So what is a Captive Portal?
The m0n0wall [reviewed here] implementation of a Captive Portal was introduced in one of the early betas of m0n0wall v1.1 earlier this year. This was largely the work of Dinesh Nair with assistance from Manuel Kasper and the other m0n0wall developers.
Basically, the Captive Portal is a web page that users/clients are forced to visit before they are granted access to the Internet. This web page can have a number of purposes, but primarily it allows you to:
• Notify users of your Acceptable Use Policy (AUP) which they have to agree to before they are granted access to the Internet.
• Tell users anything else relevant to the access they are being granted, ports and services that are restricted, details of sponsors, who they should buy beer for in thanks :-) etc.
Alternatively, the Captive Portal can configured to authenticate users with a UserID and Password against a RADIUS server before they are granted Internet access. RADIUS is a standard protocol for remote user authentication and accounting used in "enterprise" grade networks and by some ISPs.
This has given rise to widespread support for RADIUS by most Unixes and Unix-like operating systems. MS Windows Server also has an implementation called Internet Authentication Services which authenticates against both local accounts and a centralised NT4 Domain or Active Directory.
User Authentication is of more relevance on a private network as a way of controlling access to the Internet. So for this article, I will concentrate on configuring the Captive Portal for unauthenticated access.