problem with some old android device

mustafa 0

This post is deleted!

mustafa 0

@stephenw10

my dear steve
i add idle time out in captive portal 60 M and hard timeout 60M
and in dhcp server i add Default lease time 7200 and Maximum lease time 86400

same problem

Gertjan

Also : MAC's on the Services => Captive Portal => YourCPZone => MACs are also listed :
If have 4 :

--- table(cpzone1_pipe_mac), set(0) ---
88:1f:a1:54:98:c9 any 2081 0 0 0
any 88:1f:a1:54:98:c9 2080 0 0 0
48:88:ca:41:0d:55 any 2075 0 0 0
any 48:88:ca:41:0d:55 2074 0 0 0
4c:8d:79:91:ec:52 any 2077 0 0 0
any 4c:8d:79:91:ec:52 2076 0 0 0
64:80:99:9a:01:a0 any 2079 0 0 0
any 64:80:99:9a:01:a0 2078 0 0 0

These guys can connect to the portal interface as if the captive portal wasn't there.

Works fine for me for years now.

stephenw10

Ok, then start digging deeper. As Gertjan said the ipfw firewall that the captive portal uses does not differentiate between services so it's almost certainly something else blocking that traffic.

Look at the firewall states to/from those devices.

Looks at the firewall logs for blocked traffic.

Run packet captures to determine where that traffic is going.

Steve

mustafa 0

@gertjan

thank u for your reply im new in pfsense i work with mikrotik hotspot but i have change my network to pfsense so i get this problem , i do every things to do it work its same problem i add firewall rules for https , http , dns , and i add any rules its same

Gertjan

@mustafa-0 said in problem with some old android device:

@gertjan

... its same problem i add firewall rules for https , http , dns , and i add any rules its same

What rules ? Show them please.

Start with one global pass rule on the Captive Portal interface.
Check that everything works.
Then add one rule .... and test severely.
Add another one, etc.

stephenw10

Yes we need more information that 'I've tried everything and it's still the same'. There is no way we can help you with just that.

What did you actually try?
How did you test that?
What was the result?

Steve

mustafa 0

@stephenw10

more information :

i add rules with :
main rules (first one )
protocol : any
Source : any
Destination : any
Destination Port Range : any

result : some device get same problem the get ping from 8.8.8.8 but when i try open google.com theirs no connection bad dns config

add new rules

protocol : tcp/udp
Source : any
Destination : any
Destination Port Range : https (433)

result : some device get same problem they get ping from 8.8.8.8 but when i try open google.com theirs no connection bad dns config
add new rules

protocol : tcp/udp
Source : any
Destination : any
Destination Port Range : dns (53)

result : some device get same problem they get ping from 8.8.8.8 but when i try open google.com theirs no connection bad dns config

these all rules i add .

add ideal timeout and hard timeout in captive portal
add Default lease time in dhcp server Maximum lease time in dhcp server

NOTE : the pfsense server get internet connection with dhcp from mikrotik ccr 1036 .

stephenw10

Ok so it looks like those clients cannot resolve URLs. To confirm that try to ping google.com rather than an IP address. Does it resolve?

If it doesn't then find out why. What are they using for DNS? I would expect that to be handed to them via DHCP and your any/any/any rule should allow traffic to any DNS server.
Check the state table traffic from those clients to port 53.

Steve

mustafa 0

@stephenw10

hi steve
i think i know whats problem with it i give u my network diagram and explain the problem

1- i install pfsense in hp workstation pc with 8 gb ram
pfsense have 1 lan this lan is wan connection for pfsense from my ccr 1036 and i add vlan 10 for captive portal and i insert it on mikrotik switch . the problem in my network i have 2 main wireless link these link for my access point each wireless work with wds so the problem if i disable any one of theme my problem solved but when i use these 2 link in same time i get the problem is there any help in this .

NOTE : theirs no problem in link i test it in other router they work fine but the problem when i but theme in pfsense

thx

stephenw10

So are those wireless links your WAN connections?

Or do you mean just that you have two wifi access points?

And disabling one of them removes the issue?

A diagram may help here.

Steve

mustafa 0

@stephenw10

hi steve i think it solved i change wan connection from dhcp to pppoe the problem solved in some device

thank u