• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to force Captive Portal to check user subnet before authentication?

Scheduled Pinned Locked Moved Captive Portal
3 Posts 2 Posters 2.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    Richthofen
    last edited by Sep 27, 2006, 6:21 PM Sep 27, 2006, 5:35 PM

    ATTENTION | ATENCAO | ACHTUNG

    This message was posted in m0n0wall regular and dev lists too.
    So mr. admin dont get pissed of me  ;D

    ATTENTION | ATENCAO | ACHTUNG

    Hi folks!
    I´m running Captive Portal and I need a quite simple feature (not in my point of view =P ).

    How can I make CP authentication check user IP/subnet?

    Like this:
    user "dog" has an IP address from 192.168.1.0/24 subnet. That´s the only subnet he is allowed to authenticate from. If user "dog" try to authenticate in CP from other subnet than 192.168.1.0/24 then CP rejects the connection.

    Is it possible?

    Thnx in advance.

    p.s.: sorry my awful english =/

    1 Reply Last reply Reply Quote 0
    • H
      hoba
      last edited by Sep 27, 2006, 7:15 PM

      Not possible afaik as firewallrules are applied after you have authenticated only. However as you can use php code in the cp page you might do something to check the IP your client is coming from and show them a "You are not allowed to connect from this subnet" instead of the login page.

      1 Reply Last reply Reply Quote 0
      • R
        Richthofen
        last edited by Oct 4, 2006, 9:54 PM

        Hau!

        me again

        Im not a PHP programmer and following mr. hoba suggestion I found a php script which verifies username and check it with ip addr where requisition for logon came from.

        But when I try to run PHP code nothing happens, as if PHP running in PF is not understanding php code.
        Where do I find PHP logs to see if there´s an error?

        Thnx

        p.s.: php code below - please remember "IM NOT A PHP PROGRAMMER" so if it´s crap is not my fault (yet) =P

        
// checa user
function check_user() {
	//verifica se o form foi enviado
	if(isset($_POST['auth_user'])) {
		// separa a string
		$rede_user = explode('.',$_POST['auth_user']);
		// sub_rede do usuário
		echo "sub rede do usuário = ".$rede_user[1];
		// ip verdadeiro
		$ip = $_SERVER['REMOTE_ADDR']; //- DESCOMENTAR ESTA LINHA

		// pseudo ip do usuário -  
		//$ip = '192.168.11.0'; //COMENTAR ESTA LINHA

		$ip_user = explode('.',$ip);
		echo "
";
		echo "
";
		echo "Conjuntos do ip do usuário";
		echo "
";
		echo "parte 1 = ".$ip_user[0];
		echo "
";
		echo "parte 2 = ".$ip_user[1];
		echo "
";
		echo "parte 3 = ".$ip_user[2];
		echo "
";
		echo "
";

		// REDES IPS
		$rede = array();

		$rede[10][0] = 'x';

		$rede[11][0] = 'y';

		$rede[20][0] = 'k';

		$rede[21][0] = 'w';

		$rede[22][0] = 'v';

		$rede[23][0] = 'm';

		echo "
";

		// verifica se a sua rede do usuário pertence ao IP que ele está logado
		if(@in_array($rede_user[1] , $rede[$ip_user[2]])) {
			echo "O USUÁRIO PODE PASSAR 
";
			echo "A sub rede ".$rede_user[1]." pertence a rede ".$ip";
		}else {
			echo "PASSAGEM PROIBIDA 
";
			echo "A sub rede ".$rede_user[1]." NÃO pertence ao ip ".$ip";
			exit();
		}
	}
}
check_user();
?>
        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received