PROBLEM with captive portal and limite
-
check latest snapshots they should be ok.
Seems the correct patches where not backported from 8.0 FreeBSD builds. -
Dear Ermal, the problem is resolved in part, here i send you more information
1. I set captive portal
2. I login by captive portal with my computer and i get internet
3. then i am going to traffic shaper –>limiter and I set limiter to my network
4. i see that there is not problem, i have internet, limiter and captive portal works at the same time.but when I work it in this order all changes LIMITER AND CAPTIVE PORTAL DOESN'T WORK AT THE SAME time(below)
1. First I set limiter in traffic shaper
2. i have limiter in my network, i have got internet and there isn't problem
3. then i want to use captive portal, i set captive portal
4. and when i want to use the internet i cannot connect to internet, i cannot see any pagePLEASE can you send me what's happend?
I appreciate your help.
Best regards
I use pfSense-Developers-2.0-ALPHA-ALPHA-20090726-0123.iso.gz -
give me the same info as before.
Just add to it kldstat output and sysctl net.inet outputOne in the case that works and one with the other case.
-
Dear Ermal here send your request information, this configuration is about this case:
1. I set captive portal
2. I login by captive portal with my computer and i get internet
3. then i am going to traffic shaper –>limiter and I set limiter to my network
4. i see that there is not problem, i have internet, limiter and captive portal works at the same time.[$ ifconfig -a_ RIGHT.txt](/public/imported_attachments/1/$ ifconfig -a_ RIGHT.txt)
[$ ipfw pipe show_ RIGHT.txt](/public/imported_attachments/1/$ ipfw pipe show_ RIGHT.txt)
[$ ipfw show_RIGHT.txt](/public/imported_attachments/1/$ ipfw show_RIGHT.txt)
[$ kldstat_ RIGHT.txt](/public/imported_attachments/1/$ kldstat_ RIGHT.txt)
[$ netstat -rn_ RIGHT.txt](/public/imported_attachments/1/$ netstat -rn_ RIGHT.txt)
[config_ RIGHT.txt](/public/imported_attachments/1/config_ RIGHT.txt)
[rules.debug_ RIGHT.txt](/public/imported_attachments/1/rules.debug_ RIGHT.txt)
[sysctl -a l grep pfil_ RIGHT.txt](/public/imported_attachments/1/sysctl -a l grep pfil_ RIGHT.txt)
[sysctl net.inet_ RIGHT.txt](/public/imported_attachments/1/sysctl net.inet_ RIGHT.txt) -
Dear Ermal here send the other configuration when all works wrong, you can see above the first configuration.
I appreciate your help, and send you a hug from Peru.
Cesar
LIMITER AND CAPTIVE PORTAL DOESN'T WORK AT THE SAME time(below)1. First I set limiter in traffic shaper
2. i have limiter in my network, i have got internet and there isn't problem
3. then i want to use captive portal, i set captive portal
4. and when i want to use the internet i cannot connect to internet, i cannot see any page[$ ifconfig -a_ WRONG.txt](/public/imported_attachments/1/$ ifconfig -a_ WRONG.txt)
[$ ipfw pipe show_ WRONG.txt](/public/imported_attachments/1/$ ipfw pipe show_ WRONG.txt)
[$ ipfw show_ WRONG.txt](/public/imported_attachments/1/$ ipfw show_ WRONG.txt)
[$ kldstat_ WRONG.txt](/public/imported_attachments/1/$ kldstat_ WRONG.txt)
[$ netstat -rn_ WRONG.txt](/public/imported_attachments/1/$ netstat -rn_ WRONG.txt)
[$ sysctl -a l grep pfil_ WRONG.txt](/public/imported_attachments/1/$ sysctl -a l grep pfil_ WRONG.txt)
[$ sysctl net.inet_ WRONG.txt](/public/imported_attachments/1/$ sysctl net.inet_ WRONG.txt)
[config_ WRONG.txt](/public/imported_attachments/1/config_ WRONG.txt)
[rules.debug_ WRONG.txt](/public/imported_attachments/1/rules.debug_ WRONG.txt) -
Ermal,
I just tested things out with the latest snapshot (7.2-RELEASE-p2 2.0-Alpha-Alpha built on Sat Jul 25 23:59:13 EDT 2009) and my first test of just limiting lan hosts worked wonderfully. The ability to limit each host individually is really exciting, and then to have the whole connection shaped with altq also seem like it will really help smooth out some traffic problems a few of my sites have been having. Thank you for taking the time to look into this.Now I'm going to test out the situation that rojocesar is having, and see if I can have the limiter and captive portal work at the same time.
