Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    /var/db/captiveportaldn.rules more than 64500?

    Scheduled Pinned Locked Moved Captive Portal
    2 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      awangatb00
      last edited by

      I have an issue with a PFSence server and I have had it for a very long time.  Every so often my /var/db/captiveportaldn.rules fills up.  Several years ago it would happen about once every 6 months but now it is down to about once a month.  I know I can shutdown my captive portal remove the /var/db/captiveportaldn.rules and then restart the captive portal but this never really works for me that well.  90%
      of the time the /var/db/captiveportaldn.rules fills up in the day time and if I do the cleanup and restart the captive portal there is so much load on the httpdlight that the web service dies.  If I restart at the captive portal at night there is no issue.  I normally have +3000 users on during the day.

      My question is can I change that 64500 to something else and is there any real limit on what it can be?

      PFsence version currently in use: 2.3.1-Realse
      Hardware: Dell PowerEdge 1950
      CPU: Intel(R) Xeon(R) CPU 5160 @ 3.00GHz
      RAM: 4G
      NIC: 1 integrated and 2 x Intel 1G NIC cards.

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,

        Check out this page : https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting
        Execute the commands listed - and see the firewall rules numbers that ipfw is using.
        The "64500" is a limit, you can't go (much) above.

        Also note that " /var/db/captiveportaldn.rule" can not grow indefinitely. I guess it about 700 K when it starts, and depending on the length of the name(s) of your captive portal zone(s) is might double, maybe triple.

        You can 'read' this file to understand its structure. Its a serialized PHP array.

        The nasty thing :
        Every time a user connected and passes through (== authorized) "pass" rules are injected in the firewall ipfw AND the rule set (two: "the numbers" and the "portal zone name") are injected into this array (which becomes a file called /var/db/captiveportaldn.rule on disk).
        When the connections times out, the firewall rule is removed, and the corresponding entry  in to array is set to false (something like "").

        All this reading and writing (updating) of this 1 (2 , 3 ?) MB file happens when users login AND are being thrown off the portal.

        function captiveportal_free_dnrules($rulenos_start = 2000, $rulenos_range_max = 64500) {

        Just one question : your system can keep up with it ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.