No inetnet when catpive portal is enable
-
Hello all,
I have 3 interfaces:
WAN, LAN, DMZWAN interface is connected to an adsl modem and get the wan IP via DHCP ( IPv4 Configuration Type )
AS the DHCP / DNS server come from a windows AC server, the LAN is set as a gateway with the following:
IPv4 Configuration Type: Static ipv4
IPv4 Address: 130.1.1.225/24
MTU:9000In general setup I have:
DNS Servers: 130.1.1.225
8.8.8.8
8.8.4.4
DNS Server Override: enable
Disable DNS Forwarder: enableFor the DMZ interface I have :
IPv4 Configuration Type: static ipv4
IPv4 Address: 192.168.45.1/24FOr DMZ, I have enable DHCP server with:
Subnet
192.168.45.0Subnet mask: 255.255.255.0
range: 192.168.45.10 - 192.168.45.150
DNS servers: 192.168.45.1
8.8.8.8
8.8.4.4Usig the setup above, when I plug a computer in the DMZ interface I have acess to the internet and I an browse all site and ping google.com with no problems..
However, If I emable the captive portal on the DMZ interface, I loose all access to the internet and I cannot ping google anymore..
The CP has no authentification for now as I want to get the basic to work first so in affect the only box that is ticked on the CP page is 'Enable Captive Portal'I use DNS resolver on LAN,DMZ, localhost
Firewall rule on DMZ interface is
IPv4 * DMZ net * * * * none Default allow DNZ to any ruleCould anyone please help me understand why I loose everything when the CP is enabled?
Thank you
-
HI all,
I just realise that I can run
ping 8.8.8.8
but ping google.com do not resolved16:39:12.514556 90:1b:0e:87:1e:a5 > 00:30:18:01:4f:b1, ethertype IPv4 (0x0800), length 73: (tos 0x0, ttl 128, id 4442, offset 0, flags [none], proto UDP (17), length 59)
192.168.45.10.56797 > 192.168.45.1.53: [udp sum ok] 60945+ A? www.bbc.co.uk. (31)
16:39:12.543225 00:30:18:01:4f:b1 > 90:1b:0e:87:1e:a5, ethertype IPv4 (0x0800), length 73: (tos 0x0, ttl 64, id 56815, offset 0, flags [none], proto UDP (17), length 59)
192.168.45.1.53 > 192.168.45.10.56797: [udp sum ok] 60945 ServFail q: A? www.bbc.co.uk. 0/0/0 (31)
16:39:12.543849 90:1b:0e:87:1e:a5 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 92: (tos 0x0, ttl 128, id 4443, offset 0, flags [none], proto UDP (17), length 78)
192.168.45.10.137 > 192.168.45.255.137: [udp sum ok]NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
TrnID=0xBCE9
OpCode=0
NmFlags=0x11
Rcode=0
QueryCount=1
AnswerCount=0
AuthorityCount=0
AddressRecCount=0
QuestionRecords:
Name=WWW.BBC.CO.UK NameType=0x00 (Workstation)
QuestionType=0x20
QuestionClass=0x116:39:13.292974 90:1b:0e:87:1e:a5 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 92: (tos 0x0, ttl 128, id 4444, offset 0, flags [none], proto UDP (17), length 78)
192.168.45.10.137 > 192.168.45.255.137: [udp sum ok]NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
TrnID=0xBCE9
OpCode=0
NmFlags=0x11
Rcode=0
QueryCount=1
AnswerCount=0
AuthorityCount=0
AddressRecCount=0
QuestionRecords:
Name=WWW.BBC.CO.UK NameType=0x00 (Workstation)
QuestionType=0x20
QuestionClass=0x116:39:14.042928 90:1b:0e:87:1e:a5 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 92: (tos 0x0, ttl 128, id 4445, offset 0, flags [none], proto UDP (17), length 78)
192.168.45.10.137 > 192.168.45.255.137: [udp sum ok]NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
TrnID=0xBCE9
OpCode=0
NmFlags=0x11
Rcode=0
QueryCount=1
AnswerCount=0
AuthorityCount=0
AddressRecCount=0
QuestionRecords:
Name=WWW.BBC.CO.UK NameType=0x00 (Workstation)
