Captive Portal locks up system.
-
Whenever I enable captive portal on an interface, and you try to browse the web on that interface it locks up or restarts pfsense… Any ideas? :-[
-
Post error messages that appear on the console.
-
I can not replicate this on latest snapshot.
Can you give some more details. -
Fixed upgrade and retry.
-
Would it be a build posted today? Because all I see is Dec5th, and I tried that one already.
-
there are new builds now
-
Hello,
Captive Portal seems to be fine(for now :P) to me on 01:45:00 EST 2008 build. How about you grab new snaps now?
cheers,
-
Weird… I updated to the latest build, it doesn't lock up the system anymore, but it wont direct you to the captive portal page, or let you on the internet.
Yes I added the firewall rule. Internet works fine without Captive Portal enabled.
Do I have to do anything new with 2.0 to get the captive portal working? -
Can you please give me your /tmp/rules.debug
and output of ipfw show? -
Rules.Debug
#System aliases loopback = "{ lo0 }" WAN = "{ le1 }" LAN = "{ le0 }" OPT1 = "{ le2 }" # User Aliases set loginterface le1 set loginterface le0 set loginterface le2 set optimization normal set limit states 25000 scrub in on $WAN all fragment reassemble scrub in on $LAN all fragment reassemble scrub in on $OPT1 all fragment reassemble nat-anchor "ftp-proxy/*" nat-anchor "natearly/*" nat-anchor "natrules/*" # Outbound NAT rules # Subnets to NAT tonatsubnets = "{ 192.168.1.0/24 192.168.2.0/24 }" no nat on $WAN to port tftp nat on $WAN from $tonatsubnets port 500 to any port 500 -> 192.168.9.56/32 port 500 nat on $WAN from $tonatsubnets port 4500 to any port 4500 -> 192.168.9.56/32 port 4500 nat on $WAN from $tonatsubnets port 5060 to any port 5060 -> 192.168.9.56/32 port 5060 nat on $WAN from $tonatsubnets to any -> 192.168.9.56/32 #SSH Lockout Table table <sshlockout> persist # Load balancing anchor rdr-anchor "relayd/*" # FTP proxy rdr-anchor "ftp-proxy/*" rdr-anchor "tftp-proxy/*" rdr on le0 proto tcp from any to any port 21 tag PFFTPPROXY -> 127.0.0.1 port 8022 rdr on le0 proto udp from any to any port tftp tag PFFTPPROXY -> 127.0.0.1 port 6969 rdr on le2 proto tcp from any to any port 21 tag PFFTPPROXY -> 127.0.0.1 port 8023 rdr on le2 proto udp from any to any port tftp tag PFFTPPROXY -> 127.0.0.1 port 6969 # IMSpector rdr anchor rdr-anchor "imspector" # UPnPd rdr anchor rdr-anchor "miniupnpd" anchor "ftpsesame/*" anchor "relayd/*" anchor "firewallrules" #--------------------------------------------------------------------------- # default deny rules #--------------------------------------------------------------------------- block in log all label "Default deny rule" block out log all label "Default deny rule" # We use the mighty pf, we cannot be fooled. block quick proto { tcp, udp } from any port = 0 to any block quick proto { tcp, udp } from any to any port = 0 # snort2c table <snort2c> persist block quick from <snort2c> to any label "Block snort2c hosts" block quick from any to <snort2c> label "Block snort2c hosts" # package manager early specific hook anchor "packageearly" # carp anchor "carp" # SSH lockout block in log quick proto tcp from <sshlockout> to any port 22 label "sshlockout" table <virusprot> block in quick from <virusprot> to any label "virusprot overload table" table <bogons> persist file "/etc/bogons" # block bogon networks # http://www.cymru.com/Documents/bogon-bn-nonagg.txt anchor "wanbogons" block in log quick on $WAN from <bogons> to any label "block bogon networks from WAN" antispoof for le1 # block anything from private networks on interfaces with the option set antispoof for $WAN block in log quick on $WAN from 10.0.0.0/8 to any label "block private networks from wan block 10/8" block in log quick on $WAN from 127.0.0.0/8 to any label "block private networks from wan block 127/8" block in log quick on $WAN from 172.16.0.0/12 to any label "block private networks from wan block 172.16/12" block in log quick on $WAN from 192.168.0.0/16 to any label "block private networks from wan block 192.168/16" # allow our DHCP client out to the WAN anchor "wandhcp" pass in on $WAN proto udp from any port = 67 to any port = 68 label "allow dhcp client out WAN" pass out on $WAN proto udp