How To: Using m0n0wall to create a Wireless Captive Portal



Conclusion

I have shown how m0n0wall v1.1 can be used to allow free, but controlled, access to the Internet. Like m0n0wall in general, the implementation is relatively simple but very flexible, as one user pointed out when I was researching this article:

"What I like is that you can build a wireless DMZ using completely different types of APs (wireless access points) and it doesn't make a difference because the m0n0wall is doing all of the authentication and firewalling. So really those APs become nothing more then dumb bridges."

In the true spirit of a Open Source project, the m0n0wall Captive Portal doesn't provide any functionality for metering and billing the Captive Portal clients. If you want these features, you'll have to look to commercial products.

The main potential difficulty of providing 'open access' is the inability to permanently prevent a persistent abuser connecting to the Captive Portal. This is not a limitation particular to the m0n0wall implementation, just of the anonymous way you are allowing clients to connect and the relative ease of pretending to be somebody different with a simple change of MAC address.

The most common abuse is going to be the persistent 'bandwidth hogger'. This should be relatively easy to control with a combination of sensible firewall rules, blocking bandwidth-intensive services such as peer-to-peer networks, and controlling the amount of bandwidth in use with m0n0wall's Traffic Shaping feature. So I'll show you how to use m0n0wall's very powerful Traffic Shaping capability in my next article.