Project

General

Profile

Bug #566

captive portal IP bypass issues

Added by Chris Buechler over 9 years ago. Updated about 9 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Captive Portal
Target version:
Start date:
05/02/2010
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.0
Affected Architecture:

Description

A few issues here.

1) It no longer works. Adding a rule with keep-state fixes it, such as:
allow ip from any to table(1) keep-state

the actual tables are correct.

2) The to/from needs to be brought back, that allows functionality that isn't possible without it, and that people currently rely on with 1.2.x. Also "both" should be an allowed option. The ipfw rules should be:
allow ip from table(1) to any keep-state
allow ip from any to table(2) keep-state

where table 1 is the "From" table, table 2 is the "To" table, and "Both" adds the IP to both tables.

Associated revisions

Revision b01792a0 (diff)
Added by Ermal Luçi over 9 years ago

Ticket #566. Reimplement the allowed ips keeping previous funcitonality and improving by adding a both direction. The problem with previous commit is that it always assumes that allowed ip address would have a pipe configured and entires without one would just get dropped.

History

#1 Updated by Ermal Luçi over 9 years ago

  • Status changed from New to Feedback

#2 Updated by Jim Pingle over 9 years ago

  • Status changed from Feedback to New

It looks like there are still some issues here. A support customer called and their bypass IP was not working. It was not in the output of "ipfw table all list" but it was in the GUI. Saving the entry made it show up in the table list.

#3 Updated by Ermal Luçi over 9 years ago

There is no place in code that this can happen unless something is clearing the tables(manually?)!

On the code paths there is no way that allowed ip can be removed after being added.
The code paths, furthermore, add all ips to the tables.

#4 Updated by Jim Pingle over 9 years ago

In their case, it didn't work immediately after boot. Is it possible that the boot-time initialization is not working somehow?

#5 Updated by Ermal Luçi about 9 years ago

  • Status changed from New to Feedback

I think you/they need to retry again.
There was an include missing in captiveportal.inc regarding the loading of ipfw module.

#6 Updated by Chris Buechler about 9 years ago

  • Status changed from Feedback to Resolved

this works now

Also available in: Atom PDF