The HP implementation on the procurve line places you on a temp vlan until you authenticate. Once you do, your port membership changes.
Besides that, if you want to make use of the public IPs, why not set up 1:1 NAT mappings for all of your public IPs and then just set your DHCP pool on your LAN interface to use the corresponding private IPs? That way, you can "use" all your public IPs, and each client will have one-- I've never used 1:1 in conjunction with captive portal, though, so what I just said may or may not work. Dimitri Rodis Integrita Systems LLC -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Buechler Sent: Wednesday, November 19, 2008 12:10 AM To: [email protected] Subject: Re: [pfSense Support] Bridge + Captive Portal On Wed, Nov 19, 2008 at 1:58 AM, Olivier Nicole <[EMAIL PROTECTED]> wrote: > Hi Dimitri, > > Thanks for the clues, i will look at what i can do with the switch. > >> Is there a particular reason you are trying to do a captive portal using a >> bridge setup vs NAT? > > We have the right amount of public IP available (only a class C, but > for around 150 users, that's plenty enough), so no reason to NAT. > > I have been running a bridged firewall (FreeBSD + ipf) for ages (since > FreeBSD 4.0 maybe), it is working smoothly, it is invisible (obscurity > is not security, but it contributes to security), it simplifies > routing (one less hop) and in case of problem, it can be replaced with > an Ethernet cable. That's among the reasons why I like bridged > firewall. > All valid, but a captive portal implementation by definition cannot be transparent. It has to redirect hosts to an IP on one of its interfaces to serve the portal content. I'd just use a /30 on the WAN, and your public IP block on the LAN, disable NAT, enable captive portal, and you're set. You can still have the "remove the firewall" option by adding your LAN IP on the upstream router if necessary, and removing the firewall. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
smime.p7s
Description: S/MIME cryptographic signature
