Captive Portal and multiple subnets

Home Page Forums Network Management ZeroShell Captive Portal and multiple subnets

This topic contains 4 replies, has 0 voices, and was last updated by  cozzi@nd.edu 7 years, 10 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #43057

    cozzi@nd.edu
    Member

    ZeroShell release 1.0 beta 14

    I have two subnets running on this Ethernet, both connecting
    to a router that I do not have control of. 10.74.11.0 and 10.74.53.0
    I have assigned the bridge interface an address of 10.74.11.50
    and all the clients on the inside(eth0) with 10.74.11.0 subnet addresses
    bump into the captive portal and authenticate perfectly.
    When a 10.74.53.0 client starts up a browser, it goes right through the
    captive portal without authentication. I assigned another IP to the bridge
    of 10.74.53.54, same thing happens.
    Does anyone know of a way to deal with this?

    thanks for the great software and any help..

    –marc

    #51859

    imported_fulvio
    Participant

    Are you sure that all the clients have as default gateway the IP addresses of the bridge? of course the default gateway for the subnet 10.74.11.0/24 has to be 10.74.11.50 and the one for 10.74.53.0/24 has to be 10.74.53.54.

    In any case the next release of Zeroshell has support for multiple interfaces for the captive portal. So you do not need to create a bridge.

    Regards
    Fulvio

    #51860

    cozzi@nd.edu
    Member

    Thanks for the speedy reply!
    Let me try make it a bit more clear what I’m trying to do.
    My building has two subnets 10.74.11.0/24 and 10.74.53.0/24.
    They are connected to a cisco router (out of my control) 10.74.11.250 and
    10.74.53.250.
    The ZeroShell box sits between the cisco router and my network. The campus
    runs the DHCP/DNS servers (out of my control). DHCP assigns IP addresses,
    default gateway and DNS values. The defaults gateways are 10.74.11.250
    or 10.74.53.250.
    When the bridge device on the ZS box has an address of 10.74.11.50, all
    systems assigned an address of 10.74.11.x work as expected. Perfect…
    When a system with a subnet address of 10.74.53.x connects to the network,
    they just pass through the captive portal.

    Thanks again for all the help!

    #51861

    imported_fulvio
    Participant

    So you are using the captive portal in bridge mode. It is correct that you assign the 2 IP addresses to the bridge. That is a necessary condition to make iptables capturing rule to work. But I never tested the captive portal in bridge mode in the situation where there are two IP subnets on the same bridge. Let me do some tests.

    Regards
    Fulvio

    #51862

    cozzi@nd.edu
    Member

    bridge mode… corecto mundo!
    Molte grazie, ci proverò che cosa suggerire.

    –marco

    #51863

    cozzi@nd.edu
    Member

    I’ve tried assigning an IP address to the bridge interface for both
    subnets. It seems the first one entered is the address used for setting
    up and or running the ZS captive portal web server on.
    I’m assuming here that when a client in the 10.74.53.0/24 subnet tries
    to open a web page, say google.com, the packets get forwarded through
    the ZS box to the default gateway that the client has (10.74.53.250). Therefore, no
    re-direction/mangle can occur. Even if it could, the cisco router would have
    to route the packets back onto the 10.74.11.0/24 subnet so perhaps they
    would be coming in from the wrong direction for it to work.

    If the next version supports captive portal on multiple interfaces, will
    this work in bridged mode?
    Is there any way I could even get this working with two ZS boxes in
    bridge mode, each assigned a unique subnet address? I’m thinking not

    Thanks again, and regards
    –marc

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.