Is this possible? Captured Wi-Fi zone with some static cleared clients?



  • I don't really know how to decribe what I'm looking for in the proper firewall terminology, so I'll just tell you what I would like to do.

    I have pfs on a ESX server that bridges my internet(Red) connection with my internal (green) network.  I also have a subset of this LAN extended with some wi-fi access points and bridges.  I have everything on the same network (192.168.1.0/24).  right now, everyone connected to the network with WDS and I have one password setup for all the access points.  What I would like is to have the entire wi-fi zone setup as a captured portal, kind of like a hotel.  Users would see an open connection, but could not get access to the internet and certainly not my Green network without a password or security measure.  I would like to have a simple landing page and setup some guest accounts for users and friends that come over…but I also need some static accounts for certain devices like my Tivo, wii and my wife's system, that will always get access and could see the green network (but only select devices).  I've never tried setting something like this up and would like whatever advice you can give.  Is this possible?  I think it's a smarter way to set things up and would be much more convenient for guests.  I think it would be more secure too...but like I said, I'm new to this, so any help is appreciated.

    thanks



  • You can't do CP on a bridge by the nature of what it requires (redirecting to an IP on that subnet). I would move the wireless off onto its own subnet, either do IP or MAC passthrough for your trusted hosts, or better require VPN, and then you can force everyone else to hit the portal.



  • I think I get what you are saying here.  So i just move the wireless routers to 192.168.2.0/24 so all of the clients that connect see that subnet.  I setup the CP for that subnet only and everyone who comes in on it gets redirected to the portal….right?  But the trusted clients I can somehow have them passthrough the firewall by MAC or IP (i'd rather do mac).

    Now the hard part.  i'll bumbble around and see about setting up the passthrough thing.  As for the new subnet...do I need to change the mask for EVERYONE on the whole network to 255.255.254.0 to allow for that new range? or do I go to 255.255.0.0?  As I said earlier, I'm not a network guy...sorry for the dumb question.


Locked