Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem with multiple Interfaces since Version 22.05

    Scheduled Pinned Locked Moved Captive Portal
    17 Posts 2 Posters 2.8k Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O Offline
      OpIT GmbH @Gertjan
      last edited by

      @gertjan

      Selecting multiple interfaces is easier for me, because i have multiple VLAN's where i need Captive Portal with the same settings. So it does not make sense to setup extra Zones for each interface.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan @OpIT GmbH
        last edited by Gertjan

        @opit-gmbh

        I hope this is not an urgent thing for you - and I hope to be wrong here.
        IMHO, you didn't find a bug, but a functionality that doesn't exist, except for the documentation. Implementing will be far more complex as putting out a simple simple patch.

        edit : just maybe : the doc is ready for the upcoming version that does contain multiple interfaces support.

        edit2 : I had to edit my post above :
        I created some more LZAN interfaces, assigned it and IPv4 like 192.168.100.1/24 and 192.168.200.1/24 and added these interfaces to my captive portal zone.

        I found this in the nginx config file :

        		if ($http_host ~* 192.168.100.1) {
        			set $cp_redirect no;
        		}
        		if ($http_host ~* 192.168.2.1) {
        			set $cp_redirect no;
        		}
        		if ($http_host ~* 192.168.200.1) {
        			set $cp_redirect no;
        		}
        

        so that part looks good.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        O 1 Reply Last reply Reply Quote 0
        • O Offline
          OpIT GmbH @Gertjan
          last edited by OpIT GmbH

          @gertjan
          i think its a Bug, when you look at the /tmp/rules.debug File. It will create 4 Entries with # Captive Portal. As you can see, its adding my selected interface BUT not on every setting. In version 22.01 all was working fine.

          You can see that just 1 Interface ist listed, but it should be 2, as can can see below.

          Captive Portal

          table <cpzoneid_2_cpips> { 10.5.50.1 }

          Captive Portal

          ether pass on { igc0 igc0.50 } tag "cpzoneid_2_rdr"
          ether anchor "cpzoneid_2_auth/" on { igc0 igc0.50 }
          ether anchor "cpzoneid_2_passthrumac/
          " on { igc0 igc0.50 }
          ether anchor "cpzoneid_2_allowedhosts/*" on { igc0 igc0.50 }

          Captive Portal

          rdr on igc0 inet proto tcp from any to ! <cpzoneid_2_cpips> port 80 tagged cpzoneid_2_rdr -> 192.168.10.254 port 8002
          rdr on igc0.50 inet proto tcp from any to ! <cpzoneid_2_cpips> port 80 tagged cpzoneid_2_rdr -> 10.5.50.1 port 8002

          Captive Portal

          pass in quick on igc0 proto tcp from any to <cpzoneid_2_cpips> port 8002 ridentifier 13001 keep state(sloppy)
          pass out quick on igc0 proto tcp from 192.168.10.254 port 8002 to any flags any ridentifier 13002 keep state(sloppy)
          pass in quick from any to any tagged cpzoneid_2_passthru ridentifier 13003 keep state
          block in quick on igc0 from any to ! <cpzoneid_2_cpips> ! tagged cpzoneid_2_auth ridentifier 13004
          pass in quick on igc0.50 proto tcp from any to <cpzoneid_2_cpips> port 8002 ridentifier 13005 keep state(sloppy)
          pass out quick on igc0.50 proto tcp from 10.5.50.1 port 8002 to any flags any ridentifier 13006 keep state(sloppy)
          pass in quick from any to any tagged cpzoneid_2_passthru ridentifier 13007 keep state
          block in quick on igc0.50 from any to ! <cpzoneid_2_cpips> ! tagged cpzoneid_2_auth ridentifier 13008

          GertjanG 1 Reply Last reply Reply Quote 0
          • O Offline
            OpIT GmbH
            last edited by OpIT GmbH

            I created a Bug Report

            https://redmine.pfsense.org/issues/13391

            1 Reply Last reply Reply Quote 0
            • GertjanG Offline
              Gertjan @OpIT GmbH
              last edited by

              @opit-gmbh

              Recently, the 'ipfw' firewall, used for captive portal instances, was ditched and replaced by the 'pf' firewall.

              'pf' is the one we use when we create our GUI firewall rules.

              The conversion was a big task, and maybe ( ? ) the 'multiple interfaces' options was just omitted, or forgotten ( coders are still human ;) ).

