Actions
Bug #869
closedCaptive Portal rule does not work when using a restrictive ruleset
Start date:
09/01/2010
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:
Description
Directions to reproduce:
Setup captive portal on OPT1.
Add a rule on OPT1 interface:
allow
protocol any
src: OPT1 subnet
dst: OPT1 subnet
no gateway
Captive portal will not display as it should. It has something to do with ipfw forwarding the traffic to localhost.
Updated by Chris Buechler over 14 years ago
- Status changed from New to Closed
The rule is correct as it is, where it passes to 8000/8001 to $cpinterface, and it all functions correctly. The reason allowing only OPT1 subnet to OPT1 subnet doesn't work is if you block the original destination's SYN it will get dropped by pf. e.g. if you browse to google.com and get IP 74.125.45.105, if you aren't allowing HTTP traffic to destination 74.125.45.105, that's going to get dropped and you won't get redirected to CP. That's the correct behavior.
Actions