Anyone else running a WiSP and using pfSense?
-
You could check Radius Manager (http://www.dmasoftlab.com/) but keep in mind that certain key features are NAS-specific. E.g. Radius Manager has a feature called "instant access service" that allows a user to create a Hotspot-account on the fly, after paying first. But for this feature to work, one would obviously need to add certain sites to captive portal's walled-garden, incl. wildcard domain matches for *.akamaiedge.net servers.
Check the filter by hostnam/fqdn threads to understand the issues involved. Latest pfsense2 has a daemon that resolves hostnames into IPs periodically, but I'd have to check to see if CP can be configured to allow traffic to the entire akamai's IP range (if you plan to use a payment gateway that uses it).
Thanks for this. I have actually contacted them to do a demo. They are telling me that their software works best with Mikrotik, and not so great with pfsense… not sure what to do now.. Can i somehow use both Mikrotik and pfSense?
-
Dont be too quick to try pfSense 2.0-RELEASE.. my captive portal worked perfectly before the upgrade to 2.0-RELEASE.. now i am having people bypass the CP and straight onto the net.. big bug in my opinion.
I've noticed you posting about having problems, but IIRC you were just using the MAC-passthrough feature and manually adding/removing MACs.
You'll need to provide more info about your config and ipfw settings (/tmp/ipfw.cp.rules, ipfw show, ipfw table all list), for anyone to attempt a diagnosis.
-
dhatz i am not sure what you are saying.. dont know what those ipfw commands you mention are. I have posted about this in another thread i mentioned.. but no one assisted, just someone else saying they have also got the same problem.
if i run: /tmp/ipfw.cp.rules it tells me i dont have permission (logged in as root)
ipfw table all lsit i get nothing.. it just goes to a new prompt..
ipfw show and i get:
00002 4332989 5006773709 pipe 20003 ip from any to any MAC 00:05:9e:84:e6:20 any
00003 3075455 310604103 pipe 20002 ip from any to any MAC any 00:05:9e:84:e6:20
00004 9842576 7583812500 allow ip from any to any MAC 00:0c:29:13:78:e0 any
00005 9631009 1639719585 allow ip from any to any MAC any 00:0c:29:13:78:e0
00006 0 0 allow ip from any to any MAC 00:0c:29:41:51:16 any
00007 0 0 allow ip from any to any MAC any 00:0c:29:41:51:16
00008 2667 210140 allow ip from any to any MAC 00:0c:29:a3:32:e0 any
00009 222347 10321860 allow ip from any to any MAC any 00:0c:29:a3:32:e0
00010 0 0 pipe 20011 ip from any to any MAC 00:0c:29:a4:2c:51 any
00011 0 0 pipe 20010 ip from any to any MAC any 00:0c:29:a4:2c:51
00012 16154 1302958 pipe 20013 ip from any to any MAC 00:15:6d:4e:4e:1a any
00013 25416 2561760 pipe 20012 ip from any to any MAC any 00:15:6d:4e:4e:1a
00014 0 0 allow ip from any to any MAC 00:18:8b:4b:ed:f8 any
00015 0 0 allow ip from any to any MAC any 00:18:8b:4b:ed:f8
00016 5937 820358 allow ip from any to any MAC 00:18:8b:4b:ed:fa any
00017 21567 5593215 allow ip from any to any MAC any 00:18:8b:4b:ed:fa
00018 0 0 allow ip from any to any MAC 00:1b:b9:6f:25:06 any
00019 0 0 allow ip from any to any MAC any 00:1b:b9:6f:25:06
00020 2271099 2114454968 pipe 20021 ip from any to any MAC 00:1c:26:a9:fc:f4 any