QuestionType=0x20
QuestionClass=0x116:39:14.814061 90:1b:0e:87:1e:a5 > 00:30:18:01:4f:b1, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 128, id 4446, offset 0, flags [none], proto UDP (17), length 56)
192.168.45.10.56798 > 192.168.45.1.53: [udp sum ok] 54615+ A? google.com. (28)
16:39:14.814440 90:1b:0e:87:1e:a5 > 00:30:18:01:4f:b1, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 128, id 4447, offset 0, flags [none], proto UDP (17), length 56)
192.168.45.10.56799 > 8.8.8.8.53: [udp sum ok] 60084+ A? google.com. (28)
16:39:14.818177 00:30:18:01:4f:b1 > 90:1b:0e:87:1e:a5, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 63, id 4625, offset 0, flags [DF], proto UDP (17), length 72)
8.8.8.8.53 > 192.168.45.10.56799: [udp sum ok] 60084 q: A? google.com. 1/0/0 google.com. A 216.58.201.238 (44)
16:39:14.821856 90:1b:0e:87:1e:a5 > 00:30:18:01:4f:b1, ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 128, id 4448, offset 0, flags [none], proto UDP (17), length 64)
192.168.45.10.61393 > 192.168.45.1.53: [udp sum ok] 62569+ A? www.googleapis.com. (36)
16:39:14.824711 00:30:18:01:4f:b1 > 90:1b:0e:87:1e:a5, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 64, id 64341, offset 0, flags [none], proto UDP (17), length 56)
192.168.45.1.53 > 192.168.45.10.56798: [udp sum ok] 54615 ServFail q: A? google.com. 0/0/0 (28)
16:39:14.827578 00:30:18:01:4f:b1 > 90:1b:0e:87:1e:a5, ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 64, id 14360, offset 0, flags [none], proto UDP (17), length 64)
192.168.45.1.53 > 192.168.45.10.61393: [udp sum ok] 62569 ServFail q: A? www.googleapis.com. 0/0/0 (36)
16:39:15.688373 90:1b:0e:87:1e:a5 > 00:30:18:01:4f:b1, ethertype IPv4 (0x0800), length 83: (tos 0x0, ttl 128, id 4449, offset 0, flags [none], proto UDP (17), length 69)
192.168.45.10.53377 > 192.168.45.1.53: [udp sum ok] 62448+ A? fsbwserver.f-secure.com. (41)
16:39:15.693733 00:30:18:01:4f:b1 > 90:1b:0e:87:1e:a5, ethertype IPv4 (0x0800), length 83: (tos 0x0, ttl 64, id 56151, offset 0, flags [none], proto UDP (17), length 69)
192.168.45.1.53 > 192.168.45.10.53377: [udp sum ok] 62448 ServFail q: A? fsbwserver.f-secure.com. 0/0/0 (41)
16:39:15.694900 90:1b:0e:87:1e:a5 > 00:30:18:01:4f:b1, ethertype IPv4 (0x0800), length 83: (tos 0x0, ttl 128, id 4450, offset 0, flags [none], proto UDP (17), length 69)
192.168.45.10.59623 > 192.168.45.1.53: [udp sum ok] 56836+ AAAA? fsbwserver.f-secure.com. (41)
16:39:15.695169 00:30:18:01:4f:b1 > 90:1b:0e:87:1e:a5, ethertype IPv4 (0x0800), length 83: (tos 0x0, ttl 64, id 44623, offset 0, flags [none], proto UDP (17), length 69)
192.168.45.1.53 > 192.168.45.10.59623: [udp sum ok] 56836 ServFail q: AAAA? fsbwserver.f-secure.com. 0/0/0 (41)Dos this information enable anyone her to help please?
-
First : Disable DNS Forwarder
Do not use the DNS Forwarder/DNS Resolver as a DNS server for the firewall
Do not check that - enable the (local) DNS Resolver (or forwarder).
No DNS means : no resolving (as you already found out).….
However, If I emable the captive portal on the DMZ interface, I loose all access to the internet and I cannot ping google anymore..
.....and then :
@trinitech:The CP has no authentification for now as I want to get the basic to work first so in affect the only box that is ticked on the CP page is 'Enable Captive Portal'
Note : NO AUTHENTIFICATION => Nothings passes through (except DNS - but that was broken ;) ).