Captive portal issue pass-trough MAC [Solved]
-
Im having troubles with captive portal. Im using Alix board 2.0-RC1 (i386) built on Tue Mar 15 09:27:54 EDT 2011
If i add somebody in passtrough-mac it blocks a random client in the mac list.
For example:
ADD MAC A
ADD MAC B
(Now MAC A blocked without reason)
ADD MAC C
(MAC A allowed without reason again)I dont know if there have been a update of this problem from Mar 15, because its an alix i upgrade every two weeks or more.
-
Can you do ipfw show from diagnostic->exec command
for before and after you do an operation that causes the mac to be blocked? -
Hi, ermal.
This is before change:
[2.0-RC1][root@quinimari.compuven.local]/root(2): ipfw show 00002 0 0 pipe 20003 ip from any to any MAC 00:02:2d:b3:21:26 any 00003 0 0 pipe 20002 ip from any to any MAC any 00:02:2d:b3:21:26 00004 0 0 allow ip from any to any MAC 00:02:6f:6f:57:7f any 00005 0 0 allow ip from any to any MAC any 00:02:6f:6f:57:7f 00005 721 120439 allow ip from any to any MAC 00:02:a5:7c:4f:96 any 00009 0 0 allow ip from any to any MAC any 00:1d:92:f5:8b:37 00009 0 0 allow ip from any to any MAC 00:1e:ec:2d:2e:04 any 00010 0 0 allow ip from any to any MAC any 00:1e:ec:2d:2e:04 00010 0 0 allow ip from any to any MAC 00:1f:3c:4b:50:97 any 00011 0 0 allow ip from any to any MAC any 00:1f:3c:4b:50:97 00011 4 466 allow ip from any to any MAC 00:22:6b:8c:95:56 any 00012 8 1244 allow ip from any to any MAC any 00:22:6b:8c:95:56 00012 0 0 allow ip from any to any MAC 00:22:fb:6d:bd:be any 00013 0 0 allow ip from any to any MAC any 00:22:fb:6d:bd:be 00013 0 0 allow ip from any to any MAC 00:23:cd:f8:95:a6 any 00014 0 0 allow ip from any to any MAC any 00:23:cd:f8:95:a6 00014 15 6393 allow ip from any to any MAC 00:23:cd:f8:97:cd any 00015 21 2346 allow ip from any to any MAC any 00:23:cd:f8:97:cd 00015 0 0 allow ip from any to any MAC 00:23:cd:f8:9a:7a any 00016 0 0 allow ip from any to any MAC any 00:23:cd:f8:9a:7a 00016 2893 2734843 allow ip from any to any MAC 00:25:86:cf:05:aa any 00017 2853 582619 allow ip from any to any MAC any 00:25:86:cf:05:aa 00017 19 4978 allow ip from any to any MAC 00:27:11:00:1c:6b any 00018 35 6466 allow ip from any to any MAC any 00:27:11:00:1c:6b 00018 0 0 allow ip from any to any MAC 00:27:11:00:1b:55 any 00019 0 0 allow ip from any to any MAC any 00:27:11:00:1b:55 00019 6055 7586193 allow ip from any to any MAC 00:27:11:00:1c:69 any 00020 6889 641678 allow ip from any to any MAC any 00:27:11:00:1c:69 00020 16 4491 allow ip from any to any MAC 00:27:11:00:1c:6a any 00021 2245 112296 allow ip from any to any MAC any 00:27:11:00:1c:6a 00021 94 3884 allow ip from any to any MAC 00:27:11:00:1c:a4 any 00022 2195 111142 allow ip from any to any MAC any 00:27:11:00:1c:a4 00022 0 0 allow ip from any to any MAC 00:27:11:00:1c:a5 any 00023 0 0 allow ip from any to any MAC any 00:27:11:00:1c:a5 00023 31192 41939244 allow ip from any to any MAC 00:27:11:00:1d:6a any 00024 23327 2496817 allow ip from any to any MAC any 00:27:11:00:1d:6a 00024 0 0 allow ip from any to any MAC 00:27:11:00:21:2b any 00025 0 0 allow ip from any to any MAC any 00:27:11:00:21:2b 00025 52 16160 allow ip from any to any MAC 00:27:11:00:22:8a any 00026 74 14634 allow ip from any to any MAC any 00:27:11:00:22:8a 00026 0 0 allow ip from any to any MAC 00:27:11:00:22:8e any 00027 0 0 allow ip from any to any MAC any 00:27:11:00:22:8e 00027 19155 6043827 allow ip from any to any MAC 00:27:11:00:22:ff any 00028 20059 