July 5, 2011 at 7:48 pm #43057
ZeroShell release 1.0 beta 14
I have two subnets running on this Ethernet, both connecting
to a router that I do not have control of. 10.74.11.0 and 10.74.53.0
I have assigned the bridge interface an address of 10.74.11.50
and all the clients on the inside(eth0) with 10.74.11.0 subnet addresses
bump into the captive portal and authenticate perfectly.
When a 10.74.53.0 client starts up a browser, it goes right through the
captive portal without authentication. I assigned another IP to the bridge
of 10.74.53.54, same thing happens.
Does anyone know of a way to deal with this?
thanks for the great software and any help..
–marcJuly 6, 2011 at 3:56 pm #51859
Are you sure that all the clients have as default gateway the IP addresses of the bridge? of course the default gateway for the subnet 10.74.11.0/24 has to be 10.74.11.50 and the one for 10.74.53.0/24 has to be 10.74.53.54.
In any case the next release of Zeroshell has support for multiple interfaces for the captive portal. So you do not need to create a bridge.
FulvioJuly 6, 2011 at 6:08 pm #51860
Thanks for the speedy reply!
Let me try make it a bit more clear what I’m trying to do.
My building has two subnets 10.74.11.0/24 and 10.74.53.0/24.
They are connected to a cisco router (out of my control) 10.74.11.250 and
The ZeroShell box sits between the cisco router and my network. The campus
runs the DHCP/DNS servers (out of my control). DHCP assigns IP addresses,
default gateway and DNS values. The defaults gateways are 10.74.11.250
When the bridge device on the ZS box has an address of 10.74.11.50, all
systems assigned an address of 10.74.11.x work as expected. Perfect…
When a system with a subnet address of 10.74.53.x connects to the network,
they just pass through the captive portal.
Thanks again for all the help!July 6, 2011 at 8:18 pm #51861
So you are using the captive portal in bridge mode. It is correct that you assign the 2 IP addresses to the bridge. That is a necessary condition to make iptables capturing rule to work. But I never tested the captive portal in bridge mode in the situation where there are two IP subnets on the same bridge. Let me do some tests.
FulvioJuly 7, 2011 at 1:06 am #51862
bridge mode… corecto mundo!
Molte grazie, ci proverò che cosa suggerire.
–marcoJuly 13, 2011 at 6:45 pm #51863
I’ve tried assigning an IP address to the bridge interface for both
subnets. It seems the first one entered is the address used for setting
up and or running the ZS captive portal web server on.
I’m assuming here that when a client in the 10.74.53.0/24 subnet tries
to open a web page, say google.com, the packets get forwarded through
the ZS box to the default gateway that the client has (10.74.53.250). Therefore, no
re-direction/mangle can occur. Even if it could, the cisco router would have
to route the packets back onto the 10.74.11.0/24 subnet so perhaps they
would be coming in from the wrong direction for it to work.
If the next version supports captive portal on multiple interfaces, will
this work in bridged mode?
Is there any way I could even get this working with two ZS boxes in
bridge mode, each assigned a unique subnet address? I’m thinking not
Thanks again, and regards
You must be logged in to reply to this topic.