Unauthenticated web server

  • Forgive me if this is a dumb question - I'm still on the foothills of the pfSense learning curve.

    For a couple of years we've been using a Shorewall-based firewall to protect a school network from the possible antics of kids on a network of 5 Raspberry Pis (with root access). The Pis are run headless, accessing them through the firewall with VNC or PuTTy from PCs on the school network. The 5 school Pis have reserved IP addresses NATted onto school network IP addresses which are used by VNC and PuTTy, but kids can bring in their own Pis which are given DHCP addresses, also NATted onto the school's subnet.

    Since you can't tell what IP address has been leased to a guest Pi, I wrote a CGI script to report DHCP leases, making them available through an unauthenticated web interface on the school network interface.

    Shorewall and the Linux underneath it need updating and enhancing with a 3rd NIC for another project so I'm considering replacing it with pfSense, as perhaps more capable and user-friendly. But it's not clear to me whether I could implement the CGI script as an unauthenticated web page on the school network interface. (And I'm assuming I can either make the pfSense admin web interface available on the WAN interface, or call the Pi network the WAN and do NAT on WAN IP addreses.) Any thoughts please?

Log in to reply