Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No inetnet when catpive portal is enable

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 2 Posters 579 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      trinitech
      last edited by

      Hello all,

      I have 3 interfaces:
      WAN, LAN, DMZ

      WAN interface is connected to an adsl modem and get the wan IP via DHCP ( IPv4 Configuration Type )
      AS the DHCP / DNS server come from a windows AC server, the LAN is set as a gateway with the following:
      IPv4 Configuration Type: Static ipv4
      IPv4 Address: 130.1.1.225/24
      MTU:9000

      In general setup I have:
      DNS Servers: 130.1.1.225
      8.8.8.8
      8.8.4.4
      DNS Server Override: enable
      Disable DNS Forwarder: enable

      For the DMZ interface I have :
      IPv4 Configuration Type: static ipv4
      IPv4 Address: 192.168.45.1/24

      FOr DMZ, I have enable DHCP server with:

      Subnet
      192.168.45.0

      Subnet mask: 255.255.255.0
      range: 192.168.45.10 - 192.168.45.150
      DNS servers: 192.168.45.1
      8.8.8.8
      8.8.4.4

      Usig the setup above, when I plug a computer in the DMZ interface I have acess to the internet and I an browse all site and ping google.com with no problems..
      However, If I emable the captive portal on the DMZ interface, I loose all access to the internet and I cannot ping google anymore..
      The CP has no authentification for now as I want to get the basic to work first so in affect the only box that is ticked on the CP page is 'Enable Captive Portal'

      I use DNS resolver on LAN,DMZ, localhost

      Firewall rule on DMZ interface is
      IPv4 * DMZ net * * * * none   Default allow DNZ to any rule

      Could anyone please help me understand why I loose everything when the CP is enabled?

      Thank you

      1 Reply Last reply Reply Quote 0
      • T
        trinitech
        last edited by

        HI all,

        I just realise that I can run
        ping 8.8.8.8
        but ping google.com do not resolved

        16:39:12.514556 90:1b:0e:87:1e:a5 > 00:30:18:01:4f:b1, ethertype IPv4 (0x0800), length 73: (tos 0x0, ttl 128, id 4442, offset 0, flags [none], proto UDP (17), length 59)
            192.168.45.10.56797 > 192.168.45.1.53: [udp sum ok] 60945+ A? www.bbc.co.uk. (31)
        16:39:12.543225 00:30:18:01:4f:b1 > 90:1b:0e:87:1e:a5, ethertype IPv4 (0x0800), length 73: (tos 0x0, ttl 64, id 56815, offset 0, flags [none], proto UDP (17), length 59)
            192.168.45.1.53 > 192.168.45.10.56797: [udp sum ok] 60945 ServFail q: A? www.bbc.co.uk. 0/0/0 (31)
        16:39:12.543849 90:1b:0e:87:1e:a5 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 92: (tos 0x0, ttl 128, id 4443, offset 0, flags [none], proto UDP (17), length 78)
            192.168.45.10.137 > 192.168.45.255.137: [udp sum ok]

        NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
        TrnID=0xBCE9
        OpCode=0
        NmFlags=0x11
        Rcode=0
        QueryCount=1
        AnswerCount=0
        AuthorityCount=0
        AddressRecCount=0
        QuestionRecords:
        Name=WWW.BBC.CO.UK  NameType=0x00 (Workstation)
        QuestionType=0x20
        QuestionClass=0x1

        16:39:13.292974 90:1b:0e:87:1e:a5 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 92: (tos 0x0, ttl 128, id 4444, offset 0, flags [none], proto UDP (17), length 78)
            192.168.45.10.137 > 192.168.45.255.137: [udp sum ok]

        NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
        TrnID=0xBCE9
        OpCode=0
        NmFlags=0x11
        Rcode=0
        QueryCount=1
        AnswerCount=0
        AuthorityCount=0
        AddressRecCount=0
        QuestionRecords:
        Name=WWW.BBC.CO.UK  NameType=0x00 (Workstation)
        QuestionType=0x20
        QuestionClass=0x1

        16:39:14.042928 90:1b:0e:87:1e:a5 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 92: (tos 0x0, ttl 128, id 4445, offset 0, flags [none], proto UDP (17), length 78)
            192.168.45.10.137 > 192.168.45.255.137: [udp sum ok]

        NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
        TrnID=0xBCE9
        OpCode=0
        NmFlags=0x11
        Rcode=0
        QueryCount=1
        AnswerCount=0
        AuthorityCount=0
        AddressRecCount=0
        QuestionRecords:
        Name=WWW.BBC.CO.UK  NameType=0x00 (Workstation)
        QuestionType=0x20
        QuestionClass=0x1