from any port = 68 to any port = 67 label "allow dhcp client out WAN" # Not installing DHCP server firewall rules for WAN which is configured for DHCP. antispoof for le0 # allow access to DHCP server on LAN anchor "dhcpserverLAN" pass in on $LAN proto udp from any port = 68 to 255.255.255.255 port = 67 label "allow access to DHCP server" pass in on $LAN proto udp from any port = 68 to 192.168.1.1 port = 67 label "allow access to DHCP server" pass out on $LAN proto udp from 192.168.1.1 port = 67 to any port = 68 label "allow access to DHCP server" antispoof for le2 # allow access to DHCP server on OPT1 anchor "dhcpserverOPT1" pass in on $OPT1 proto udp from any port = 68 to 255.255.255.255 port = 67 label "allow access to DHCP server" pass in on $OPT1 proto udp from any port = 68 to 192.168.2.1 port = 67 label "allow access to DHCP server" pass out on $OPT1 proto udp from 192.168.2.1 port = 67 to any port = 68 label "allow access to DHCP server" anchor "spoofing" # loopback anchor "loopback" pass in on $loopback all label "pass loopback" pass out on $loopback all label "pass loopback" anchor "firewallout" # let out anything from the firewall host itself and decrypted IPsec traffic pass out all keep state label "let out anything from firewall host itself" # make sure the user cannot lock himself out of the webConfigurator or SSH anchor "anti-lockout" pass in quick on le0 from any to (le0) keep state label "anti-lockout rule" # NAT Reflection rules # package manager late specific hook anchor "packagelate" anchor "ftp-proxy/*" # enable ftp-proxy pass in quick inet proto tcp tagged PFFTPPROXY flags S/SA keep state label "FTP PROXY: Allow traffic to localhost" # User-defined aliases follow # User-defined rules follow pass in quick on $OPT1 from 192.168.2.0/24 to any keep state label "USER_RULE" pass in quick on $LAN from 192.168.1.0/24 to any keep state label "USER_RULE: Default allow LAN to any rule" # VPN Rules anchor "limitingesr" # IMSpector anchor "imspector" # uPnPd anchor "miniupnpd"</bogons></bogons></virusprot></virusprot></sshlockout></snort2c></snort2c></snort2c></sshlockout>ipfw show
$ ipfw show 00030 29 2168 skipto 50000 ip from any to any in via le1 keep-state 00030 223 100620 skipto 50000 ip from any to any in via le0 keep-state 00500 0 0 allow pfsync from any to any 00500 0 0 allow carp from any to any 01000 6 6691 skipto 50000 ip from any to any not layer2 not via le2 01001 6 5219 allow ip from any to any layer2 not via le2 01100 0 0 allow ip from any to any layer2 mac-type 0x0806 01100 0 0 allow ip from any to any layer2 mac-type 0x888e 01100 0 0 allow ip from any to any layer2 mac-type 0x88c7 01100 0 0 allow ip from any to any layer2 mac-type 0x8863 01100 0 0 allow ip from any to any layer2 mac-type 0x8864 01100 0 0 allow ip from any to any layer2 mac-type 0x8863 01100 0 0 allow ip from any to any layer2 mac-type 0x8864 01100 0 0 allow ip from any to any layer2 mac-type 0x888e 01101 0 0 deny ip from any to any layer2 not mac-type 0x0800 01102 59 10760 skipto 20000 ip from any to any layer2 01200 0 0 allow udp from any 68 to 255.255.255.255 dst-port 67 in 01201 0 0 allow udp from any 68 to 192.168.2.1 dst-port 67 in 01202 0 0 allow udp from 192.168.2.1 67 to any dst-port 68 out 01203 0 0 allow icmp from 192.168.2.1 to any out icmptypes 8 01204 0 0 allow icmp from any to 192.168.2.1 in icmptypes 0 01300 0 0 allow udp from any to 192.168.2.1 dst-port 53 in 01300 0 0 allow udp from any to 192.168.1.1 dst-port 53 in 01301 0 0 allow udp from 192.168.2.1 53 to any out 01301 0 0 allow udp from 192.168.1.1 53 to any out 01302 0 0 allow tcp from any to 192.168.2.1 dst-port 8000 in 01302 0 0 allow tcp from any to 192.168.1.1 dst-port 8000 in 01303 0 0 allow tcp from 192.168.2.1 8000 to any out 01303 0 0 allow tcp from 192.168.1.1 8000 to any out 19902 3 120 fwd 127.0.0.1,8000 tcp from any to any dst-port 80 in 19903 0 0 allow tcp from any 80 to any out 19904 56 10640 deny ip from any to any 29900 59 10760 allow ip from any to any layer2 65535 12068 3677163 allow ip from any to any -
I am also having the same problem, internet connection fine till i activate captive portal, then no access to internet/portal or pf web admin. Setting a mac id bypass does however still work.