00021 1975314 471339914 pipe 20020 ip from any to any MAC any 00:1c:26:a9:fc:f4
00022 126 12583 pipe 20023 ip from any to any MAC 00:26:66:03:23:af any
00023 206 14510 pipe 20022 ip from any to any MAC any 00:26:66:03:23:af
00024 622301 524288168 pipe 20025 ip from any to any MAC 00:26:ce:0f:57:35 any
00025 459052 66340065 pipe 20024 ip from any to any MAC any 00:26:ce:0f:57:35
00026 330032 26467120 allow ip from any to any MAC 04:4f:aa:33:53:f0 any
00027 469297 274555701 allow ip from any to any MAC any 04:4f:aa:33:53:f0
00028 325160 26040717 allow ip from any to any MAC 04:4f:aa:33:5c:b0 any
00029 457004 267463375 allow ip from any to any MAC any 04:4f:aa:33:5c:b0
00030 7568554 5860475360 pipe 20031 ip from any to any MAC 08:10:74:75:7d:44 any
00031 7516046 4757064328 pipe 20030 ip from any to any MAC any 08:10:74:75:7d:44
00032 3518218 3854560400 pipe 20033 ip from any to any MAC 08:10:74:75:7f:06 any
00033 2568860 365464108 pipe 20032 ip from any to any MAC any 08:10:74:75:7f:06
00034 115475 131312084 pipe 20035 ip from any to any MAC 08:10:74:75:84:be any
00035 72804 7707477 pipe 20034 ip from any to any MAC any 08:10:74:75:84:be
00036 0 0 pipe 20037 ip from any to any MAC 08:10:74:c8:46:86 any
00037 0 0 pipe 20036 ip from any to any MAC any 08:10:74:c8:46:86
00038 1474309 1939345218 pipe 20039 ip from any to any MAC 08:10:74:75:8b:e6 any
00039 894634 72499724 pipe 20038 ip from any to any MAC any 08:10:74:75:8b:e6
00040 565946 417136068 pipe 20041 ip from any to any MAC 08:10:74:75:8f:3c any
00041 429217 75869270 pipe 20040 ip from any to any MAC any 08:10:74:75:8f:3c
00042 2985854 3239996369 pipe 20043 ip from any to any MAC 08:10:74:75:90:32 any
00043 1921277 217632925 pipe 20042 ip from any to any MAC any 08:10:74:75:90:32
00044 1288158 1706708950 pipe 20045 ip from any to any MAC 08:10:74:75:9a:9c any
00045 723971 74211447 pipe 20044 ip from any to any MAC any 08:10:74:75:9a:9c
00046 2002579 1943272834 pipe 20047 ip from any to any MAC 08:10:74:75:a5:06 any
00047 1013172 98836047 pipe 20046 ip from any to any MAC any 08:10:74:75:a5:06
00048 28290720 39669941815 pipe 20049 ip from any to any MAC 08:10:74:75:a8:80 any
00049 16095239 2111785148 pipe 20048 ip from any to any MAC any 08:10:74:75:a8:80
00050 166331 188546282 pipe 20051 ip from any to any MAC 08:10:74:75:ab:68 any
00051 103300 12669065 pipe 20050 ip from any to any MAC any 08:10:74:75:ab:68
00052 2300984 3172667786 pipe 20053 ip from any to any MAC 08:10:74:75:b1:4e any
00053 1418983 109118422 pipe 20052 ip from any to any MAC any 08:10:74:75:b1:4e
00054 5163631 6991035861 pipe 20055 ip from any to any MAC 08:10:74:75:b9:88 any
00055 3273357 266203334 pipe 20054 ip from any to any MAC any 08:10:74:75:b9:88
00056 3025463 1976128448 pipe 20057 ip from any to any MAC 08:10:74:75:bb:52 any
00057 2171779 280907648 pipe 20056 ip from any to any MAC any 08:10:74:75:bb:52
00058 459865 537204506 pipe 20059 ip from any to any MAC 08:10:74:75:a6:8c any
00059 277890 40061967 pipe 20058 ip from any to any MAC any 08:10:74:75:a6:8c
00060 0 0 pipe 20061 ip from any to any MAC 08:10:74:75:c5:d8 any
00061 0 0 pipe 20060 ip from any to any MAC any 08:10:74:75:c5:d8
00062 1873946 1953949464 pipe 20063 ip from any to any MAC 08:10:74:77:fe:7e any