        16:39:14.814061 90:1b:0e:87:1e:a5 > 00:30:18:01:4f:b1, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 128, id 4446, offset 0, flags [none], proto UDP (17), length 56)
            192.168.45.10.56798 > 192.168.45.1.53: [udp sum ok] 54615+ A? google.com. (28)
        16:39:14.814440 90:1b:0e:87:1e:a5 > 00:30:18:01:4f:b1, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 128, id 4447, offset 0, flags [none], proto UDP (17), length 56)
            192.168.45.10.56799 > 8.8.8.8.53: [udp sum ok] 60084+ A? google.com. (28)
        16:39:14.818177 00:30:18:01:4f:b1 > 90:1b:0e:87:1e:a5, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 63, id 4625, offset 0, flags [DF], proto UDP (17), length 72)
            8.8.8.8.53 > 192.168.45.10.56799: [udp sum ok] 60084 q: A? google.com. 1/0/0 google.com. A 216.58.201.238 (44)
        16:39:14.821856 90:1b:0e:87:1e:a5 > 00:30:18:01:4f:b1, ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 128, id 4448, offset 0, flags [none], proto UDP (17), length 64)
            192.168.45.10.61393 > 192.168.45.1.53: [udp sum ok] 62569+ A? www.googleapis.com. (36)
        16:39:14.824711 00:30:18:01:4f:b1 > 90:1b:0e:87:1e:a5, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 64, id 64341, offset 0, flags [none], proto UDP (17), length 56)
            192.168.45.1.53 > 192.168.45.10.56798: [udp sum ok] 54615 ServFail q: A? google.com. 0/0/0 (28)
        16:39:14.827578 00:30:18:01:4f:b1 > 90:1b:0e:87:1e:a5, ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 64, id 14360, offset 0, flags [none], proto UDP (17), length 64)
            192.168.45.1.53 > 192.168.45.10.61393: [udp sum ok] 62569 ServFail q: A? www.googleapis.com. 0/0/0 (36)
        16:39:15.688373 90:1b:0e:87:1e:a5 > 00:30:18:01:4f:b1, ethertype IPv4 (0x0800), length 83: (tos 0x0, ttl 128, id 4449, offset 0, flags [none], proto UDP (17), length 69)
            192.168.45.10.53377 > 192.168.45.1.53: [udp sum ok] 62448+ A? fsbwserver.f-secure.com. (41)
        16:39:15.693733 00:30:18:01:4f:b1 > 90:1b:0e:87:1e:a5, ethertype IPv4 (0x0800), length 83: (tos 0x0, ttl 64, id 56151, offset 0, flags [none], proto UDP (17), length 69)
            192.168.45.1.53 > 192.168.45.10.53377: [udp sum ok] 62448 ServFail q: A? fsbwserver.f-secure.com. 0/0/0 (41)
        16:39:15.694900 90:1b:0e:87:1e:a5 > 00:30:18:01:4f:b1, ethertype IPv4 (0x0800), length 83: (tos 0x0, ttl 128, id 4450, offset 0, flags [none], proto UDP (17), length 69)
            192.168.45.10.59623 > 192.168.45.1.53: [udp sum ok] 56836+ AAAA? fsbwserver.f-secure.com. (41)
        16:39:15.695169 00:30:18:01:4f:b1 > 90:1b:0e:87:1e:a5, ethertype IPv4 (0x0800), length 83: (tos 0x0, ttl 64, id 44623, offset 0, flags [none], proto UDP (17), length 69)
            192.168.45.1.53 > 192.168.45.10.59623: [udp sum ok] 56836 ServFail q: AAAA? fsbwserver.f-secure.com. 0/0/0 (41)

        Dos this information enable anyone her to help please?

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan
          last edited by

          First :  Disable DNS Forwarder
          Do not use the DNS Forwarder/DNS Resolver as a DNS server for the firewall
          Do not check that - enable the (local) DNS Resolver (or forwarder).
          No DNS means : no resolving (as you already found out).

          @trinitech:

          ….
          However, If I emable the captive portal on the DMZ interface, I loose all access to the internet and I cannot ping google anymore..
          .....

          and then :
          @trinitech:

          The CP has no authentification for now as I want to get the basic to work first so in affect the only box that is ticked on the CP page is 'Enable Captive Portal'

          Note : NO AUTHENTIFICATION => Nothings passes through (except DNS - but that was broken ;) ).

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.