2334768 allow ip from any to any MAC any 00:27:11:00:22:ff 00028 0 0 allow ip from any to any MAC 00:e0:4d:8f:6a:d7 any 00029 0 0 allow ip from any to any MAC any 00:e0:4d:8f:6a:d7 00030 3312 2174315 allow ip from any to any MAC 00:1b:b9:a2:f7:9f any 00031 3985 704163 allow ip from any to any MAC any 00:1b:b9:a2:f7:9f 00031 24308 15279159 allow ip from any to any MAC 00:1a:70:75:e7:e5 any 00032 21267 2064256 allow ip from any to any MAC any 00:1a:70:75:e7:e5 65291 0 0 allow pfsync from any to any 65292 0 0 allow carp from any to any 65301 214 8998 allow ip from any to any layer2 mac-type 0x0806 65302 0 0 allow ip from any to any layer2 mac-type 0x888e 65303 0 0 allow ip from any to any layer2 mac-type 0x88c7 65304 0 0 allow ip from any to any layer2 mac-type 0x8863 65305 0 0 allow ip from any to any layer2 mac-type 0x8864 65306 0 0 allow ip from any to any layer2 mac-type 0x888e 65307 1218 59924 deny ip from any to any layer2 not mac-type 0x0800 65310 2093 209686 allow ip from any to { 255.255.255.255 or 172.16.0.1 } in 65311 1182 546578 allow ip from { 255.255.255.255 or 172.16.0.1 } to any out 65312 0 0 allow icmp from { 255.255.255.255 or 172.16.0.1 } to any out icmptypes 0 65313 0 0 allow icmp from any to { 255.255.255.255 or 172.16.0.1 } in icmptypes 8 65314 0 0 allow ip from table(3) to any in 65315 0 0 allow ip from any to table(4) out 65316 0 0 pipe tablearg ip from table(5) to any in 65317 0 0 pipe tablearg ip from any to table(6) out 65318 22 1341 allow ip from any to table(7) in 65319 29 37722 allow ip from table(8) to any out 65320 0 0 pipe tablearg ip from any to table(9) in 65321 0 0 pipe tablearg ip from table(10) to any out 65322 0 0 allow ip from table(1) to any in 65323 0 0 allow ip from any to table(2) out 65531 4915 467735 fwd 127.0.0.1,8000 tcp from any to any in 65532 4198 489776 allow tcp from any to any out 65533 1254 147478 deny ip from any to any 65534 0 0 allow ip from any to any layer2 65535 537 342462 allow ip from any to any
After change
[2.0-RC1][root@quinimari.compuven.local]/root(2): ipfw show 00002 0 0 pipe 20003 ip from any to any MAC 00:02:2d:b3:21:26 any 00003 0 0 pipe 20002 ip from any to any MAC any 00:02:2d:b3:21:26 00004 0 0 allow ip from any to any MAC 00:02:6f:6f:57:7f any 00009 0 0 allow ip from any to any MAC any 00:1d:92:f5:8b:37 00009 0 0 allow ip from any to any MAC 00:1e:ec:2d:2e:04 any 00010 0 0 allow ip from any to any MAC any 00:1e:ec:2d:2e:04 00010 0 0 allow ip from any to any MAC 00:1f:3c:4b:50:97 any 00011 0 0 allow ip from any to any MAC any 00:1f:3c:4b:50:97 00011 4 466 allow ip from any to any MAC 00:22:6b:8c:95:56 any 00012 8 1244 allow ip from any to any MAC any 00:22:6b:8c:95:56 00012 0 0 allow ip from any to any MAC 00:22:fb:6d:bd:be any 00013 0 0 allow ip from any to any MAC any 00:22:fb:6d:bd:be 00013 0 0 allow ip from any to any MAC 00:23:cd:f8:95:a6 any 00014 0 0 allow ip from any to any MAC any 00:23:cd:f8:95:a6 00014 15 6393 allow ip from any to any MAC 00:23:cd:f8:97:cd any 00015 21 2346 allow ip from any to any MAC any 00:23:cd:f8:97:cd 00015 0 0 allow ip from any to any MAC 00:23:cd:f8:9a:7a any 00016 0 0 allow ip from any to any MAC any 00:23:cd:f8:9a:7a 00016 3001 2814715 allow ip from any to any MAC 00:25:86:cf:05:aa any 00017 2965 597573 allow ip from any to any MAC any 00:25:86:cf:05:aa 00017 29 9372 allow ip from any to any MAC 00:27:11:00:1c:6b any 00018 45 8185 allow ip from any to any MAC any 00:27:11:00:1c:6b 00018 0 0 allow ip