Bug #2389
closed
CP asks for a voucher code from MACs in the passthrough list
0%
Description
Installed 2.1-DEVEL 17-Apr-2012 and simply moved my conf*.xml from 2.0.1
For testing I used a CP configuration with vouchers and MAC pass-through.
Description of the problem: It seems that the new CP code still asks for a voucher code, despite the fact that a MAC is in the passthrough list.
Checking woth "ipfw -deS show" it appears to be a mismatch in ipfw "set x" directives
00002 204 63503 set 0 allow ip from any to any MAC aa:aa:aa:aa:aa:aa any
00003 173 20884 set 0 allow ip from any to any MAC any aa:aa:aa:aa:aa:aa
00004 0 0 set 0 allow ip from any to any MAC bb:bb:bb:bb:bb:bb any
00005 0 0 set 0 allow ip from any to any MAC any bb:bb:bb:bb:bb:bb
00006 0 0 set 0 allow ip from any to any MAC 00:ff:12:34:56:99 any
00007 0 0 set 0 allow ip from any to any MAC any 00:ff:12:34:56:99
65291 0 0 set 1 allow pfsync from any to any
65292 0 0 set 1 allow carp from any to any
65301 628 28888 set 1 allow ip from any to any layer2 mac-type 0x0806
65302 0 0 set 1 allow ip from any to any layer2 mac-type 0x888e
65303 0 0 set 1 allow ip from any to any layer2 mac-type 0x88c7
65304 0 0 set 1 allow ip from any to any layer2 mac-type 0x8863
65305 0 0 set 1 allow ip from any to any layer2 mac-type 0x8864
65307 0 0 set 1 deny ip from any to any layer2 not mac-type 0x0800
65310 99 11703 set 1 allow ip from any to { 255.255.255.255 or 192.168.100.1 } in
65311 159 50665 set 1 allow ip from { 255.255.255.255 or 192.168.100.1 } to any out
65312 0 0 set 1 allow icmp from { 255.255.255.255 or 192.168.100.1 } to any out icmptypes 0
65313 0 0 set 1 allow icmp from any to { 255.255.255.255 or 192.168.100.1 } in icmptypes 8
65314 0 0 set 0 allow ip from table(3) to any in
65315 0 0 set 0 allow ip from any to table(4) out
65316 0 0 set 0 pipe tablearg ip from table(5) to any in
65317 0 0 set 0 pipe tablearg ip from any to table(6) out
65318 0 0 set 0 allow ip from any to table(7) in
65319 0 0 set 0 allow ip from table(8) to any out
65320 0 0 set 0 pipe tablearg ip from any to table(9) in
65321 0 0 set 0 pipe tablearg ip from table(10) to any out
65322 0 0 set 1 allow ip from table(1) to any in
65323 0 0 set 1 allow ip from any to table(2) out
65531 40 5694 set 1 fwd 127.0.0.1,8000 tcp from any to any in
65532 82 17739 set 1 allow tcp from any to any out
65533 64 5059 set 1 deny ip from any to any
65534 0 0 set 1 allow ip from any to any layer2
65535 8 1588 set 31 allow ip from any to any
Updated by Dim Hatz over 12 years ago
Looking further into this issue, the output of "ipfw -deS show" under pfsense 2.0.1 is exactly the same as above and yet MAC passthrough works fine in 2.0.1.
Updated by Dim Hatz over 12 years ago
I just tried changing "set 0" to "set 1" for the MAC entries (rules 2-7) and it didn't fix things. Those MACs are still being presented the CP's authentication page.
Updated by Ermal Luçi about 12 years ago
Can you please try with a recent snapshot.
The snapshots back there had some issues with how CP config was being applied.
Updated by Chris Buechler almost 12 years ago
- Status changed from New to Feedback
doesn't appear to be a problem anymore, leaving for feedback for now.
Updated by Chris Buechler over 11 years ago
- Status changed from Feedback to Resolved