Project

General

Profile

Actions

Bug #3801

closed

Captive Portal on 2.2 does not pass through logged-in users

Added by Jim Pingle over 10 years ago. Updated about 10 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Ermal Luçi
Category:
Captive Portal
Target version:
Start date:
08/11/2014
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2
Affected Architecture:
All

Description

Users are redirected to the portal, the logins succeed, they show up in the online user list and in the ipfw tables for the zone but the user traffic is still redirected back to the portal no matter what.

Tried with and without MAC filtering, same issue both ways.

Table entries showing the client in the online users:

[2.2-ALPHA][root@pfs22]/root(9): ipfw -x 2 table 1 list 
192.168.1.100/32 mac 00:0c:29:18:54:78 2000
[2.2-ALPHA][root@pfs22]/root(10): ipfw -x 2 table 2 list 
192.168.1.100/32 mac 00:0c:29:18:54:78 2001

First run of the ipfw show output for the zone:

[2.2-ALPHA][root@pfs22]/root(11): ipfw -x 2 show
65291   0     0 allow pfsync from any to any
65292   0     0 allow carp from any to any
65301   6   222 allow ip from any to any layer2 mac-type 0x0806,0x8035
65302   0     0 allow ip from any to any layer2 mac-type 0x888e,0x88c7
65303   0     0 allow ip from any to any layer2 mac-type 0x8863,0x8864
65307   0     0 deny ip from any to any layer2 not mac-type 0x0800,0x86dd
65310 118 12038 allow ip from any to { 255.255.255.255 or 192.168.1.1 } in
65311 108 36634 allow ip from { 255.255.255.255 or 192.168.1.1 } to any out
65312   0     0 allow icmp from { 255.255.255.255 or 192.168.1.1 } to any out icmptypes 0
65313   0     0 allow icmp from any to { 255.255.255.255 or 192.168.1.1 } in icmptypes 8
65314   0     0 pipe tablearg ip from table(3) to any in
65315   0     0 pipe tablearg ip from any to table(4) in
65316   0     0 pipe tablearg ip from table(3) to any out
65317   0     0 pipe tablearg ip from any to table(4) out
65318   0     0 pipe tablearg ip from table(1) to any in
65319   0     0 pipe tablearg ip from any to table(2) out
65532  54  5416 fwd 127.0.0.1,8002 tcp from any to any dst-port 80 in
65533  45  6589 allow tcp from any to any out
65534 255 18764 deny ip from any to any
65535   0     0 allow ip from any to any

Second run to show the user is still hitting the fwd rule and not the table rule.

[2.2-ALPHA][root@pfs22]/root(14): ipfw -x 2 show
65291   0     0 allow pfsync from any to any
65292   0     0 allow carp from any to any
65301   8   296 allow ip from any to any layer2 mac-type 0x0806,0x8035
65302   0     0 allow ip from any to any layer2 mac-type 0x888e,0x88c7
65303   0     0 allow ip from any to any layer2 mac-type 0x8863,0x8864
65307   0     0 deny ip from any to any layer2 not mac-type 0x0800,0x86dd
65310 133 13562 allow ip from any to { 255.255.255.255 or 192.168.1.1 } in
65311 121 41793 allow ip from { 255.255.255.255 or 192.168.1.1 } to any out
65312   0     0 allow icmp from { 255.255.255.255 or 192.168.1.1 } to any out icmptypes 0
65313   0     0 allow icmp from any to { 255.255.255.255 or 192.168.1.1 } in icmptypes 8
65314   0     0 pipe tablearg ip from table(3) to any in
65315   0     0 pipe tablearg ip from any to table(4) in
65316   0     0 pipe tablearg ip from table(3) to any out
65317   0     0 pipe tablearg ip from any to table(4) out
65318   0     0 pipe tablearg ip from table(1) to any in
65319   0     0 pipe tablearg ip from any to table(2) out
65532  60  6093 fwd 127.0.0.1,8002 tcp from any to any dst-port 80 in
65533  50  7290 allow tcp from any to any out
65534 315 22640 deny ip from any to any
65535   0     0 allow ip from any to any

Actions

Also available in: Atom PDF