from any to any MAC 00:27:11:00:1b:55 any 00019 0 0 allow ip from any to any MAC any 00:27:11:00:1b:55 00019 10036 13523831 allow ip from any to any MAC 00:27:11:00:1c:69 any 00020 9660 788823 allow ip from any to any MAC any 00:27:11:00:1c:69 00020 16 4491 allow ip from any to any MAC 00:27:11:00:1c:6a any 00021 2485 124240 allow ip from any to any MAC any 00:27:11:00:1c:6a 00021 102 4584 allow ip from any to any MAC 00:27:11:00:1c:a4 any 00022 2326 118169 allow ip from any to any MAC any 00:27:11:00:1c:a4 00022 0 0 allow ip from any to any MAC 00:27:11:00:1c:a5 any 00023 0 0 allow ip from any to any MAC any 00:27:11:00:1c:a5 00023 33189 43617762 allow ip from any to any MAC 00:27:11:00:1d:6a any 00024 25209 3100102 allow ip from any to any MAC any 00:27:11:00:1d:6a 00024 0 0 allow ip from any to any MAC 00:27:11:00:21:2b any 00025 0 0 allow ip from any to any MAC any 00:27:11:00:21:2b 00025 57 16348 allow ip from any to any MAC 00:27:11:00:22:8a any 00026 81 15336 allow ip from any to any MAC any 00:27:11:00:22:8a 00026 0 0 allow ip from any to any MAC 00:27:11:00:22:8e any 00027 0 0 allow ip from any to any MAC any 00:27:11:00:22:8e 00027 22090 7727354 allow ip from any to any MAC 00:27:11:00:22:ff any 00028 22985 2807386 allow ip from any to any MAC any 00:27:11:00:22:ff 00028 0 0 allow ip from any to any MAC 00:e0:4d:8f:6a:d7 any 00029 0 0 allow ip from any to any MAC any 00:e0:4d:8f:6a:d7 00030 336 288817 allow ip from any to any MAC 00:1b:b9:a2:f7:9f any 00031 164 18952 allow ip from any to any MAC any 00:1b:b9:a2:f7:9f 00032 22938 2206787 allow ip from any to any MAC any 00:1a:70:75:e7:e5 00032 244 30920 allow ip from any to any MAC 00:02:a5:7c:4f:96 any 00033 241 18104 allow ip from any to any MAC any 00:02:a5:7c:4f:96 65291 0 0 allow pfsync from any to any 65292 0 0 allow carp from any to any 65301 222 9294 allow ip from any to any layer2 mac-type 0x0806 65302 0 0 allow ip from any to any layer2 mac-type 0x888e 65303 0 0 allow ip from any to any layer2 mac-type 0x88c7 65304 0 0 allow ip from any to any layer2 mac-type 0x8863 65305 0 0 allow ip from any to any layer2 mac-type 0x8864 65306 0 0 allow ip from any to any layer2 mac-type 0x888e 65307 1361 69286 deny ip from any to any layer2 not mac-type 0x0800 65310 2750 273520 allow ip from any to { 255.255.255.255 or 172.16.0.1 } in 65311 1933 834726 allow ip from { 255.255.255.255 or 172.16.0.1 } to any out 65312 0 0 allow icmp from { 255.255.255.255 or 172.16.0.1 } to any out icmptypes 0 65313 0 0 allow icmp from any to { 255.255.255.255 or 172.16.0.1 } in icmptypes 8 65314 0 0 allow ip from table(3) to any in 65315 0 0 allow ip from any to table(4) out 65316 0 0 pipe tablearg ip from table(5) to any in 65317 0 0 pipe tablearg ip from any to table(6) out 65318 155 39459 allow ip from any to table(7) in 65319 142 96309 allow ip from table(8) to any out 65320 0 0 pipe tablearg ip from any to table(9) in 65321 0 0 pipe tablearg ip from table(10) to any out 65322 0 0 allow ip from table(1) to any in 65323 0 0 allow ip from any to table(2) out 65531 7967 751120 fwd 127.0.0.1,8000 tcp from any to any in 65532 7913 961347 allow tcp from any to any out 65533 1485 171639 deny ip from any to any 65534 0 0 allow ip from any to any layer2 65535 537 342462 allow ip from any to any
Note: the MAC: 00:02:a5:7c:4f:96
Have the problem that even in the passtrough list, the captive portal does not allow browse.When i remove and added again it works but another its blocked.
