Captive Portal Allowed IP Addresses/Hostnames not working
-
Subject pretty much says it all. Adding an IP or hostname to the allowed list for the captive portal seems to have no effect.
Using latest snapshot: 2.1-BETA1 (amd64) built on Mon Feb 4 03:47:53 EST 2013
Just 1 zone defined. Have seen this issue in snapshots for at least the last week.
-
Did some test and noticed that that behavior is also seen on recent i386 builds. The "Allowed IP addresses" rules are never matched except for when I use an IP address such as 128.0.0.0/1 which seems to match all.
-
This is a very important feature for me as I use an external captive portal login page.
I am currently stuck using a build from November at several locations. As far as I can tell this is the only remaining captive portal issue that is stopping me from updating.
Can anyone offer any insight? Any help is much appreciated.
-
Can you show me a sysctl -a | grep pfil
-
$ sysctl -a | grep pfil net.inet.ip.pfil.inbound: pf, ipfw* net.inet.ip.pfil.outbound: pf, ipfw* net.link.bridge.pfil_local_phys: 0 net.link.bridge.pfil_member: 1 net.link.bridge.pfil_bridge: 0 net.link.bridge.pfil_onlyip: 0 net.inet6.ip6.pfil.inbound: pf, ipfw* net.inet6.ip6.pfil.outbound: pf, ipfw*$ ipfw -x guest table all list ---table(3)--- 66.219.34.171/32 2002 0 0 ---table(4)--- 66.219.34.171/32 2003 0 0$ ipfw pipe show 02002: unlimited 0 ms burst 0 q133074 100 sl. 0 flows (1 buckets) sched 67538 weight 0 lmax 0 pri 0 droptail sched 67538 type FIFO flags 0x0 16 buckets 0 active 02003: unlimited 0 ms burst 0 q133075 100 sl. 0 flows (1 buckets) sched 67539 weight 0 lmax 0 pri 0 droptail sched 67539 type FIFO flags 0x0 16 buckets 0 active$ ipfw -x guest show 65291 0 0 allow pfsync from any to any 65292 0 0 allow carp from any to any 65301 26 1034 allow ip from any to any layer2 mac-type 0x0806,0x8035 65302 0 0 allow ip from any to any layer2 mac-type 0x888e,0x88c7 65303 0 0 allow ip from any to any layer2 mac-type 0x8863,0x8864 65307 0 0 deny ip from any to any layer2 not mac-type 0x0800,0x86dd 65310 97 10724 allow ip from any to { 255.255.255.255 or 192.168.10.1 } in 65311 100 40071 allow ip from { 255.255.255.255 or 192.168.10.1 } to any out 65312 0 0 allow icmp from { 255.255.255.255 or 192.168.10.1 } to any out icmptypes 0 65313 0 0 allow icmp from any to { 255.255.255.255 or 192.168.10.1 } in icmptypes 8 65314 0 0 pipe tablearg ip from table(3) to any in 65315 0 0 pipe tablearg ip from any to table(4) out 65316 0 0 pipe tablearg ip from table(1) to any in 65317 0 0 pipe tablearg ip from any to table(2) out 65532 55 5271 fwd 127.0.0.1,8000 tcp from any to any dst-port 80 in 65533 55 7285 allow tcp from any to any out 65534 110 9050 deny ip from any to any 65535 0 0 allow ip from any to any$ kldstat Id Refs Address Size Name 1 13 0xc0400000 103b9b4 kernel 2 1 0xc4ca0000 5000 glxsb.ko 3 1 0xc5e2a000 12000 ipfw.ko 4 1 0xc5e45000 e000 dummynet.ko -
sysctl -a | grep pfil
net.inet.ip.pfil.inbound: pf, ipfw* net.inet.ip.pfil.outbound: pf, ipfw* net.link.bridge.pfil_local_phys: 0 net.link.bridge.pfil_member: 1 net.link.bridge.pfil_bridge: 0 net.link.bridge.pfil_onlyip: 0 net.inet6.ip6.pfil.inbound: pf, ipfw* net.inet6.ip6.pfil.outbound: pf, ipfw* -
Can you try with a newer snapshot and see if that works better?
Need to do a full-upgrade due to binary changes. -
@ermal:
Can you try with a newer snapshot and see if that works better?
Need to do a full-upgrade due to binary changes.Unfortunately there is no change with the new snapshot, same behavior and output. Neither "Allowed IP addresses" nor "Allowed Hostnames" are working.
-
@ermal:
Can you try with a newer snapshot and see if that works better?
Need to do a full-upgrade due to binary changes.What do you mean by full upgrade? How is that different than upgrading from the GUI?
-
Full upgrade just means don't gitsync
-
Just upgraded to the 2/14 AMD64 snapshot, allowed hostnames still not working.
-
same here, im downloading the latest update hope the issue resolve with the latest snapshot
-
Still not working in 2.1-BETA1 (amd64) built on Mon Feb 18 22:59:54 EST 2013
-
Still broken in 2.1-BETA1 (amd64) built on Sat Feb 23 22:58:00 EST 2013.
Is anyone working on this? Would a bounty help? -
any updates on this issues ?
-
Should be fixed.
http://redmine.pfsense.org/issues/2780 -
Confirmed fixed :)
Big thanks to everyone who worked on it.