ipfw show
00030 670 86456 skipto 50000 ip from any to any in via rl0 keep-state 00030 0 0 skipto 50000 ip from any to any in via ste0 keep-state 00030 817 279272 skipto 50000 ip from any to any in via ste1 keep-state 00050 6 240 skipto 29900 ip from any to any MAC 00:1b:63:c4:a6:9a any keep-state 00050 990 377008 skipto 29900 ip from any to any MAC any 00:1b:63:c4:a6:9a keep-state 00500 0 0 allow pfsync from any to any 00500 0 0 allow carp from any to any 01000 7 484 skipto 50000 ip from any to any not layer2 not via xl0 01001 56 6040 allow ip from any to any layer2 not via xl0 01100 0 0 allow ip from any to any layer2 mac-type 0x0806 01100 0 0 allow ip from any to any layer2 mac-type 0x888e 01100 0 0 allow ip from any to any layer2 mac-type 0x88c7 01100 0 0 allow ip from any to any layer2 mac-type 0x8863 01100 0 0 allow ip from any to any layer2 mac-type 0x8864 01100 0 0 allow ip from any to any layer2 mac-type 0x8863 01100 0 0 allow ip from any to any layer2 mac-type 0x8864 01100 0 0 allow ip from any to any layer2 mac-type 0x888e 01101 0 0 deny ip from any to any layer2 not mac-type 0x0800 01102 0 0 skipto 20000 ip from any to any layer2 01200 0 0 allow udp from any 68 to 255.255.255.255 dst-port 67 in 01201 0 0 allow udp from any 68 to 192.168.20.254 dst-port 67 in 01202 0 0 allow udp from 192.168.20.254 67 to any dst-port 68 out 01203 0 0 allow icmp from 192.168.20.254 to any out icmptypes 8 01204 0 0 allow icmp from any to 192.168.20.254 in icmptypes 0 01300 0 0 allow udp from any to 192.168.20.254 dst-port 53 in 01300 0 0 allow udp from any to 192.168.10.254 dst-port 53 in 01301 0 0 allow udp from 192.168.20.254 53 to any out 01301 0 0 allow udp from 192.168.10.254 53 to any out 01302 0 0 allow tcp from any to 192.168.20.254 dst-port 8000 in 01302 0 0 allow tcp from any to 192.168.10.254 dst-port 8000 in 01303 0 0 allow tcp from 192.168.20.254 8000 to any out 01303 0 0 allow tcp from 192.168.10.254 8000 to any out 19902 0 0 fwd 127.0.0.1,8000 tcp from any to any dst-port 80 in 19903 2 80 allow tcp from any 80 to any out 19904 14 21000 deny ip from any to any 29900 499 188664 allow ip from any to any layer2 65535 61827 29950816 allow ip from any to anyRules.Debug
#System aliases loopback = "{ lo0 }" WAN1 = "{ rl0 }" LAN = "{ ste0 }" WAN2 = "{ ste1 }" WIRELESS = "{ xl0 }" # User Aliases set loginterface rl0 set loginterface ste0 set loginterface ste1 set loginterface xl0 set optimization normal set limit states 19000 scrub in on $WAN1 all fragment reassemble scrub in on $LAN all fragment reassemble scrub in on $WAN2 all fragment reassemble scrub in on $WIRELESS all fragment reassemble altq on rl0 hfsc bandwidth 4424Kb queue { qInternet } queue qInternet on rl0 bandwidth 4424Kb hfsc ( ecn , linkshare (4424Kb, 100, 4424Kb) , upperlimit 4424Kb ) { qACK, qDefault, qP2P, qOthersHigh, qOthersLow } queue qACK on rl0 bandwidth 20% priority 6 hfsc ( ecn , linkshare (0b, 100, 20%) ) queue qDefault on rl0 bandwidth 10% priority 3 hfsc ( ecn , default ) queue qP2P on rl0 bandwidth 5% priority 1 hfsc ( ecn , linkshare (5%, 300, 5%) , upperlimit 5% ) queue qOthersHigh on rl0 bandwidth 10% priority 4 hfsc ( ecn , linkshare (0b, 200, 10%) ) queue qOthersLow on rl0 bandwidth 5% priority 2 hfsc ( ecn , linkshare (5%, 500, 5%) ) altq on xl0 hfsc bandwidth 1445Kb queue { qInternet } queue qInternet on xl0 bandwidth 1445Kb hfsc ( ecn , linkshare (1445Kb, 100, 1445Kb) , upperlimit 1445Kb ) { qACK, qDefault, qP2P, qOthersHigh, qOthersLow } queue qACK on xl0 bandwidth 20% priority 6 hfsc ( ecn , linkshare (0b, 100, 20%) ) queue qDefault on xl0 bandwidth 10% priority 3 hfsc ( ecn , default ) queue qP2P on xl0 bandwidth 5% priority 1 hfsc ( ecn , linkshare (5%, 300, 5%) , upperlimit 5% ) queue qOthersHigh on xl0 bandwidth 10% priority 4 hfsc ( ecn , linkshare (0b, 200, 10%) ) queue qOthersLow on xl0 bandwidth 5% priority 2 hfsc ( ecn , linkshare (5%, 500, 5%) ) altq on ste0 hfsc bandwidth 1142Kb queue { qInternet } queue qInternet on ste0 bandwidth 1142Kb hfsc ( ecn , linkshare (1142Kb, 100, 1142Kb) , upperlimit 1142Kb ) { qACK, qDefault, qP2P, qOthersHigh, qOthersLow } queue qACK on ste0 bandwidth 20% priority 6 hfsc ( ecn , linkshare (0b, 100, 20%) ) queue qDefault on ste0 bandwidth 10% priority 3 hfsc ( ecn , default ) queue qP2P on ste0 bandwidth 5% priority 1 hfsc ( ecn , linkshare (5%, 300, 5%) , upperlimit 5% ) queue qOthersHigh on ste0 bandwidth 10% priority 4 hfsc ( ecn , linkshare (0b, 200, 10%) ) queue qOthersLow on ste0 bandwidth 5% priority 2 hfsc ( ecn , linkshare (5%, 500, 5%) ) altq on ste1 hfsc bandwidth 1142Kb queue { qInternet } queue qInternet on ste1 bandwidth 1142Kb hfsc ( ecn , linkshare (1142Kb, 100, 1142Kb) , upperlimit 1142Kb ) { qACK, qDefault, qP2P, qOthersHigh, qOthersLow } queue qACK on ste1 bandwidth 20% priority 6 hfsc ( ecn , linkshare (0b, 100, 20%) ) queue qDefault on ste1 bandwidth 10% priority 3 hfsc ( ecn , default ) queue qP2P on ste1 bandwidth 5% priority 1 hfsc ( ecn , linkshare (5%, 300, 5%) , upperlimit 5% ) queue qOthersHigh on ste1 bandwidth 10% priority 4 hfsc ( ecn , linkshare (0b, 200, 10%) ) queue qOthersLow on ste1 bandwidth 5% priority 2 hfsc ( ecn , linkshare (5%, 500, 5%) ) nat-anchor "ftp-proxy/*" nat-anchor "natearly/*" nat-anchor "natrules/*" # Outbound NAT rules # Subnets to NAT tonatsubnets = "{ 192.168.10.0/24 192.168.20.0/24 }" no nat on $WAN1 to port tftp nat on $WAN1 from $tonatsubnets port 500 to any port 500 -> 192.168.0.58/32 port 500 nat on $WAN1 from $tonatsubnets port 4500 to any port 4500 -> 192.168.0.58/32 port 4500 nat on $WAN1 from $tonatsubnets port 5060 to any port 5060 -> 192.168.0.58/32 port 5060 nat on $WAN1 from $tonatsubnets to any -> 192.168.0.58/32 no nat on $WAN2 to port tftp nat on $WAN2 from $tonatsubnets port 500 to any port 500 -> 192.168.1.2/32 port 500 nat on $WAN2 from $tonatsubnets port 4500 to any port 4500 -> 192.168.1.2/32 port 4500 nat on $WAN2 from $tonatsubnets port 5060 to any port 5060 -> 192.168.1.2/32 port 5060 nat on $WAN2 from $tonatsubnets to any -> 192.168.1.2/32 #SSH Lockout Table table <sshlockout>persist # Load balancing anchor rdr-anchor "relayd/*" # FTP proxy rdr-anchor "ftp-proxy/*" rdr-anchor "tftp-proxy/*" rdr on ste0 proto tcp from any to any port 21 tag PFFTPPROXY -> 127.0.0.1 port 8022 rdr on ste0 proto udp from any to any port tftp tag PFFTPPROXY -> 127.0.0.1 port 6969 rdr on xl0 proto tcp from any to any port 21 tag PFFTPPROXY -> 127.0.0.1 port 8024 rdr on xl0 proto udp from any to any port tftp tag PFFTPPROXY -> 127.0.0.1 port 6969 # IMSpector rdr anchor rdr-anchor "imspector" # UPnPd rdr anchor rdr-anchor "miniupnpd" anchor "ftpsesame/*" anchor "relayd/*" anchor "firewallrules" #--------------------------------------------------------------------------- # default deny rules #--------------------------------------------------------------------------- block in log all label "Default deny rule" block out log all label "Default deny rule" # We use the mighty pf, we cannot be fooled. block quick proto { tcp, udp } from any port = 0 to any block quick proto { tcp, udp } from