In 1st only see the mac with this rule: 00005 721 120439 allow ip from any to any MAC 00:02:a5:7c:4f:96 any
In the second ipfw show there is two 00032 244 30920 allow ip from any to any MAC 00:02:a5:7c:4f:96 any 00033 241 18104 allow ip from any to any MAC any 00:02:a5:7c:4f:96
Looks to be a problem with the IN OUT rules? really i don't have so much idea about it
In the captive portal config i dont have nothing special, only local database (without users added), enabled on LAN and without timeouts
Edit
More info:
deleted and added again the mac with the problem, but now the mac 00:02:2d:b3:21:26 is not in list, but in the captive portal tab is there added.Errors in the syslog:
Mar 22 17:40:55 check_reload_status: syncing firewall Mar 22 17:40:54 php: /services_captiveportal_mac.php: The command '/sbin/ipfw delete 4; /sbin/ipfw delete 5' returned exit code '69', the output was 'ipfw: rule 5: setsockopt(IP_FW_DEL): Invalid argument' Mar 22 17:08:31 check_reload_status: syncing firewall Mar 22 17:07:36 php: /services_captiveportal_mac_edit.php: The command '/sbin/ipfw -q /tmp/tmpmacedit2' returned exit code '69', the output was 'Line 2: rule 6: setsockopt(IP_FW_DEL): Invalid argument'
-
Update to:
Version 2.0-RC1 (i386)
built on Wed Mar 23 01:24:24 EDT 2011Same problem :-[
-
Try this https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/2279a5878279289f4d120e49e4b96a754f0a03bb
-
Done, i change the line and reboot to give a try.
what means this? "Try to not stomp rule to each other."Don't add so much rules?
-
It means that rules should not override each other like 'foot stepping each other'.
Waiting for the results.
-
@ermal:
It means that rules should not override each other like 'foot stepping each other'.
Waiting for the results.
Until now with some added deleted edited and limited MACs. without problems :D
Thanks[2.0-RC1][root@quinimari.compuven.local]/root(1): ipfw show 00002 0 0 pipe 20003 ip from any to any MAC 00:02:2d:b3:21:26 any 00003 0 0 pipe 20002 ip from any to any MAC any 00:02:2d:b3:21:26 00004 0 0 allow ip from any to any MAC any 00:02:6f:6f:57:7f 00004 51977 7161831 allow ip from any to any MAC 00:02:a5:7c:4f:96 any 00005 59786 8611488 allow ip from any to any MAC any 00:02:a5:7c:4f:96 00005 517842 292105249 allow ip from any to any MAC 00:1a:70:75:e7:e5 any 00006 490410 38676017 allow ip from any to any MAC any 00:1a:70:75:e7:e5 00006 0 0 allow ip from any to any MAC 00:1a:80:f2:02:ab any 00007 0 0 allow ip from any to any MAC any 00:1a:80:f2:02:ab 00007 120743 123749246 allow ip from any to any MAC 00:1b:b9:a2:f7:9f any 00008 89283 13542185 allow ip from any to any MAC any 00:1b:b9:a2:f7:9f 00008 10960 13609926 allow ip from any to any MAC 00:1d:92:f5:8b:37 any 00009 7208 938701 allow ip from any to any MAC any 00:1d:92:f5:8b:37 00009 0 0 allow ip from any to any MAC 00:1e:ec:2d:2e:04 any 00010 0 0 allow ip from any to any MAC any 00:1e:ec:2d:2e:04 00010 0 0 allow ip from any to any MAC 00:1f:3c:4b:50:97 any 00011 0 0 allow ip from any to any MAC any 00:1f:3c:4b:50:97 00011 20454 19476067 allow ip from any to any MAC 00:21:27:f1:33:26 any 00012 17522 3396144 allow ip from any to any MAC any 00:21:27:f1:33:26 00012 94997 113900837 allow ip from any to any MAC 00:22:6b:8c:95:56 any 00013 70925 8551948 allow ip from any to any MAC any 00:22:6b:8c:95:56 00013 0 0 allow ip from any to any MAC 00:22:fb:6d:bd:be any 00014 0 0 allow ip from any to any MAC any 00:22:fb:6d:bd:be 00014 49533 59557085 allow