00063 1636396 347991776 pipe 20062 ip from any to any MAC any 08:10:74:77:fe:7e
00064 2759491 3410703235 pipe 20065 ip from any to any MAC 08:10:74:78:08:8e any
00065 1595431 156613288 pipe 20064 ip from any to any MAC any 08:10:74:78:08:8e
00066 764212 807967272 pipe 20067 ip from any to any MAC 08:10:74:85:fd:48 any
00067 474708 64712594 pipe 20066 ip from any to any MAC any 08:10:74:85:fd:48
00068 4833764 6321102547 pipe 20069 ip from any to any MAC 08:10:74:86:02:6a any
00069 2655256 171925890 pipe 20068 ip from any to any MAC any 08:10:74:86:02:6a
00070 184133 178950476 pipe 20071 ip from any to any MAC 08:10:74:86:03:70 any
00071 128563 18067939 pipe 20070 ip from any to any MAC any 08:10:74:86:03:70
00072 2174920 348846173 pipe 20073 ip from any to any MAC 08:10:74:86:07:0e any
00073 3356930 3814734310 pipe 20072 ip from any to any MAC any 08:10:74:86:07:0e
00074 3578092 4460492829 pipe 20075 ip from any to any MAC 08:10:74:86:14:a6 any
00075 2585431 274397409 pipe 20074 ip from any to any MAC any 08:10:74:86:14:a6
00076 7462527 10502227054 pipe 20077 ip from any to any MAC 08:10:74:86:1a:22 any
00077 3952707 255584104 pipe 20076 ip from any to any MAC any 08:10:74:86:1a:22
00078 4286126 4185272568 pipe 20079 ip from any to any MAC 08:10:74:86:25:b6 any
00079 3421293 490149811 pipe 20078 ip from any to any MAC any 08:10:74:86:25:b6
00080 955203 732193600 pipe 20081 ip from any to any MAC 08:10:74:86:26:d6 any
00081 688034 139381334 pipe 20080 ip from any to any MAC any 08:10:74:86:26:d6
00082 1041003 1269900124 pipe 20083 ip from any to any MAC 08:10:74:86:29:82 any
00083 719576 70296111 pipe 20082 ip from any to any MAC any 08:10:74:86:29:82
00084 2241588 2871263310 pipe 20085 ip from any to any MAC 08:10:74:c8:c5:42 any
00085 1354726 214935886 pipe 20084 ip from any to any MAC any 08:10:74:c8:c5:42
00086 4736888 6161902089 pipe 20087 ip from any to any MAC 08:10:74:86:2e:36 any
00087 2664496 235005501 pipe 20086 ip from any to any MAC any 08:10:74:86:2e:36
00088 131322 115975933 pipe 20089 ip from any to any MAC 08:10:74:86:2f:42 any
00089 88701 16339203 pipe 20088 ip from any to any MAC any 08:10:74:86:2f:42
00090 1002356 987145289 pipe 20091 ip from any to any MAC 08:10:74:86:2f:d6 any
00091 727255 97393671 pipe 20090 ip from any to any MAC any 08:10:74:86:2f:d6
00092 1533181 1934887741 pipe 20093 ip from any to any MAC 08:10:74:86:30:5c any
00093 864980 82982534 pipe 20092 ip from any to any MAC any 08:10:74:86:30:5c
00094 0 0 pipe 20095 ip from any to any MAC 08:10:74:c8:00:00 any
00095 0 0 pipe 20094 ip from any to any MAC any 08:10:74:c8:00:00
00096 130061 168854494 pipe 20097 ip from any to any MAC 08:10:74:c8:bc:6c any
00097 73496 6046004 pipe 20096 ip from any to any MAC any 08:10:74:c8:bc:6c
00098 5137037 6155347004 pipe 20099 ip from any to any MAC 08:10:74:c8:c0:70 any
00099 2885155 558971080 pipe 20098 ip from any to any MAC any 08:10:74:c8:c0:70
00100 195441 185029323 pipe 20101 ip from any to any MAC 08:10:74:c8:c5:42 any
00101 155105 24313030 pipe 20100 ip from any to any MAC any 08:10:74:c8:c5:42
00102 13138 830143 pipe 20103 ip from any to any MAC 08:10:74:c8:c5:f4 any
00103 10808 1148591 pipe 20102 ip from any to any MAC any 08:10:74:c8:c5:f4
00104 15813 2527914 pipe 20105 ip from any to any MAC 08:10:74:c8:c9:fa any
