> > On 11/14/05, Szasz Revai Endre <[EMAIL PROTECTED]> wrote:
> > > Unfortunately, that's not me :(
> > > Anyway i don't know how the configuration is supposed to work ..
> > > shouldn't the configuration be okay if the undefined clients are
> > > defined too, but with bogus mac addresses (ip adress is defined, but
> > > mac address is ff:ff:ff:ff:ff:ff for example(or random)) ?
> > >
> > > An excerpt from the arp table:
> > > hostname (192.168.22.1) at 00:03:47:e0:da:b6 on fxp0 permanent [ethernet]
> > > ^ pfsense machine
> > > ? (192.168.22.4) at 00:01:02:b3:11:1f on fxp0 [ethernet]
> > > ^ shouldn't this entry be `permanent` ?
> >
> > Yes, I would think so.   Does a reboot make it permanent?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to