Project

General

Profile

Actions

Regression #12615

closed

MAC passthrough does not work on the latest snapshot

Added by Viktor Gurov 5 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
Captive Portal
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
22.01
Release Notes:
Force Exclusion
Affected Version:
2.6.0
Affected Architecture:

Description

CP login page always appears

config.xml is ok:

                        <passthrumac>
                                <action>pass</action>
                                <mac>e2:51:f2:61:23:4b</mac>
                                <descr><![CDATA[windowspc]]></descr>
                        </passthrumac>

ipfw tables too:

# ipfw table all list
--- table(cp_ifaces), set(0) ---
vtnet0 2100 19578 6256264 1639752869
--- table(cpzone1_auth_up), set(0) ---
--- table(cpzone1_host_ips), set(0) ---
192.168.88.100/32 0 9278 4839663 1639752869
--- table(cpzone1_pipe_mac), set(0) ---
 e2:51:f2:61:23:4b any 2001 3008 761439 1639752868
 any e2:51:f2:61:23:4b 2000 3987 337435 1639752868
--- table(cpzone1_auth_down), set(0) ---
--- table(cpzone1_allowed_up), set(0) ---
--- table(cpzone1_allowed_down), set(0) ---

tcpdump:

tcpdump -qn -i vtnet0 ether host e2:51:f2:61:23:4b
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vtnet0, link-type EN10MB (Ethernet), capture size 262144 bytes
17:56:02.869612 IP 192.168.88.150.2375 > 89.108.119.43.443: tcp 0
17:56:03.271994 IP 192.168.88.150.2376 > 89.108.119.43.443: tcp 0
17:56:03.825248 IP 192.168.88.150.2389 > 34.107.221.82.80: tcp 0

pfSense 2.6.0.b.20211216.0600

Actions #1

Updated by Viktor Gurov 5 months ago

ipfw show output:

# ipfw show
00999     0        0 allow tagged 1
01000 65094 13625580 skipto tablearg ip from any to any via table(cp_ifaces)
01100 86247  5149976 allow ip from any to any
02100 27710  4498925 pipe tablearg MAC table(cpzone1_pipe_mac)
02101     0        0 allow pfsync from any to any
02102     0        0 allow carp from any to any
02103     8        0 allow layer2 mac-type 0x0806,0x8035
02104     0        0 allow layer2 mac-type 0x888e,0x88c7
02105     0        0 allow layer2 mac-type 0x8863,0x8864
02106     0        0 deny layer2 not mac-type 0x0800,0x86dd
02107 11709   988970 allow ip from any to table(cpzone1_host_ips) in
02108 12940  6862452 allow ip from table(cpzone1_host_ips) to any out
02109     0        0 allow ip from any to 255.255.255.255 in
02110     0        0 allow ip from 255.255.255.255 to any out
02111     0        0 pipe tablearg ip from table(cpzone1_allowed_up) to any in
02112     0        0 pipe tablearg ip from any to table(cpzone1_allowed_down) in
02113     0        0 pipe tablearg ip from table(cpzone1_allowed_up) to any out
02114     0        0 pipe tablearg ip from any to table(cpzone1_allowed_down) out
02115     0        0 pipe tablearg tag 1 ip from table(cpzone1_auth_up) to any layer2 in
02116     0        0 pipe tablearg tag 1 ip from any to table(cpzone1_auth_down) layer2 out
02117  6462   574192 fwd 127.0.0.1,8002 tcp from any to any 80 in
02118  5385   653787 allow tcp from any to any out
02119   880    47254 skipto 65534 ip from any to any
65534   880    47254 deny ip from any to any
65535     0        0 allow ip from any to any
Actions #4

Updated by Jim Pingle 5 months ago

  • Tracker changed from Bug to Regression
  • Status changed from New to Pull Request Review
  • Assignee set to Viktor Gurov
  • Target version set to 2.6.0
  • Plus Target Version set to 22.01
  • Release Notes changed from Default to Force Exclusion
Actions #5

Updated by Viktor Gurov 5 months ago

  • Status changed from Pull Request Review to Feedback
  • % Done changed from 0 to 100
Actions #6

Updated by Christopher Cope 3 months ago

  • Status changed from Feedback to Resolved

Tested successfully on

2.6.0-RC (amd64)
built on Mon Jan 24 18:44:12 UTC 2022
FreeBSD 12.3-STABLE

Marking this resolved.

Actions

Also available in: Atom PDF