Project

General

Profile

Actions

Bug #2389

closed

CP asks for a voucher code from MACs in the passthrough list

Added by Dim Hatz over 9 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Captive Portal
Target version:
Start date:
04/19/2012
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:

Description

Installed 2.1-DEVEL 17-Apr-2012 and simply moved my conf*.xml from 2.0.1
For testing I used a CP configuration with vouchers and MAC pass-through.

Description of the problem: It seems that the new CP code still asks for a voucher code, despite the fact that a MAC is in the passthrough list.

Checking woth "ipfw -deS show" it appears to be a mismatch in ipfw "set x" directives

00002 204 63503 set 0 allow ip from any to any MAC aa:aa:aa:aa:aa:aa any
00003 173 20884 set 0 allow ip from any to any MAC any aa:aa:aa:aa:aa:aa
00004   0     0 set 0 allow ip from any to any MAC bb:bb:bb:bb:bb:bb any
00005   0     0 set 0 allow ip from any to any MAC any bb:bb:bb:bb:bb:bb
00006   0     0 set 0 allow ip from any to any MAC 00:ff:12:34:56:99 any
00007   0     0 set 0 allow ip from any to any MAC any 00:ff:12:34:56:99
65291   0     0 set 1 allow pfsync from any to any
65292   0     0 set 1 allow carp from any to any
65301 628 28888 set 1 allow ip from any to any layer2 mac-type 0x0806
65302   0     0 set 1 allow ip from any to any layer2 mac-type 0x888e
65303   0     0 set 1 allow ip from any to any layer2 mac-type 0x88c7
65304   0     0 set 1 allow ip from any to any layer2 mac-type 0x8863
65305   0     0 set 1 allow ip from any to any layer2 mac-type 0x8864
65307   0     0 set 1 deny ip from any to any layer2 not mac-type 0x0800
65310  99 11703 set 1 allow ip from any to { 255.255.255.255 or 192.168.100.1 } in
65311 159 50665 set 1 allow ip from { 255.255.255.255 or 192.168.100.1 } to any out
65312   0     0 set 1 allow icmp from { 255.255.255.255 or 192.168.100.1 } to any out icmptypes 0
65313   0     0 set 1 allow icmp from any to { 255.255.255.255 or 192.168.100.1 } in icmptypes 8
65314   0     0 set 0 allow ip from table(3) to any in
65315   0     0 set 0 allow ip from any to table(4) out
65316   0     0 set 0 pipe tablearg ip from table(5) to any in
65317   0     0 set 0 pipe tablearg ip from any to table(6) out
65318   0     0 set 0 allow ip from any to table(7) in
65319   0     0 set 0 allow ip from table(8) to any out
65320   0     0 set 0 pipe tablearg ip from any to table(9) in
65321   0     0 set 0 pipe tablearg ip from table(10) to any out
65322   0     0 set 1 allow ip from table(1) to any in
65323   0     0 set 1 allow ip from any to table(2) out
65531  40  5694 set 1 fwd 127.0.0.1,8000 tcp from any to any in
65532  82 17739 set 1 allow tcp from any to any out
65533  64  5059 set 1 deny ip from any to any
65534   0     0 set 1 allow ip from any to any layer2
65535   8  1588 set 31 allow ip from any to any
Actions #1

Updated by Dim Hatz over 9 years ago

Looking further into this issue, the output of "ipfw -deS show" under pfsense 2.0.1 is exactly the same as above and yet MAC passthrough works fine in 2.0.1.

Actions #2

Updated by Dim Hatz over 9 years ago

I just tried changing "set 0" to "set 1" for the MAC entries (rules 2-7) and it didn't fix things. Those MACs are still being presented the CP's authentication page.

Actions #3

Updated by Ermal Luçi over 9 years ago

Can you please try with a recent snapshot.
The snapshots back there had some issues with how CP config was being applied.

Actions #4

Updated by Chris Buechler about 9 years ago

  • Status changed from New to Feedback

doesn't appear to be a problem anymore, leaving for feedback for now.

Actions #5

Updated by Chris Buechler over 8 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF