Captive Portal ONLY for some?
Is it possible to configure one Untangle Box with captive portal to capture HTTP traffic for selected clients only, while other clients continue to surf normally without going through CP? Thanks.
you can specify who to capture by IP in the settings.
Is there a feature request to enable the use of MAC addresses as well as IP addresses for this?
CrZy_T,
It is by IP.
But if you use UT as DHCP you can create static addresses by MAC and then controle the access.
(You can do this with a external DHCP as well.)
We're using external DHCP and with other CPS solutions you're usally able to exclude hosts by MAC addresses. By using IP people could easily bypass the CPS by setting the static IP of a machine that is excluded (Yes, I know you can fake your MAC address but that usually demands a bit more of the user). Another point is when using external DHCP you need to both add a reservation on the DHCP server and add an exclusion on Untangle.
If DHCP is on Untangle or not, the reservation step vs the exclusion step is exactly the same process.
Untangle does everything via IP. We've had others ask for mac level control in the past. And while I somewhat agree with you, it's just as trivial to change a mac. In windows it's open device manager, and fill in a field. In linux it's an ifconfig line.
Rob Sandling, BS:SWE, MCP
Intouch Technology
Phone: 480-272-9889
rob@intouchtechllc.com
UntangleAppliances.com
Phone: 866-794-8879
I disagree. A reservation is twice the work. You first need to add the reservation on the DHCP server (type the MAC address) and then add the IP address to Untangle, where you would only need to type in the MAC address in Untangle if you could exclude that.Originally Posted by sky-knight
Another plausible scenario would be if your company standardized on i.e. iPhone4 phones, and you wanted to allow all iPhones access to AppStore/Gmail sync etc without 1; making DHCP reservations for all employee iPhones or 2; finding all ip addresses that Google and Apple use and add them to "Pass listed server addresses". With MAC exclusions you would just need the OUI/Vendor code of the MAC address with and asterisk.
seems to me that DHCP reservations are a lot easier because they are implemented but MAC addresses pass lists aren't.
Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
If you need Untangle support please call or email support@untangle.com
Right, DHCP reservations are self documenting. I'd rather manage 1000 reservations than a 10 mac address ACL.
As for your scenario, just put the iPhones through the portal and make the user login. Then you're directing based on user name.
Rob Sandling, BS:SWE, MCP
Intouch Technology
Phone: 480-272-9889
rob@intouchtechllc.com
UntangleAppliances.com
Phone: 866-794-8879
D'oh. Of course it's easier to do something that's already implemented than trying to do something that isn't. I thought that most products evolve based on customer needs and feedback, not only the developers opinion on what is the best practice.
I disagree. managing 1000 reservation with people normaly changing cellphones every two years equals two reservation updates every day, as OUI/Vendor code exclusions would be once every couple of months when they move on to a new series.
Making the user log on to the captive portal is a hazzle when the phones automaticly connect to open WLANs and their phones are set to sync e-mail. Most people don't start their browser every day when they come to work to log on, they only except their calender and mail to automaticly sync. Of course one could just use WAP/GPRS/3G, but why waste money when you got a working wifi and an already paid internet connection.
Posting Permissions
LinkBack URL
About LinkBacks