Josh -
Hello,
I setup the limiter with the captive portal using the settings found on the captive portal page, and that does seem to work fine. My upload and download is working, the login page comes up. I attached an image of what I have it set at. I'm not quite understanding how that limiter is setup though. Is that limiter truly per-user, so if one user had 3 laptops, and logged in with the same credentials on each one, then the total bandwidth for those 3 laptops would be throttled as a whole? Or is per-user = per node/host? I'm not planning on using authentication, just a splash page with an EULA. Will this method of limiting work for me?When I look at the pipes that were created for the captive portal limiter they look a little different. They do not show up under the traffic shaper, limiter menu.
$ ipfw pipe show 00001: 250.000 Kbit/s 0 ms 50 sl. 1 queues (64 buckets) droptail mask: 0x00 0xffffffff/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 18 ip 192.168.206.253/0 0.0.0.0/0 8098 2969711 0 0 0 00002: 400.000 Kbit/s 0 ms 50 sl. 1 queues (64 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0xffffffff/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 44 ip 0.0.0.0/0 192.168.206.253/0 9137 10626184 0 0 0 00003: 512.000 Kbit/s 0 ms 50 sl. 0 queues (64 buckets) droptail 50501: 250.000 Kbit/s 0 ms 100 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 tcp 192.168.1.198/4627 206.183.1.139/80 14403 1539968 0 0 0 55501: 350.000 Kbit/s 0 ms 100 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 tcp 206.183.1.139/80 192.168.1.198/4627 19802 28268162 1 1500 0Pipe 1&2 are for a lan limit, 3 is for another test, and 50501 and 55501 look like they are for the captive portal. They are not masked for source or destination, so I am assuming that each user (or node/host) gets a dynamically created pipe just for them. If that is the case it is pretty sweet.
I will keep playing around with it, and try manually adding a limiter to see if I see the same problem as rojocesar.
Josh
-
Hello,
I am seeing the same problems as rojocesar. I can have the captive portal working fine. IP's given out. Splash page shown. If I add the pair of limiters to the default wireless interface rule, then all traffic stops because the client cannot get to the splash page, and no connections can be made.If I first click through the splash page, and an entry for that client is made in the captive portal db first, and then I add the pipes to the default rule. Everything works just fine. So the pipes must be interfering with the redirection to the splash page. Maybe that is why someone designed the built in limiter for the captive portal in the first place. I'm inclined to just use the built in one for now, since that works.
Josh
-
Can you try a snapshot later than this post message and see if it fixes things.
-
BTW CP has its own shaper cause you can use it with radius settings etc and you may want to do some very advanced shaping on boxes with multiple interfaces with limiter altq and CP ones.
-
I use the last snapshots from pfsense and doesn't work.. still the problem..
-
You have to wait the snapshots are not that fast.
Try a snapshot after at least 5+ hours :) -
@ermal:
BTW CP has its own shaper cause you can use it with radius settings etc and you may want to do some very advanced shaping on boxes with multiple interfaces with limiter altq and CP ones.
Ermal, do you know if the CP shaper is providing per user limits or per host? If the CP is documented somewhere could you provide a link or a hint to that documentation?
Thanks
Josh -
Its per user ip so basically its per ip.
-
I cannot download the last version of pfsense 2.0 alpha :'( how long time i have to wait? I want to use and prove captive portal with limiter :'( :'( :'( :'( :'( :'( :'( :'(
-
@ermal:
You have to wait the snapshots are not that fast.
Try a snapshot after at least 5+ hours :)Dear Ermal I wonder if the last snapshot is from July 26? or maybe i have wait a couple days :-[
-
Can i have any feedback on this?
-
I am so sorry i was travelling in place where there is not internet and i arrived yesterday and prove the last version pfsense 2.0 and see that there is a problem with limiter, doesn
t work i dont know why? anybody help me or fix this problem??? -
Provide output of commands:
ipfw show
ipfw table 3 list
ipfw table 4 list
ipfw table 1 list
ipfw table 2 list
ipfw pipe show
ifconfig
sysctl -a | grep pfil
kldstatRelated logs
-
I'm using 2.0-ALPHA-ALPHA built on Sat Aug 22 01:39:53 UTC 2009 FreeBSD 7.2-RELEASE-p3 nanobsd. The built in limiter setup with captive portal works just fine. Set it up on the captive portal page and each client is limited to that amount of bandwidth.
When I setup a set of limiters for lan and assign lan clients to it, it also works just fine.
I guess I don't see the point of assigning a set of limiters to the captive portal port since the built in one does the same thing, and works. Unless you only want certain traffic to go through the limiter. rojocesar, is that what you are trying to do?
Josh