• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Client managed to access internet wtihout passing through cp, how that possible?

Scheduled Pinned Locked Moved Captive Portal
5 Posts 3 Posters 2.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • H
    hadi57
    last edited by Mar 31, 2007, 1:52 PM

    hi

    i was surprised to see a client working with 2 pc's, one laptop accessing the internet authenticating with cp, and the other desktop using the internet without cp.  the client have the following setup:

    my cable going out of ps box –-> switch --> to his appartment ---> linksys ap wan port ---> 1) desktop lan, 2) laptop wlan.

    i checked the ap setup it was using dhcp, so the desktop getting 192.168.1.2 as ip, and 192.168.1.1 as gw, and 192.163.1.254 as dns (my ps box lan ip) while the laptop using the ip issued by ps box and authenticating nicely to cp.

    my setup: us robotics dsl router ip: 192.168.1.1 and my ps box is 192.168.1.2 on the wan side.

    how to deal with such case?

    hadi57

    1 Reply Last reply Reply Quote 0
    • H
      hoba
      last edited by Mar 31, 2007, 2:15 PM

      You can't deal with that. He will be seen at the pfSense coming from the same IP with the same macadress (the one of his router) so there is no way to see that this are 2 different hosts. It's the same situation with everybodys homenetwork. The ISP can't see if the customer runs only 1 client or a complete network behind his public IP. That's the way NAT works.

      1 Reply Last reply Reply Quote 0
      • H
        hchady
        last edited by Mar 31, 2007, 2:38 PM

        there is another way to access internet without authentication through CP if you run Squid

        if you put in your internet explorer settings the adress of the proxy with the port you access to the internet directly…
        it is a known behavior I think

        Chady

        1 Reply Last reply Reply Quote 0
        • H
          hoba
          last edited by Mar 31, 2007, 2:57 PM

          The CP authenticates an IP/MAC combination so if both do not change for different hosts as they are natted or use a proxy (in front of the CP) there is no way to detect different hosts. There has been a similiar discussion at the m0n0 list earlier where broken AP firmware showed it's own MAC instead of clients MACs.

          1 Reply Last reply Reply Quote 0
          • H
            hadi57
            last edited by Mar 31, 2007, 3:24 PM Mar 31, 2007, 3:03 PM

            hi

            thanks for the quick reply, i am thinking of:

            1. using ignore unknown clients in dhcp
            2. change the ip of my dsl router

            i think his desktop is going directly to my dsl router since it has the same ip of his ap gateway, that's why the desktop surf much slower than the laptop which is ps box as gateway unlike the desktop using the ap as gateway . so may be changing my dsl router's ip helps, ill try that one

            and btw ya chady i am running squid in transparent mode, i try what u said, i think it doesn't work.

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received