No inetnet when catpive portal is enable



  • Hello all,

    I have 3 interfaces:
    WAN, LAN, DMZ

    WAN interface is connected to an adsl modem and get the wan IP via DHCP ( IPv4 Configuration Type )
    AS the DHCP / DNS server come from a windows AC server, the LAN is set as a gateway with the following:
    IPv4 Configuration Type: Static ipv4
    IPv4 Address: 130.1.1.225/24
    MTU:9000

    In general setup I have:
    DNS Servers: 130.1.1.225
    8.8.8.8
    8.8.4.4
    DNS Server Override: enable
    Disable DNS Forwarder: enable

    For the DMZ interface I have :
    IPv4 Configuration Type: static ipv4
    IPv4 Address: 192.168.45.1/24

    FOr DMZ, I have enable DHCP server with:

    Subnet
    192.168.45.0

    Subnet mask: 255.255.255.0
    range: 192.168.45.10 - 192.168.45.150
    DNS servers: 192.168.45.1
    8.8.8.8
    8.8.4.4

    Usig the setup above, when I plug a computer in the DMZ interface I have acess to the internet and I an browse all site and ping google.com with no problems..
    However, If I emable the captive portal on the DMZ interface, I loose all access to the internet and I cannot ping google anymore..
    The CP has no authentification for now as I want to get the basic to work first so in affect the only box that is ticked on the CP page is 'Enable Captive Portal'

    I use DNS resolver on LAN,DMZ, localhost

    Firewall rule on DMZ interface is
    IPv4 * DMZ net * * * * none   Default allow DNZ to any rule

    Could anyone please help me understand why I loose everything when the CP is enabled?

    Thank you



  • HI all,

    I just realise that I can run
    ping 8.8.8.8
    but ping google.com do not resolved

    16:39:12.514556 90:1b:0e:87:1e:a5 > 00:30:18:01:4f:b1, ethertype IPv4 (0x0800), length 73: (tos 0x0, ttl 128, id 4442, offset 0, flags [none], proto UDP (17), length 59)
        192.168.45.10.56797 > 192.168.45.1.53: [udp sum ok] 60945+ A? www.bbc.co.uk. (31)
    16:39:12.543225 00:30:18:01:4f:b1 > 90:1b:0e:87:1e:a5, ethertype IPv4 (0x0800), length 73: (tos 0x0, ttl 64, id 56815, offset 0, flags [none], proto UDP (17), length 59)
        192.168.45.1.53 > 192.168.45.10.56797: [udp sum ok] 60945 ServFail q: A? www.bbc.co.uk. 0/0/0 (31)
    16:39:12.543849 90:1b:0e:87:1e:a5 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 92: (tos 0x0, ttl 128, id 4443, offset 0, flags [none], proto UDP (17), length 78)
        192.168.45.10.137 > 192.168.45.255.137: [udp sum ok]

    NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
    TrnID=0xBCE9
    OpCode=0
    NmFlags=0x11
    Rcode=0
    QueryCount=1
    AnswerCount=0
    AuthorityCount=0
    AddressRecCount=0
    QuestionRecords:
    Name=WWW.BBC.CO.UK  NameType=0x00 (Workstation)
    QuestionType=0x20
    QuestionClass=0x1

    16:39:13.292974 90:1b:0e:87:1e:a5 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 92: (tos 0x0, ttl 128, id 4444, offset 0, flags [none], proto UDP (17), length 78)
        192.168.45.10.137 > 192.168.45.255.137: [udp sum ok]

    NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
    TrnID=0xBCE9
    OpCode=0
    NmFlags=0x11
    Rcode=0
    QueryCount=1
    AnswerCount=0
    AuthorityCount=0
    AddressRecCount=0
    QuestionRecords:
    Name=WWW.BBC.CO.UK  NameType=0x00 (Workstation)
    QuestionType=0x20
    QuestionClass=0x1

    16:39:14.042928 90:1b:0e:87:1e:a5 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 92: (tos 0x0, ttl 128, id 4445, offset 0, flags [none], proto UDP (17), length 78)
        192.168.45.10.137 > 192.168.45.255.137: [udp sum ok]

    NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
    TrnID=0xBCE9
    OpCode=0
    NmFlags=0x11
    Rcode=0
    QueryCount=1
    AnswerCount=0
    AuthorityCount=0
    AddressRecCount=0
    QuestionRecords:
    Name=WWW.BBC.CO.UK  NameType=0x00 (Workstation)
    QuestionType=0x20
    QuestionClass=0x1

