1

I am using NoDogSplash which is a captive portal, meaning it redirects your packets and forces you to authenticate before you can access the Internet. It does this in an isolated 10.0.0.0 network. Now, I would like to make it so that the first X addresses (let's say 32) are not managed by NoDogSplash at all, so I can put my access points and some other computers in that range.

There is a parameter called GatewayIPRange in the configuration that seems to do what I want, but I don't know what I should set it to.

By setting this parameter, you can specify a range of IP addresses on the GatewayInterface that will be responded to and managed by Nodogsplash. Addresses outside this range do not have their packets touched by Nodogsplash at all. Defaults to 0.0.0.0/0, that is, all addresses.

I know that by changing the network mask I can split a big network into smaller subnets, but as I want all hosts to have the same gateway (namely, the router the captive portal is running in), I don't think I can do this.

If at all possible, please provide a solution for the general case and/or lots of background info (or links to it, as I know this is a very elementary question).

Thanks a lot.

dunxd
  • 9,632
  • 22
  • 81
  • 118
derringer
  • 21
  • 1
  • 4

2 Answers2

0

At best you're going to be able to exclude half the addresses, this is subnetting but it isn't actually going to divide the network, it is just going to create a list of IPs that will either match or do not match.

I think that if you want certain machines and APs to not be managed, the TrustedMACList option is going to be better, and although MAC addresses are spoofable, the same thing applies to ranges of IPs.

Parameter: TrustedMACList Default: none

Comma-separated list of MAC addresses who are not subject to authentication, and are not restricted by any FirewallRuleSet. N.B.: weak security, since MAC addresses are easy to spoof.

TrustedMACList 00:00:CA:FE:BA:BE, 00:00:C0:01:D0:0D

NickW
  • 10,263
  • 1
  • 20
  • 27
0

It appears they are using CIDR notation for specifying the range of addresses to set GatewayIPRange to. This is quite valid.

Just because this notation can also be used to specify a subnet doesn't mean it is always used for this. It is also used in routing tables, ACLs and other places where it doesn't necessarily imply a subnet (but might). It's use is more flexible than that!

Read up more on CIDR notation here.

dunxd
  • 9,632
  • 22
  • 81
  • 118