ip from any to any MAC 00:23:cd:f8:95:a6 any 00015 47353 4936692 allow ip from any to any MAC any 00:23:cd:f8:95:a6 00015 41755 51038612 allow ip from any to any MAC 00:23:cd:f8:97:cd any 00016 31249 3955573 allow ip from any to any MAC any 00:23:cd:f8:97:cd 00016 1988 2194783 allow ip from any to any MAC 00:23:cd:f8:9a:1d any 00017 1737 294107 allow ip from any to any MAC any 00:23:cd:f8:9a:1d 00017 279 123185 allow ip from any to any MAC 00:23:cd:f8:9a:7a any 00018 524 325603 allow ip from any to any MAC any 00:23:cd:f8:9a:7a 00018 0 0 allow ip from any to any MAC 00:25:86:cf:01:d1 any 00019 0 0 allow ip from any to any MAC any 00:25:86:cf:01:d1 00019 0 0 allow ip from any to any MAC 00:25:86:ce:fb:e3 any 00020 0 0 allow ip from any to any MAC any 00:25:86:ce:fb:e3 00020 0 0 allow ip from any to any MAC 00:25:86:cf:00:7b any 00021 0 0 allow ip from any to any MAC any 00:25:86:cf:00:7b 00021 114940 159257826 allow ip from any to any MAC 00:25:86:cf:05:aa any 00022 77760 6035113 allow ip from any to any MAC any 00:25:86:cf:05:aa 00022 157628 178130744 allow ip from any to any MAC 00:25:9c:14:05:e4 any 00023 155219 18717579 allow ip from any to any MAC any 00:25:9c:14:05:e4 00023 34616 36185409 allow ip from any to any MAC 00:27:11:00:1b:d7 any 00024 43762 5240806 allow ip from any to any MAC any 00:27:11:00:1b:d7 00024 9785 8688988 allow ip from any to any MAC 00:27:11:00:1c:6b any 00025 8723 1267447 allow ip from any to any MAC any 00:27:11:00:1c:6b 00025 71031 70493621 allow ip from any to any MAC 00:27:11:00:1b:55 any 00026 85295 18539086 allow ip from any to any MAC any 00:27:11:00:1b:55 00026 88291 99202415 allow ip from any to any MAC 00:27:11:00:1c:69 any 00027 106236 12353854 allow ip from any to any MAC any 00:27:11:00:1c:69 00027 46878 53463407 allow ip from any to any MAC 00:27:11:00:1c:6a any 00028 49956 6038922 allow ip from any to any MAC any 00:27:11:00:1c:6a 00028 1045 922766 allow ip from any to any MAC 00:27:11:00:1c:a4 any 00029 4205 367017 allow ip from any to any MAC any 00:27:11:00:1c:a4 00029 0 0 allow ip from any to any MAC 00:27:11:00:1c:a5 any 00030 162944 139005462 pipe 20031 ip from any to any MAC 00:27:11:00:1d:6a any 00031 143211 37302976 pipe 20030 ip from any to any MAC any 00:27:11:00:1d:6a 00032 15467 1338181 allow ip from any to any MAC any 00:27:11:00:21:2b 00032 28725 26521616 allow ip from any to any MAC 00:27:11:00:22:8a any 00033 27162 5421497 allow ip from any to any MAC any 00:27:11:00:22:8a 00033 19348 15383230 allow ip from any to any MAC 00:27:11:00:22:8e any 00034 28742 3775913 allow ip from any to any MAC any 00:27:11:00:22:8e 00034 103500 123350415 allow ip from any to any MAC 00:27:11:00:22:ff any 00035 86284 10659014 allow ip from any to any MAC any 00:27:11:00:22:ff 00035 141923 193217703 allow ip from any to any MAC 00:27:11:00:23:ac any 00036 95859 9334524 allow ip from any to any MAC any 00:27:11:00:23:ac 00036 26605 29348500 allow ip from any to any MAC 00:27:11:00:57:30 any 00037 21061 2722403 allow ip from any to any MAC any 00:27:11:00:57:30 00037 0 0 allow ip from any to any MAC 00:e0:4d:8f:6a:d7 any 00038 0 0 allow ip from any to any MAC any 00:e0:4d:8f:6a:d7 00039 0 0 allow ip from any to any MAC 00:23:cd:f8:96:fc any 00040 0 0 allow ip from any to any MAC any 00:23:cd:f8:96:fc 00040 231487 324449546 allow ip from any to any MAC 00:23:cd:f8:9a:7b any 00041 164734 11210857 allow ip from any to any MAC any 00:23:cd:f8:9a:7b
Does not look to be a missed "any"