    16:39:14.814061 90:1b:0e:87:1e:a5 > 00:30:18:01:4f:b1, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 128, id 4446, offset 0, flags [none], proto UDP (17), length 56)
        192.168.45.10.56798 > 192.168.45.1.53: [udp sum ok] 54615+ A? google.com. (28)
    16:39:14.814440 90:1b:0e:87:1e:a5 > 00:30:18:01:4f:b1, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 128, id 4447, offset 0, flags [none], proto UDP (17), length 56)
        192.168.45.10.56799 > 8.8.8.8.53: [udp sum ok] 60084+ A? google.com. (28)
    16:39:14.818177 00:30:18:01:4f:b1 > 90:1b:0e:87:1e:a5, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 63, id 4625, offset 0, flags [DF], proto UDP (17), length 72)
        8.8.8.8.53 > 192.168.45.10.56799: [udp sum ok] 60084 q: A? google.com. 1/0/0 google.com. A 216.58.201.238 (44)
    16:39:14.821856 90:1b:0e:87:1e:a5 > 00:30:18:01:4f:b1, ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 128, id 4448, offset 0, flags [none], proto UDP (17), length 64)
        192.168.45.10.61393 > 192.168.45.1.53: [udp sum ok] 62569+ A? www.googleapis.com. (36)
    16:39:14.824711 00:30:18:01:4f:b1 > 90:1b:0e:87:1e:a5, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 64, id 64341, offset 0, flags [none], proto UDP (17), length 56)
        192.168.45.1.53 > 192.168.45.10.56798: [udp sum ok] 54615 ServFail q: A? google.com. 0/0/0 (28)
    16:39:14.827578 00:30:18:01:4f:b1 > 90:1b:0e:87:1e:a5, ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 64, id 14360, offset 0, flags [none], proto UDP (17), length 64)
        192.168.45.1.53 > 192.168.45.10.61393: [udp sum ok] 62569 ServFail q: A? www.googleapis.com. 0/0/0 (36)
    16:39:15.688373 90:1b:0e:87:1e:a5 > 00:30:18:01:4f:b1, ethertype IPv4 (0x0800), length 83: (tos 0x0, ttl 128, id 4449, offset 0, flags [none], proto UDP (17), length 69)
        192.168.45.10.53377 > 192.168.45.1.53: [udp sum ok] 62448+ A? fsbwserver.f-secure.com. (41)
    16:39:15.693733 00:30:18:01:4f:b1 > 90:1b:0e:87:1e:a5, ethertype IPv4 (0x0800), length 83: (tos 0x0, ttl 64, id 56151, offset 0, flags [none], proto UDP (17), length 69)
        192.168.45.1.53 > 192.168.45.10.53377: [udp sum ok] 62448 ServFail q: A? fsbwserver.f-secure.com. 0/0/0 (41)
    16:39:15.694900 90:1b:0e:87:1e:a5 > 00:30:18:01:4f:b1, ethertype IPv4 (0x0800), length 83: (tos 0x0, ttl 128, id 4450, offset 0, flags [none], proto UDP (17), length 69)
        192.168.45.10.59623 > 192.168.45.1.53: [udp sum ok] 56836+ AAAA? fsbwserver.f-secure.com. (41)
    16:39:15.695169 00:30:18:01:4f:b1 > 90:1b:0e:87:1e:a5, ethertype IPv4 (0x0800), length 83: (tos 0x0, ttl 64, id 44623, offset 0, flags [none], proto UDP (17), length 69)
        192.168.45.1.53 > 192.168.45.10.59623: [udp sum ok] 56836 ServFail q: AAAA? fsbwserver.f-secure.com. 0/0/0 (41)

    Dos this information enable anyone her to help please?



  • First :  Disable DNS Forwarder
    Do not use the DNS Forwarder/DNS Resolver as a DNS server for the firewall
    Do not check that - enable the (local) DNS Resolver (or forwarder).
    No DNS means : no resolving (as you already found out).

    @trinitech:

    ….
    However, If I emable the captive portal on the DMZ interface, I loose all access to the internet and I cannot ping google anymore..
    .....

    and then :
    @trinitech:

    The CP has no authentification for now as I want to get the basic to work first so in affect the only box that is ticked on the CP page is 'Enable Captive Portal'

    Note : NO AUTHENTIFICATION => Nothings passes through (except DNS - but that was broken ;) ).


Log in to reply