Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive portal dont show logged users after marked mac pass-through

    Scheduled Pinned Locked Moved Captive Portal
    13 Posts 5 Posters 718 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      edicastro @viktor_g
      last edited by

      @viktor_g This feature has accepted for pfsense team?

      1 Reply Last reply Reply Quote 0
      • E
        edicastro @Gertjan
        last edited by edicastro

        @Gertjan your images post dont show. try imgur.com to send images

        GertjanG 1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @edicastro
          last edited by

          @edicastro said in Captive portal dont show logged users after marked mac pass-through:

          try imgur.com to send images

          I added them.
          I prefer not to use add-black-holes .... and keeping pfSense info at the pfSense forum.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • V
            victoriaSwalker
            last edited by

            Great! This post is very use full.

            1 Reply Last reply Reply Quote 0
            • viktor_gV
              viktor_g Netgate @Gertjan
              last edited by

              @Gertjan said in Captive portal dont show logged users after marked mac pass-through:

              True, the user has to log in ones to have it's MAC added to the list with MAC(s) that are allowed to go though without pfSense 'seeing' any further traffic of this device = they will show up on the Services > Captive Portal > [portal name] > MACs.
              An early ipfw firewall has a table with all the MAC's that are allowed without further interaction.

              Correct, see https://github.com/pfsense/pfsense/blob/2e1cfbf9957a559a49af37c00f07db8854950ae3/src/etc/inc/captiveportal.inc#L746
              in other words this is just static firewall rules

              Because auto added MAC's have pipes, the traffic they generate is counted.
              pfSense could parse this traffic info - the 555054 (bytes down) and 39677 (bytes up) numbers in my example - to see if the device is actually generating traffic, and if so, showing it in the "Captive Portal Status" list like the other, logged in , users . And remove it from the list after, for example, when "Idle timeout (Minutes)" arrives without seeing any traffic change during this "Idle timeout (Minutes)".

              "Idle Timeout (Minutes)" can confuse pfSense administrators in a different way. When you see MAC on the configuration page, but not on Active users page due to incorrect timeout settings or host inactivity (printers, phones, servers etc)

              feel free to leave your comments/ideas on https://redmine.pfsense.org/issues/9627

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @viktor_g
                last edited by

                @viktor_g said in Captive portal dont show logged users after marked mac pass-through:

                "Idle Timeout (Minutes)" can confuse pfSense administrators in a different way.

                Like a smart wall outlet that calls home, opens a channel, and waits for incoming instructions, that might come in after hours or days.
                Yeah, when I think about the possible pitfalls : they are there.

                I did not mean that "Idle Timeout (Minutes)" should be used to disconnect a device. The disconnecting thing is only meant to be used for logged in users that will get removed after after a certain time of non connectivity.

                As soon as "Pass-through MAC Auto Entry" is set, something like "Idle Timeout (Minutes)" has no meaning any more, as ALL logged in devices will get auto-MAC-add.

                The captive portal status widget becomes .... useless / not needed as it will be empty : the connected user database would be empty.
                So, why not showing something useful like "these are the "auto MAC" devices that generated traffic the last xx time" ?
                Or list all the auto mac added devices ? (with traffic usage statistics ?)
                Because "Pass-through MAC Auto Entry" is set, one could change the title of the widget, and change the behaviour off the disconnect function, so it will remove the MAC from the list / firewall table rule ?

                Any way, nothing that can be pulled of by @viktor_g in an hour or two ;)

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • E
                  edicastro
                  last edited by edicastro

                  how to identify the activities of the users of the "mac past-through" in the logs?

                  GertjanG 1 Reply Last reply Reply Quote 0
                  • GertjanG
                    Gertjan @edicastro
                    last edited by

                    @edicastro said in Captive portal dont show logged users after marked mac pass-through:

                    how to identify the activities of the users of the "mac past-through" in the logs?

                    Re read my post above where I say :

                    But : checking out the xxxxx_pipe_macipfw table shows :

                    Yo can do so with your fingers and keyboard : type the command mentionned, do some number subtractions and you'll find the traffic.
                    Or bring @viktor_g to the bounty room.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    E 1 Reply Last reply Reply Quote 0
                    • E
                      edicastro @Gertjan
                      last edited by edicastro

                      @Gertjan said in Captive portal dont show logged users after marked mac pass-through:

                      But : checking out the xxxxx_pipe_macipfw table shows :

                      @Gertjan I dont understand... where i find "xxxxx_pipe_macipfw" in pfsense? this is a command line? or gui functionality?

                      F 1 Reply Last reply Reply Quote 0
                      • F
                        free4 Rebel Alliance @edicastro
                        last edited by free4

                        @edicastro type the command line

                        ipfw table all list

                        The result should indicate you the status of the two ipfw tables named xxxxx_pipe_mac

                        These tables indicate who is connected

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.