Bug #2389
closedCP asks for a voucher code from MACs in the passthrough list
0%
Description
Installed 2.1-DEVEL 17-Apr-2012 and simply moved my conf*.xml from 2.0.1
For testing I used a CP configuration with vouchers and MAC pass-through.
Description of the problem: It seems that the new CP code still asks for a voucher code, despite the fact that a MAC is in the passthrough list.
Checking woth "ipfw -deS show" it appears to be a mismatch in ipfw "set x" directives
00002 204 63503 set 0 allow ip from any to any MAC aa:aa:aa:aa:aa:aa any 00003 173 20884 set 0 allow ip from any to any MAC any aa:aa:aa:aa:aa:aa 00004 0 0 set 0 allow ip from any to any MAC bb:bb:bb:bb:bb:bb any 00005 0 0 set 0 allow ip from any to any MAC any bb:bb:bb:bb:bb:bb 00006 0 0 set 0 allow ip from any to any MAC 00:ff:12:34:56:99 any 00007 0 0 set 0 allow ip from any to any MAC any 00:ff:12:34:56:99 65291 0 0 set 1 allow pfsync from any to any 65292 0 0 set 1 allow carp from any to any 65301 628 28888 set 1 allow ip from any to any layer2 mac-type 0x0806 65302 0 0 set 1 allow ip from any to any layer2 mac-type 0x888e 65303 0 0 set 1 allow ip from any to any layer2 mac-type 0x88c7 65304 0 0 set 1 allow ip from any to any layer2 mac-type 0x8863 65305 0 0 set 1 allow ip from any to any layer2 mac-type 0x8864 65307 0 0 set 1 deny ip from any to any layer2 not mac-type 0x0800 65310 99 11703 set 1 allow ip from any to { 255.255.255.255 or 192.168.100.1 } in 65311 159 50665 set 1 allow ip from { 255.255.255.255 or 192.168.100.1 } to any out 65312 0 0 set 1 allow icmp from { 255.255.255.255 or 192.168.100.1 } to any out icmptypes 0 65313 0 0 set 1 allow icmp from any to { 255.255.255.255 or 192.168.100.1 } in icmptypes 8 65314 0 0 set 0 allow ip from table(3) to any in 65315 0 0 set 0 allow ip from any to table(4) out 65316 0 0 set 0 pipe tablearg ip from table(5) to any in 65317 0 0 set 0 pipe tablearg ip from any to table(6) out 65318 0 0 set 0 allow ip from any to table(7) in 65319 0 0 set 0 allow ip from table(8) to any out 65320 0 0 set 0 pipe tablearg ip from any to table(9) in 65321 0 0 set 0 pipe tablearg ip from table(10) to any out 65322 0 0 set 1 allow ip from table(1) to any in 65323 0 0 set 1 allow ip from any to table(2) out 65531 40 5694 set 1 fwd 127.0.0.1,8000 tcp from any to any in 65532 82 17739 set 1 allow tcp from any to any out 65533 64 5059 set 1 deny ip from any to any 65534 0 0 set 1 allow ip from any to any layer2 65535 8 1588 set 31 allow ip from any to any
Updated by Dim Hatz over 12 years ago
Looking further into this issue, the output of "ipfw -deS show" under pfsense 2.0.1 is exactly the same as above and yet MAC passthrough works fine in 2.0.1.
Updated by Dim Hatz over 12 years ago
I just tried changing "set 0" to "set 1" for the MAC entries (rules 2-7) and it didn't fix things. Those MACs are still being presented the CP's authentication page.
Updated by Ermal Luçi over 12 years ago
Can you please try with a recent snapshot.
The snapshots back there had some issues with how CP config was being applied.
Updated by Chris Buechler about 12 years ago
- Status changed from New to Feedback
doesn't appear to be a problem anymore, leaving for feedback for now.
Updated by Chris Buechler over 11 years ago
- Status changed from Feedback to Resolved