00105 14031 1566746 pipe 20104 ip from any to any MAC any 08:10:74:c8:c9:fa
00106 1453843 1680267944 pipe 20107 ip from any to any MAC 08:10:74:c8:ce:58 any
00107 1039868 124427774 pipe 20106 ip from any to any MAC any 08:10:74:c8:ce:58
00108 478918 689777112 pipe 20109 ip from any to any MAC 08:10:74:c8:ce:68 any
00109 247947 12775142 pipe 20108 ip from any to any MAC any 08:10:74:c8:ce:68
00110 657883 555438755 pipe 20111 ip from any to any MAC 08:10:74:c8:da:b2 any
00111 452525 99963657 pipe 20110 ip from any to any MAC any 08:10:74:c8:da:b2
00112 722741 553149713 pipe 20113 ip from any to any MAC 08:10:74:c8:dc:74 any
00113 785433 203374557 pipe 20112 ip from any to any MAC any 08:10:74:c8:dc:74
00114 14722725 11822029016 pipe 20115 ip from any to any MAC 08:10:74:c8:de:94 any
00115 14176511 9000714251 pipe 20114 ip from any to any MAC any 08:10:74:c8:de:94
00116 458948 420041242 pipe 20117 ip from any to any MAC 08:10:74:c8:e0:b0 any
00117 343544 77904548 pipe 20116 ip from any to any MAC any 08:10:74:c8:e0:b0
00118 1311 411509 pipe 20119 ip from any to any MAC 08:10:74:c8:e0:e6 any
00119 886 70264 pipe 20118 ip from any to any MAC any 08:10:74:c8:e0:e6
00120 1010311 1218800362 pipe 20121 ip from any to any MAC 08:10:74:c8:e5:d0 any
00121 624559 76458597 pipe 20120 ip from any to any MAC any 08:10:74:c8:e5:d0
00122 1988198 2351126255 pipe 20123 ip from any to any MAC 08:10:74:c8:ed:f4 any
00123 1187285 118790792 pipe 20122 ip from any to any MAC any 08:10:74:c8:ed:f4
00124 14350111 20900275604 pipe 20125 ip from any to any MAC 08:10:74:c8:f0:6a any
00125 7247990 347228464 pipe 20124 ip from any to any MAC any 08:10:74:c8:f0:6a
00126 103746 109188989 pipe 20127 ip from any to any MAC 08:10:74:c8:f0:a6 any
00127 64535 6460202 pipe 20126 ip from any to any MAC any 08:10:74:c8:f0:a6
00128 1103923 1198607577 pipe 20129 ip from any to any MAC 08:10:74:c8:f3:aa any
00129 786784 106228806 pipe 20128 ip from any to any MAC any 08:10:74:c8:f3:aa
00130 910998 1175609674 pipe 20131 ip from any to any MAC 08:10:74:c8:f6:8e any
00131 520111 79062272 pipe 20130 ip from any to any MAC any 08:10:74:c8:f6:8e
00132 1026676 1001090013 pipe 20133 ip from any to any MAC 08:10:74:c8:f7:e2 any
00133 809725 176497032 pipe 20132 ip from any to any MAC any 08:10:74:c8:f7:e2
00134 4602213 5479895709 pipe 20135 ip from any to any MAC 08:10:74:c8:f8:9c any
00135 3085460 525300497 pipe 20134 ip from any to any MAC any 08:10:74:c8:f8:9c
00136 923329 1144883035 pipe 20137 ip from any to any MAC 08:10:74:c8:f8:aa any
00137 615328 46524778 pipe 20136 ip from any to any MAC any 08:10:74:c8:f8:aa
00138 568334 296974594 pipe 20139 ip from any to any MAC 08:10:74:c8:fa:14 any
00139 490189 91737144 pipe 20138 ip from any to any MAC any 08:10:74:c8:fa:14
00140 8981296 9393993251 pipe 20141 ip from any to any MAC 08:10:74:c8:fa:40 any
00141 6054045 590900973 pipe 20140 ip from any to any MAC any 08:10:74:c8:fa:40
00142 1644037 1904953778 pipe 20143 ip from any to any MAC 08:10:74:c8:fa:4c any
00143 1032831 145128109 pipe 20142 ip from any to any MAC any 08:10:74:c8:fa:4c
00144 853769 868850701 pipe 20145 ip from any to any MAC 08:10:74:c8:fa:5c any
00145 645901 93591692 pipe 20144 ip from any to any MAC any 08:10:74:c8:fa:5c
