[Dnsmasq-discuss] DHCP for captive portal
rune.kock at gmail.com
Sun Nov 2 19:16:25 GMT 2008
On Sun, Nov 2, 2008 at 04:56, Peter <webwiz at pl.net> wrote:
> Rainy Sunday etc, thought id take a look at moving my captive portal code to
> - firewall, captiveportal, dnsmasq all run on the one gateway box
> - serving about 30-80 lan clients currently on static ip addresses for
> historical reasons
> - portal only allows registered users to access the internet
> - users traffic is accounted using netfilter counters
> - give captive portal registered users a quasi fixed ip per mac address for
> simple ip based firewalling
Firewall based on IP is worthless if your clients change their address
manually, but I guess you know that.
> - give un-registered machines a temporary IP and short lease so that they
> can register and get a proper ip issued as above.
> - less manual user NIC config with dhcp cf. static lan clients
> - dnsmasq host list dynamically updated by captive portal
> - 192.168.0.x ranges:
> 1 - 4 servers
> 5- 169 users
> 170-199 temp users
I would probably allow more address for temp users, so that they can
be likely to get the same address every time they connect -- thus make
it simpler for you to analyze log files.
> Prposed config:-
> So reading the man and the archives a bit ive got, so far:
> #no-dhcp-interface=eth0 #=LAN
> dhcp-range=192.168.0.170,192.168.0.199,2m #=temp range
> dhcp-option=eth0,26,1492 #=pppoe
I suggest to make dnsmasq authoritative.
> dhcp-host=00:1c:c0:6f:f3:xx, 192.168.0.5, 12h
> dhcp-host=00:0e:a6:3e:1c:xx, 192.168.0.10, 12h
> Does that look ok? What will happen if a user runs another dhcp server?
> (probably a consumer wlan access point or similar).
> Any way to make this dnsmasq king?
No, but read all the advice that I got when I asked this list a
similar question some weeks ago.
More information about the Dnsmasq-discuss