Actions
Bug #16264
open
In some circumstances, ethernet rules generated by the Captive portal block the ARP
Status:
New
Priority:
Normal
Assignee:
-
Category:
Captive Portal
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Release Notes:
Default
Affected Plus Version:
24.11
Affected Architecture:
Description
The setup is on an HA pair, Captive portal configured on LAN interface (ix0)
<if>ix0</if>
<spoofmac></spoofmac>
<enable></enable>
<ipaddr>192.168.7.4</ipaddr>
<subnet>29</subnet>
Ethernet ruleset:
# pfctl -s ether ether pass on ix0 l3 all tag cpzoneid_2_rdr ether anchor "cpzoneid_2_auth/*" on ix0 l3 all ether anchor "cpzoneid_2_passthrumac/*" on ix0 l3 all ether anchor "cpzoneid_2_allowedhosts/*" on ix0 l3 all After the random time, the primary node stops passing the ARPs on IX0 for all hosts
It starts to work if the subnet is tagged by "cpzoneid_2_auth"
echo 'ether pass in quick proto 0x0806 l3 from 192.168.7.0/29 tag cpzoneid_2_auth' | pfctl -a 'cpzoneid_2_auth/192.168.7.0_29' -f -
The issue never occurs on the secondary node.
Ticket for reference #23118866478 (additionally probably related tkt #24032478035)
Files
Updated by Danilo Zrenjanin 4 months ago
In ticket 24032478035, disabling XML-RPC for Captive Portal helped stop the issue from occurring. The symptoms were very similar.
Updated by Christopher Causer 4 months ago
Danilo Zrenjanin wrote in #note-1:
In ticket 24032478035, disabling XML-RPC for Captive Portal helped stop the issue from occurring. The symptoms were very similar.
For our setup, we disabled XML-RPC for Captive Portal (both forwards and backwards) and this issue persisted.
Updated by Lev Prokofev 3 months ago
- File clipboard-202507031604-v3sfd.png clipboard-202507031604-v3sfd.png added
- File clipboard-202507031604-svctj.png clipboard-202507031604-svctj.png added
- File clipboard-202507031605-zvwil.png clipboard-202507031605-zvwil.png added
- File clipboard-202507031606-apesg.png clipboard-202507031606-apesg.png added
Actions