00146 4320838 4499445123 pipe 20147 ip from any to any MAC 08:10:74:c8:fd:b2 any
00147 2905435 749661585 pipe 20146 ip from any to any MAC any 08:10:74:c8:fd:b2
00148 474845 516573968 pipe 20149 ip from any to any MAC 08:10:74:c8:dd:b8 any
00149 296075 36403578 pipe 20148 ip from any to any MAC any 08:10:74:c8:dd:b8
00150 1439 393932 pipe 20151 ip from any to any MAC 08:10:74:c8:f6:ac any
00151 748 74389 pipe 20150 ip from any to any MAC any 08:10:74:c8:f6:ac
00152 7476571 6214598572 pipe 20153 ip from any to any MAC 08:10:74:c9:00:cc any
00153 5954648 2546952560 pipe 20152 ip from any to any MAC any 08:10:74:c9:00:cc
00154 3181630 4062422740 pipe 20155 ip from any to any MAC 08:10:74:c9:01:f0 any
00155 1883407 165582295 pipe 20154 ip from any to any MAC any 08:10:74:c9:01:f0
00156 49210 32270556 pipe 20157 ip from any to any MAC 08:10:74:c9:02:6c any
00157 34342 6889467 pipe 20156 ip from any to any MAC any 08:10:74:c9:02:6c
00158 13877616 17589938436 pipe 20159 ip from any to any MAC 08:10:74:c9:02:9e any
00159 8831606 1230984896 pipe 20158 ip from any to any MAC any 08:10:74:c9:02:9e
00160 4065141 5326504356 pipe 20161 ip from any to any MAC 08:10:74:c9:04:72 any
00161 2352751 225342377 pipe 20160 ip from any to any MAC any 08:10:74:c9:04:72
00162 0 0 pipe 20163 ip from any to any MAC 08:10:74:c8:59:16 any
00163 0 0 pipe 20162 ip from any to any MAC any 08:10:74:c8:59:16
00164 276006 216198548 pipe 20165 ip from any to any MAC 08:10:74:c8:e0:92 any
00165 222463 35028691 pipe 20164 ip from any to any MAC any 08:10:74:c8:e0:92
00166 877308 540245232 pipe 20167 ip from any to any MAC 90:00:4e:5a:5a:7f any
00167 692340 86802756 pipe 20166 ip from any to any MAC any 90:00:4e:5a:5a:7f
00168 0 0 allow ip from any to any MAC a4:ba:db:3d:24:5a any
00169 0 0 allow ip from any to any MAC any a4:ba:db:3d:24:5a
00170 48128 4248350 allow ip from any to any MAC ac:67:06:37:90:60 any
00171 48765 5809853 allow ip from any to any MAC any ac:67:06:37:90:60
00172 48273 4255706 allow ip from any to any MAC ac:67:06:37:91:90 any
00173 48831 5775983 allow ip from any to any MAC any ac:67:06:37:91:90
00174 207 45439 pipe 20175 ip from any to any MAC b8:70:f4:92:0f:2e any
00175 437 44620 pipe 20174 ip from any to any MAC any b8:70:f4:92:0f:2e
00176 199 55265 pipe 20177 ip from any to any MAC f8:7b:7a:3a:ce:7f any
00177 218 50668 pipe 20176 ip from any to any MAC any f8:7b:7a:3a:ce:7f
00178 9250394 1277797068 pipe 20179 ip from any to any MAC c8:3a:35:d2:53:cf any
00179 14148558 14986388983 pipe 20178 ip from any to any MAC any c8:3a:35:d2:53:cf
00180 0 0 pipe 20181 ip from any to any MAC 08:10:74:86:26:fe any
00181 246 14496 pipe 20180 ip from any to any MAC any 08:10:74:86:26:fe
00182 0 0 pipe 20183 ip from any to any MAC 08:10:74:c8:06:ac any
00183 0 0 pipe 20182 ip from any to any MAC any 08:10:74:c8:06:ac
00184 954445 682284918 allow ip from any to any MAC 00:1e:64:52:a0:16 any
00185 1186802 1104938693 allow ip from any to any MAC any 00:1e:64:52:a0:16
00186 0 0 pipe 20187 ip from any to any MAC 08:10:74:75:98:9e any
00187 458 24248 pipe 20186 ip from any to any MAC any 08:10:74:75:98:9e
00188 0 0 pipe 20189 ip from any to any MAC 08:10:74:c8:e9:6c any
00189 62 15572 pipe 20188 ip from any to any MAC any 08:10:74:c8:e9:6c
