List Info

Thread: authpf.
authpf.
user name
 2006-05-26 14:52:33 
I am using authpf for my wifi-network. But I want to
redirect all of the 
http-traffic to a webserver to show a "error
message" when not 
authenticated via authpf. But how to "remove"
this rule when I 
authenticate? As far as I know authpf just adds rules to the
ruleset.
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
authpf.
user name
 2006-05-26 15:40:12 
On Fri, May 26, 2006 at 04:52:33PM +0200, Peter Ankerstål
wrote:

> I am using authpf for my wifi-network. But I want to
redirect all of the 
> http-traffic to a webserver to show a "error
message" when not 
> authenticated via authpf. But how to
"remove" this rule when I 
> authenticate? As far as I know authpf just adds rules
to the ruleset.

Ah, sometimes more is less 

Assume you have a generic redirection like

  rdr on $int_if proto tcp to port 80 -> 127.0.0.1 8088

where 127.0.0.1:8088 is the web server with the error page,
you can get
a particular client not redirected by adding a rule in front
of it, like

  no rdr on $int_if proto tcp from 10.1.2.3 to port 80

It has to be added in front because the first matching
translation rule
wins (unlike filter rules). I.e. place the rdr-anchor before
the generic
redirect, and add a 'no rdr' with authpf.

Daniel
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
authpf.
user name
 2006-05-26 17:41:52 
Authpf puts authenticated users in a table.  You can then
handle all of that
traffic to your liking.  TYou can have a rule which
redirects only certain
HTTP connections to your web server.

rdr pass on $wi_if inet proto tcp from !
<authpf_users> to any port www ->
($wi_if)

That should get you started.  Keep in mind your wireless
clients might not
be able to resolve the addresses of any of those in the
first place.  If
they can't resolve the names to addresses, they'll just
fail without being
redirected to your web server.

Kian

On 5/26/06, Peter Ankerstål <peterpean.org> wrote:
>
> I am using authpf for my wifi-network. But I want to
redirect all of the
> http-traffic to a webserver to show a "error
message" when not
> authenticated via authpf. But how to
"remove" this rule when I
> authenticate? As far as I know authpf just adds rules
to the ruleset.
> _______________________________________________
> freebsd-pffreebsd.org mailing list
> 
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
>
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
authpf.
user name
 2006-05-26 18:23:46 
Kian Mohageri wrote:

> Authpf puts authenticated users in a table.  You can
then handle all 
> of that traffic to your liking.  TYou can have a rule
which redirects 
> only certain HTTP connections to your web server. 
>
> rdr pass on $wi_if inet proto tcp from !
<authpf_users> to any port 
> www -> ($wi_if)
>
> That should get you started.  Keep in mind your
wireless clients might 
> not be able to resolve the addresses of any of those in
the first 
> place.  If they can't resolve the names to addresses,
they'll just 
> fail without being redirected to your web server.
>
> Kian
>
> On 5/26/06, *Peter Ankerstål* <peterpean.org
<mailto:peterpean.org>> 
> wrote:
>
>     I am using authpf for my wifi-network. But I want
to redirect all
>     of the
>     http-traffic to a webserver to show a "error
message" when not
>     authenticated via authpf. But how to
"remove" this rule when I
>     authenticate? As far as I know authpf just adds
rules to the ruleset.
>     _______________________________________________
>     freebsd-pffreebsd.org <mailto:freebsd-pffreebsd.org> mailing list
>     
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>     To unsubscribe, send any mail to
>     "freebsd-pf-unsubscribefreebsd.org
>     <mailto:freebsd-pf-unsubscribefreebsd.org>"
>
>
This worked perfectly, thank you!
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
[1-4]

about | contact  Other archives ( Real Estate discussion Medical topics )