Accessible sites in captiveportal

aorzerep

Hi is there a way that i can have some/several sites that can be accessible in captiveportal without putting client IP's in allowed IP addresses section?. I try putting some sites in allowed Hostnames but when i try to browse, the captive portal log in screen still appear…..

Thanks..

doktornotor

Probably because it's broken? https://redmine.pfsense.org/issues/4746

aorzerep

@doktornotor:

Probably because it's broken? https://redmine.pfsense.org/issues/4746

Yeah perhaps,I dont know how to fix it, I try running this command ipfw -x 2 table all list and i see all the IP address of the allowed hostname in captive portal…

Thanks..

Gertjan

@aorzerep:

Yeah perhaps,I dont know how to fix it,

Because the bug is already know :
@doktornotor:

Probably because it's broken? https://redmine.pfsense.org/issues/4746

Dev's are right now bussy with a solution.
@aorzerep:

I try running this command ipfw -x 2 table all list and i see all the IP address of the allowed hostname in captive portal…

This means that it SHOULD work !!

If "hostname" (== URL) is listed (this means, its IPv4) then, without authentication, you should be able to visit that site because all IP's (IPv4) listed are passed by the firewall that the Captive Portal uses.
If the firewall blocks the user, using an URL (so, its IPv4) that is listed in the table then this is a new problem.

Example:
After a :
ipfw -x 2 table all list
(2 is my Captive Zone context)
I have this:
–-table(1)---
192.168.2.36/32 mac 00:19:e3:d9:d7:xx 3780
---table(2)---
192.168.2.36/32 mac 00:19:e3:d9:d7:xx 3781
---table(3)---
5.196.43.131/32 3762
---table(4)---
5.196.43.131/32 3761

Table 1 and 2 are the connected users (just one right now) - they are not related to your extension (but remember, ones a client / device is authenticated, its IPv4 will be in these two tables)
Table 3 and 4 list the IP(s) and hostnames (URLs) converted to IPv4's that I authorize to visit, even when the user isn't authenticated.
The IP "5.196.43.131" is present in my table 3&4 (host brit-hotel-fumel**.**fr) and, YES, I can visit this site when I'm NOT authenticated with my device against the Captive Portal.
So, it works.
This bug https://redmine.pfsense.org/issues/4746 is about adding multiple hostnames (URL) …. that doesn't work every time.

aorzerep

@Gertjan:

@aorzerep:

Yeah perhaps,I dont know how to fix it,

Because the bug is already know :
@doktornotor:

Probably because it's broken? https://redmine.pfsense.org/issues/4746

Dev's are right now bussy with a solution.
@aorzerep:

I try running this command ipfw -x 2 table all list and i see all the IP address of the allowed hostname in captive portal…

This means that it SHOULD work !!

If "hostname" (== URL) is listed (this means, its IPv4) then, without authentication, you should be able to visit that site because all IP's (IPv4) listed are passed by the firewall that the Captive Portal uses.
If the firewall blocks the user, using an URL (so, its IPv4) that is listed in the table then this is a new problem.

Example:
After a :
ipfw -x 2 table all list
(2 is my Captive Zone context)
I have this:
–-table(1)---
192.168.2.36/32 mac 00:19:e3:d9:d7:xx 3780
---table(2)---
192.168.2.36/32 mac 00:19:e3:d9:d7:xx 3781
---table(3)---
5.196.43.131/32 3762
---table(4)---
5.196.43.131/32 3761

Table 1 and 2 are the connected users (just one right now) - they are not related to your extension (but remember, ones a client / device is authenticated, its IPv4 will be in these two tables)
Table 3 and 4 list the IP(s) and hostnames (URLs) converted to IPv4's that I authorize to visit, even when the user isn't authenticated.
The IP "5.196.43.131" is present in my table 3&4 (host brit-hotel-fumel**.**fr) and, YES, I can visit this site when I'm NOT authenticated with my device against the Captive Portal.
So, it works.
This bug https://redmine.pfsense.org/issues/4746 is about adding multiple hostnames (URL) …. that doesn't work every time.

Thanks for the information, Your right, table 3 and 4 is the IP adress of hostname listed in allowed hostname, but in my case it wont works, although it is in in allowed hostname and it is in the ip tables it doesnt work..Still the login portal of captive portal is appearing.

Thanks again,

Gertjan

you are using - as I do - 2.2.3 ?

edit: if one of the hostnames is a web site, and the site's web server instructs your browser to get pages from 'other sites' who do not have their hostname on the list, the our browser will contact these sites, and this will force a portal login.
So, be careful with this option : you should include ALL IPv4 and/or hostnames.

The site I mentioned in my example is a site I build with WordPress - and I'm NOT including info from other sites (its easy : just drop FaceBook/Twitter/other social stuff and you're pretty good).

Some tried to included all the IP4v that Facebook uses => mission impossible - see forum.

aorzerep

@Gertjan:

you are using - as I do - 2.2.3 ?

edit: if one of the hostnames is a web site, and the site's web server instructs your browser to get pages from 'other sites' who do not have their hostname on the list, the our browser will contact these sites, and this will force a portal login.
So, be careful with this option : you should include ALL IPv4 and/or hostnames.

The site I mentioned in my example is a site I build with WordPress - and I'm NOT including info from other sites (its easy : just drop FaceBook/Twitter/other social stuff and you're pretty good).

Some tried to included all the IP4v that Facebook uses => mission impossible - see forum.

Thanks It seems that I have a lighter vision here, I put only yahoo.com in allowed hostname,when i type in browser it does not show captive portal login instead it go to to squidguard and denied it using the squidguard.But why is that if ill log in to captive portal using credential it wont go to squidguard filtering instead it will give all acesss?..

Thanks..

doktornotor

@aorzerep:

I put only yahoo.com in allowed hostname,when i type in browser it does not show captive portal login instead it go to to squidguard and denied it using the squidguard.But why is that if ill log in to captive portal using credential it wont go to squidguard filtering instead it will give all acesss?..

Squid + CP -> does NOT work. Does NOT work. Does NOT work. Does NOT work. Oh, and in case you still wonder: it does NOT work.

aorzerep

@doktornotor:

@aorzerep:

I put only yahoo.com in allowed hostname,when i type in browser it does not show captive portal login instead it go to to squidguard and denied it using the squidguard.But why is that if ill log in to captive portal using credential it wont go to squidguard filtering instead it will give all acesss?..

Squid + CP -> does NOT work. Does NOT work. Does NOT work. Does NOT work. Oh, and in case you still wonder: it does NOT work.

Meaning allowedhostname feauters in CP wont work if I have squid ang squidguard installed?

doktornotor

Meaning CP in general just miserably FAILS to work with Squid. Plus will itself get screwed by the Squid "integration" patch.

aorzerep

@doktornotor:

Meaning CP in general just miserably FAILS to work with Squid. Plus will itself get screwed by the Squid "integration" patch.

Hi Thanks for the information,seems got no solution for this, may be an update in the future  will…

Thanks a lot..