00190 15236 17844494 pipe 20191 ip from any to any MAC 1c:65:9d:b3:75:42 any
00191 11055 1464218 pipe 20190 ip from any to any MAC any 1c:65:9d:b3:75:42
00192 0 0 pipe 20193 ip from any to any MAC 00:27:22:2e:11:65 any
00193 2051 160090 pipe 20192 ip from any to any MAC any 00:27:22:2e:11:65
00194 87117 128987267 allow ip from any to any MAC 00:0c:29:44:04:2d any
00195 51242 2831873 allow ip from any to any MAC any 00:0c:29:44:04:2d
00196 0 0 pipe 20197 ip from any to any MAC 08:10:74:c8:bd:14 any
00197 10 2580 pipe 20196 ip from any to any MAC any 08:10:74:c8:bd:14
00198 0 0 pipe 20199 ip from any to any MAC 08:10:74:75:98:9e any
00199 0 0 pipe 20198 ip from any to any MAC any 08:10:74:75:98:9e
00200 0 0 pipe 20201 ip from any to any MAC 08:10:74:86:2f:42 any
00201 0 0 pipe 20200 ip from any to any MAC any 08:10:74:86:2f:42
00202 0 0 pipe 20203 ip from any to any MAC 08:10:74:c8:1d:b8 any
00203 0 0 pipe 20202 ip from any to any MAC any 08:10:74:c8:1d:b8
65291 0 0 allow pfsync from any to any
65292 0 0 allow carp from any to any
65301 20191 738580 allow ip from any to any layer2 mac-type 0x0806
65302 0 0 allow ip from any to any layer2 mac-type 0x888e
65303 0 0 allow ip from any to any layer2 mac-type 0x88c7
65304 0 0 allow ip from any to any layer2 mac-type 0x8863
65305 0 0 allow ip from any to any layer2 mac-type 0x8864
65306 0 0 allow ip from any to any layer2 mac-type 0x888e
65307 18936 1012360 deny ip from any to any layer2 not mac-type 0x0800
65310 49077 9426797 allow ip from any to { 255.255.255.255 or 192.168.10.1 or 192.168.5.1 } in
65311 927 569345 allow ip from { 255.255.255.255 or 192.168.10.1 or 192.168.5.1 } to any out
65312 0 0 allow icmp from { 255.255.255.255 or 192.168.10.1 or 192.168.5.1 } to any out icmptypes 0
65313 0 0 allow icmp from any to { 255.255.255.255 or 192.168.10.1 or 192.168.5.1 } in icmptypes 8
65314 0 0 allow ip from table(3) to any in
65315 0 0 allow ip from any to table(4) out
65316 0 0 pipe tablearg ip from table(5) to any in
65317 0 0 pipe tablearg ip from any to table(6) out
65318 0 0 allow ip from any to table(7) in
65319 0 0 allow ip from table(8) to any out
65320 0 0 pipe tablearg ip from any to table(9) in
65321 0 0 pipe tablearg ip from table(10) to any out
65322 0 0 pipe tablearg ip from table(1) to any in
65323 0 0 pipe tablearg ip from any to table(2) out
65531 746 71739 fwd 127.0.0.1,8000 tcp from any to any in
65532 643 154006 allow tcp from any to any out
65533 92768 19184302 deny ip from any to any
65534 0 0 allow ip from any to any layer2
65535 86 79613 allow ip from any to any -
Well, the idea was to check whether the MAC-addresses you wanted blocked are actually still in the 'ipfw show' list you just posted, even though you've removed them from the MAC-pass-through page of pfsense's webGUI.
-
Thanks for this. I have actually contacted them to do a demo. They are telling me that their software works best with Mikrotik, and not so great with pfsense… not sure what to do now.. Can i somehow use both Mikrotik and pfSense?
Im using pfSense ( failover & Sip Proxy ) + MikroTik ( PPPoE ) and Ubiquiti Rocket M5 as AP, for CPE: NanoStation, NanoStation Loco & NanoBridge ( all 5M series ), and Linksys SPA2102 for clients with VoIP service . I do the PPPoE & traffic shapping at CPE.