any to any port = 0 # snort2c table <snort2c>persist block quick from <snort2c>to any label "Block snort2c hosts" block quick from any to <snort2c>label "Block snort2c hosts" # package manager early specific hook anchor "packageearly" # carp anchor "carp" # SSH lockout block in log quick proto tcp from <sshlockout>to any port 22 label "sshlockout" table <virusprot>block in quick from <virusprot>to any label "virusprot overload table" antispoof for rl0 # allow our DHCP client out to the WAN1 anchor "wandhcp" pass in on $WAN1 proto udp from any port = 67 to any port = 68 label "allow dhcp client out WAN1" pass out on $WAN1 proto udp from any port = 68 to any port = 67 label "allow dhcp client out WAN1" # Not installing DHCP server firewall rules for WAN1 which is configured for DHCP. antispoof for ste0 # allow access to DHCP server on LAN anchor "dhcpserverLAN" pass in on $LAN proto udp from any port = 68 to 255.255.255.255 port = 67 label "allow access to DHCP server" pass in on $LAN proto udp from any port = 68 to 192.168.10.254 port = 67 label "allow access to DHCP server" pass out on $LAN proto udp from 192.168.10.254 port = 67 to any port = 68 label "allow access to DHCP server" antispoof for ste1 # allow our DHCP client out to the WAN2 anchor "opt1dhcp" pass in on $WAN2 proto udp from any port = 67 to any port = 68 label "allow dhcp client out WAN2" pass out on $WAN2 proto udp from any port = 68 to any port = 67 label "allow dhcp client out WAN2" # Not installing DHCP server firewall rules for WAN2 which is configured for DHCP. antispoof for xl0 # allow access to DHCP server on WIRELESS anchor "dhcpserverWIRELESS" pass in on $WIRELESS proto udp from any port = 68 to 255.255.255.255 port = 67 label "allow access to DHCP server" pass in on $WIRELESS proto udp from any port = 68 to 192.168.20.254 port = 67 label "allow access to DHCP server" pass out on $WIRELESS proto udp from 192.168.20.254 port = 67 to any port = 68 label "allow access to DHCP server" anchor "spoofing" # loopback anchor "loopback" pass in on $loopback all label "pass loopback" pass out on $loopback all label "pass loopback" anchor "firewallout" # let out anything from the firewall host itself and decrypted IPsec traffic pass out all keep state label "let out anything from firewall host itself" # make sure the user cannot lock himself out of the webConfigurator or SSH anchor "anti-lockout" pass in quick on ste0 from any to (ste0) keep state label "anti-lockout rule" # NAT Reflection rules # package manager late specific hook anchor "packagelate" anchor "ftp-proxy/*" # enable ftp-proxy pass in quick inet proto tcp tagged PFFTPPROXY flags S/SA keep state label "FTP PROXY: Allow traffic to localhost" # User-defined aliases follow # User-defined rules follow pass out proto tcp from any to any port = 7668 label "USER_RULE: m_P2P Aimster outbound" pass out proto tcp from any to any port 6880 >< 7000 label "USER_RULE: m_P2P BitTorrent outbound" pass out proto udp from any to any port 6880 >< 7000 label "USER_RULE: m_P2P BitTorrent outbound" pass out proto tcp from any to any port = 7788 label "USER_RULE: m_P2P BuddyShare outbound" pass out proto tcp from any to any port = 2340 label "USER_RULE: m_P2P CuteMX outbound" pass out proto tcp from any to any port 6665 >< 6669 label "USER_RULE: m_P2P dcc outbound" pass out proto tcp from any to any port = 412 label "USER_RULE: m_P2P DirectConnect outbound" pass out proto tcp from any to any port 1043 >< 1046 label "USER_RULE: m_P2P DirectFileExpress outbound" pass out proto tcp