Project

General

Profile

Actions

Bug #566

closed

captive portal IP bypass issues

Added by Chris Buechler over 11 years ago. Updated over 11 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Captive Portal
Target version:
Start date:
05/02/2010
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

A few issues here.

1) It no longer works. Adding a rule with keep-state fixes it, such as:
allow ip from any to table(1) keep-state

the actual tables are correct.

2) The to/from needs to be brought back, that allows functionality that isn't possible without it, and that people currently rely on with 1.2.x. Also "both" should be an allowed option. The ipfw rules should be:
allow ip from table(1) to any keep-state
allow ip from any to table(2) keep-state

where table 1 is the "From" table, table 2 is the "To" table, and "Both" adds the IP to both tables.

Actions #1

Updated by Ermal Luçi over 11 years ago

  • Status changed from New to Feedback
Actions #2

Updated by Jim Pingle over 11 years ago

  • Status changed from Feedback to New

It looks like there are still some issues here. A support customer called and their bypass IP was not working. It was not in the output of "ipfw table all list" but it was in the GUI. Saving the entry made it show up in the table list.

Actions #3

Updated by Ermal Luçi over 11 years ago

There is no place in code that this can happen unless something is clearing the tables(manually?)!

On the code paths there is no way that allowed ip can be removed after being added.
The code paths, furthermore, add all ips to the tables.

Actions #4

Updated by Jim Pingle over 11 years ago

In their case, it didn't work immediately after boot. Is it possible that the boot-time initialization is not working somehow?

Actions #5

Updated by Ermal Luçi over 11 years ago

  • Status changed from New to Feedback

I think you/they need to retry again.
There was an include missing in captiveportal.inc regarding the loading of ipfw module.

Actions #6

Updated by Chris Buechler over 11 years ago

  • Status changed from Feedback to Resolved

this works now

Actions

Also available in: Atom PDF