-
Well, the idea was to check whether the MAC-addresses you wanted blocked are actually still in the 'ipfw show' list you just posted, even though you've removed them from the MAC-pass-through page of pfsense's webGUI.
Ah ok, i see.. i will check that. Thankyou.
Is it strange that the other ipfw commands that you mentioned before didn't do anything when i ran them?
-
Is it strange that the other ipfw commands that you mentioned before didn't do anything when i ran them?
Well, perhaps I wasn't clear enough
/tmp/ipfw.cp.rules is a text-file that contains the ipfw configuration, so you just check its contents (using vi, more etc)
ipfw table all list was to check if you had any entries in ipfw tables. Since it came empty, it means you don't (which is to be expected, since you only use MAC passthrough).So, as I wrote above, you need to check whether any MAC-addresses you want blocked are still in the 'ipfw show' list. And you need to check that you haven't disabled MAC filtering.
-
What about MAC addr 08:10:74:75:98:9e which seems to appear in two rule pairs?
00186 0 0 pipe 20187 ip from any to any MAC 08:10:74:75:98:9e any
00187 458 24248 pipe 20186 ip from any to any MAC any 08:10:74:75:98:9e
[…]
00198 0 0 pipe 20199 ip from any to any MAC 08:10:74:75:98:9e any
00199 0 0 pipe 20198 ip from any to any MAC any 08:10:74:75:98:9eWhat is the result of
fgrep 08:10:74:75:98:9e /cf/conf/config.xml -
luke -or anyone else who is regularly adding/removing MACs from CP's MAC-passthrough page-, could you please check your router's ipfw show output for:
-
MACs that appear in more than one rule pair (as shown in the excerpt above)
-
multiple lines with the same rule number (as shown in issue #1958 )
TIA
-
-
Just a quick reply to let you know i am traveling at the moment and will check this out and post back as soon as i am back home
-
If you're using MAC passthrough and deleting entries, it will delete the one you specify but it also deletes part of others that will break their access. ticket here: http://redmine.pfsense.org/issues/1976
work around, hit Save under Status>Captive Portal to correctly reload.
-
dhatz, could you tell me how i do this? ther isalot more data than i can see on screen when i run ipfw show.. can u pipe it through more to see a screen at a time?
I hope we can sort this out, i am getting to a point where this is causing problems. My network is open replying on the Captive Portal catching people who connect. Currently, ever new connection is getting online without being authenticated via CP.. they are somehow just passing by. This is only happening on the outdoor clients connecting through my outdoor AP (which is on LAN interface) but prople connecting through my office AP (connected on OPT1 interface) arr getting stopped by the CP login page.
We are currently adding more and more clients, but i am having to hide my SSID currently to try and stop unwanted peopl eusing the network.. what i really need is that SSID broadcasting cause it is a good way for us to get more clients when people see it and phone us up.
-
Any more ideas here?
-
I suspect CP on LAN might be a fairly uncommon configuration and consequently not well tested.
You do have CP enabled on BOTH LAN and OPT1? If so, can you move the offending AP to (say) OPT2.
-
It was all working until i did the upgrade to 2.0-RELEASE.
I dont have an Opt2 interface. Only WAN, LAN and OPT1. I will try swapping the AP from LAN to OPT1 and see if it works, just to see if the issue is the AP or the Captive Portal.. cause as i said before, on OPT1 currently i have just a small indoor WAP, and the Captive portal works.. but for my outdoor Ruckus AP it isn't anymore.
-
It was all working until i did the upgrade to 2.0-RELEASE.
Upgrades can sometimes change the configuration file. Do you have CP enabled on LAN?
-
Yes, it is as it was before the upgrade. I have CP enabled on both LAN and OPT1
-
CP works fine on LAN and is extensively used and tested there. Probably want to gitsync to RELENG_2_0, or wait for 2.0.1 that will be coming this week, if you're using a lot of MAC passthroughs and editing them frequently since we fixed an issue there.
-
And i am guessing not go the upgrade route? do a clean install? I dont mind if i have to do that, just alot more work and i have the problem that i want to keep all cache and lightsquid logs..
-
luke, if you're in a hurry, you could also manually apply the bugfix, it's this one:
https://github.com/bsdperimeter/pfsense/commit/e3db5627224a0293f74e0d032a9b230f98f85952
I haven't noticed any issues with MAC passthrough since.