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              O 1 Reply Last reply Reply Quote 0
              • O Offline
                OpIT GmbH @Gertjan
                last edited by

                @gertjan
                yeah it looks like the just have forgotten some things there but i also think that this should not be a big Problem to correct this.... :=)

                GertjanG 1 Reply Last reply Reply Quote 0
                • GertjanG Offline
                  Gertjan @OpIT GmbH
                  last edited by Gertjan

                  @opit-gmbh

                  If you can edit a file :

                  Open /etc/inc/captiveportal.inc
                  Goto line 2576 ( ? )

                  You'll find

                  						$cpiplist = $cpip . ' ';
                  

                  Change it to ( add a single point . ) :

                  						$cpiplist .= $cpip . ' ';
                  

                  Now you will see in the firewall rules file :

                  ....
                  # Captive Portal
                  table <cpzoneid_2_cpips> { 192.168.100.1 192.168.2.1  }
                  ....
                  

                  and these are the IP addresses of my two interfaces added to a captive portal zone.

                  I can't test drive this myself.
                  Can you test ?

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  O 1 Reply Last reply Reply Quote 0
                  • O Offline
                    OpIT GmbH @Gertjan
                    last edited by

                    @gertjan

                    Tested it > and it seams to be working!

                    Many Thanks!!!

                    1 Reply Last reply Reply Quote 0
                    • O Offline
                      OpIT GmbH
                      last edited by OpIT GmbH

                      I also found maybe another Problem. When you upload a Logo or a Background Logo, its created with 2 .. (Points) in the extension. So you have "captiveportal-logo..png or "captiveportal-background..png"

                      The Logos are displayed normally, so its just seams to be a cosmetic "Bug"

                      GertjanG 1 Reply Last reply Reply Quote 0
                      • GertjanG Offline
                        Gertjan @OpIT GmbH
                        last edited by

                        @opit-gmbh

                        Hummm.
                        The point you just added should be remove somewhere else ;)

                        No "help me" PM's please. Use the forum, the community will thank you.
                        Edit : and where are the logs ??

                        O 1 Reply Last reply Reply Quote 0
                        • O Offline
                          OpIT GmbH @Gertjan
                          last edited by

                          @gertjan

                          Not i add the Dot, the Netgate add it. I Upload a "logo.png" and the Netgate generates "captiveportal-logo..png"

                          GertjanG 1 Reply Last reply Reply Quote 0
                          • GertjanG Offline
                            Gertjan @OpIT GmbH
                            last edited by Gertjan

                            @opit-gmbh

                            You didn't understood the suggestion.

                            Open /usr/local/www/services_captiveportal.php

                            Look for every function :

                            image_type_to_extension
                            

                            And look closely to the example of the image_type_to_extension PHP function definition.

                            <?php
                            // Create image instance
                            $im = imagecreatetruecolor(100, 100);
                            
                            // Save image
                            imagepng($im, './test' . image_type_to_extension(IMAGETYPE_PNG));
                            imagedestroy($im);
                            ?>
                            

                            The example :

                            Right after '/test there is no point included - so the point comes back with with the image_type_to_extension(IMAGETYPE_PNG) function call - so this function resturns
                            ".png".

                            Now, back to our /usr/local/www/services_captiveportal.php, locate every line with image_type_to_extension and then look closely the line.
                            Example :

                            $logo_name = "captiveportal-logo." . image_type_to_extension(is_supported_image($_FILES['logo-img']['tmp_name']));
                            

                            Do you see the point that you have to remove ?
                            It's right after captiveportal-logo

                            Redo the same thing for where the "captiveportal-background." is handled, and you'll be fine.

                            My suggestion was :you should remove some points '.' ^^

                            No "help me" PM's please. Use the forum, the community will thank you.
                            Edit : and where are the logs ??

                            O 1 Reply Last reply Reply Quote 0
                            • O Offline
                              OpIT GmbH @Gertjan
                              last edited by

                              @gertjan

                              ahhhh, now i know what you mean "The point you just added should be remove somewhere else" .... heheh :=)

                              THX!

                              Should all of this here be Mailed to Netgate directly, so that they can fix this stuff in the next Version or with a Patch? Our das Netgate read all the Forum Posts here?!

                              GertjanG 1 Reply Last reply Reply Quote 0
                              • O OpIT GmbH referenced this topic on
                              • GertjanG Offline
                                Gertjan @OpIT GmbH
                                last edited by

                                @opit-gmbh said in Problem with multiple Interfaces since Version 22.05:

                                Should all of this here be Mailed to Netgate directly

                                You opened a bug report, a regression actually, that points to this thread.
                                Some author will read the report, read the thread, and deal with it in no time.
                                Jimp already saw your report.
                                As I see it, 2.7.0 and 22.11 will contain the solution.

                                No "help me" PM's please. Use the forum, the community will thank you.
                                Edit : and where are the logs ??

                                O 1 Reply Last reply Reply Quote 0
                                • O Offline
                                  OpIT GmbH @Gertjan
                                  last edited by

                                  @gertjan

                                  i also added a comment about the "Dot" Problem in the Bug Report. So i think all should be fine for now.

                                  THX Gertjan for your help!

                                  1 Reply Last reply Reply Quote 0
                                  • GertjanG Gertjan referenced this topic on
                                  • GertjanG Gertjan referenced this topic on
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.