from any to any port 4660 >< 4666 label "USER_RULE: m_P2P EDonkey2000 outbound" pass out proto tcp from any to any port = 6346 label "USER_RULE: m_P2P Gnutella-TCP outbound" pass out proto udp from any to any port = 6346 label "USER_RULE: m_P2P Gnutella-UDP outbound" pass out proto tcp from any to any port 8037 >< 8040 label "USER_RULE: m_P2P grouper outbound" pass out proto tcp from any to any port 28863 >< 28866 label "USER_RULE: m_P2P hotComm outbound" pass out proto tcp from any to any port 5499 >< 5504 label "USER_RULE: m_P2P HotlineConnect outbound" pass out proto tcp from any to any port = 4329 label "USER_RULE: m_P2P iMesh outbound" pass out proto tcp from any to any port 6698 >< 6702 label "USER_RULE: m_P2P Napster outbound" pass out proto tcp from any to any port 8887 >< 8890 label "USER_RULE: m_P2P OpenNap outbound" pass out proto tcp from any to any port = 8311 label "USER_RULE: m_P2P Scour outbound" pass out proto tcp from any to any port = 6346 label "USER_RULE: m_P2P Shareaza outbound" pass out proto tcp from any to any port = 5190 label "USER_RULE: m_P2P SongSpy outbound" pass out proto tcp from any to any port = 6699 label "USER_RULE: m_P2P WinMX outbound" pass out proto tcp from any to any port = 3389 label "USER_RULE: m_Other MSRDP outbound" pass out proto tcp from any to any port = 3283 label "USER_RULE: m_Other AppleRemoteDesktop1 outbound" pass out proto tcp from any to any port = 5900 label "USER_RULE: m_Other AppleRemoteDesktop2 outbound" pass out proto udp from any to any port = 3283 label "USER_RULE: m_Other AppleRemoteDesktop3 outbound" pass out proto udp from any to any port = 5900 label "USER_RULE: m_Other AppleRemoteDesktop4 outbound" pass out proto tcp from any to any port = 1723 label "USER_RULE: m_Other PPTP outbound" pass out proto gre from any to any label "USER_RULE: m_Other PPTPGRE outbound" pass out proto tcp from any to any port = 554 label "USER_RULE: m_Other RTSP1 outbound" pass out proto tcp from any to any port = 80 label "USER_RULE: m_Other HTTP outbound" pass out proto tcp from any to any port = 443 label "USER_RULE: m_Other HTTPS outbound" pass out proto tcp from any to any port = 25 label "USER_RULE: m_Other SMTP outbound" pass out proto tcp from any to any port = 53 label "USER_RULE: m_Other DNS1 outbound" pass out proto udp from any to any port = 53 label "USER_RULE: m_Other DNS2 outbound" pass in quick on $WIRELESS route-to { ( rl0 192.168.0.169 ) , ( ste1 192.168.1.254 ) } round-robin from 192.168.20.0/24 to { ! 192.168.20.254 } keep state label "USER_RULE" pass in quick on $WIRELESS from 192.168.20.0/24 to any keep state label "USER_RULE" pass in quick on $LAN route-to { ( rl0 192.168.0.169 ) , ( ste1 192.168.1.254 ) } round-robin from 192.168.10.0/24 to { ! 192.168.10.254 } keep state label "USER_RULE" pass in quick on $LAN from 192.168.10.0/24 to any keep state label "USER_RULE: Default allow LAN to any rule" # VPN Rules anchor "limitingesr" # IMSpector anchor "imspector" # uPnPd anchor "miniupnpd"</virusprot></virusprot></sshlockout></snort2c></snort2c></snort2c></sshlockout>Thanks
Gareth
-
Its fixed now grab the next snapshot.
If anybody of you that have multiwan too can confirm that CP works on multiwan too?! -
cheers Ermal,
I do indeed have have a multi wan setup, so when i am back in the office i will give it a try.
Cheers
Gareth
-
Yes it appears to be working, though i have been unable to check multi-lan as i am having some issues with static ip's/gateways at the moment :(
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.