Captive Portal rule does not work when using a restrictive ruleset
Directions to reproduce:
Setup captive portal on OPT1.
Add a rule on OPT1 interface:
src: OPT1 subnet
dst: OPT1 subnet
Captive portal will not display as it should. It has something to do with ipfw forwarding the traffic to localhost.
#1 Updated by Chris Buechler over 9 years ago
- Status changed from New to Closed
The rule is correct as it is, where it passes to 8000/8001 to $cpinterface, and it all functions correctly. The reason allowing only OPT1 subnet to OPT1 subnet doesn't work is if you block the original destination's SYN it will get dropped by pf. e.g. if you browse to google.com and get IP 22.214.171.124, if you aren't allowing HTTP traffic to destination 126.96.36.199, that's going to get dropped and you won't get redirected to CP. That's the correct behavior.