Firewall with bridged interfaces and captive portal

Olivier Nicole on at
Wed Dec 3 19:37:18 PST 2008

Hi Chris,

> > I need to implement a firewall with bridged interfaces that offers
> > captive portal (authentication before opening the traffic).
> We are using a combination of squid+ipfw. Although we are NATing the
> users, that really just introduces needless complexity that could be
> avoided with a bridging solution.
> Our web-app/captive portal/authentication program is written in-house;
> it's very tightly integrated with several existing pieces of
> infrastructure. I don't know if there are any solutions that will work
> out-of-the-box.
> I can get you more technical details if this is a direction you'd be
> interested in moving.

Long time ago I have been toying with ipf (for the genral firewall)
and NoCat+ipfw for the captive portal.

But that did not work too well, so any technical information will be
appreciated :)

My long term vision is a quite integrated thing, where users that read
their email and authenticate to POP3/IMAP would be granted the access
without the need to authenticate to the web portal.

Best regards,


More information about the freebsd-questions mailing list