problem with some old android device
-
Also : MAC's on the Services => Captive Portal => YourCPZone => MACs are also listed :
If have 4 :--- table(cpzone1_pipe_mac), set(0) ---
88:1f:a1:54:98:c9 any 2081 0 0 0
any 88:1f:a1:54:98:c9 2080 0 0 0
48:88:ca:41:0d:55 any 2075 0 0 0
any 48:88:ca:41:0d:55 2074 0 0 0
4c:8d:79:91:ec:52 any 2077 0 0 0
any 4c:8d:79:91:ec:52 2076 0 0 0
64:80:99:9a:01:a0 any 2079 0 0 0
any 64:80:99:9a:01:a0 2078 0 0 0These guys can connect to the portal interface as if the captive portal wasn't there.
Works fine for me for years now.
-
Ok, then start digging deeper. As Gertjan said the ipfw firewall that the captive portal uses does not differentiate between services so it's almost certainly something else blocking that traffic.
Look at the firewall states to/from those devices.
Looks at the firewall logs for blocked traffic.
Run packet captures to determine where that traffic is going.
Steve
-
thank u for your reply im new in pfsense i work with mikrotik hotspot but i have change my network to pfsense so i get this problem , i do every things to do it work its same problem i add firewall rules for https , http , dns , and i add any rules its same
-
@mustafa-0 said in problem with some old android device:
... its same problem i add firewall rules for https , http , dns , and i add any rules its same
What rules ? Show them please.
Start with one global pass rule on the Captive Portal interface.
Check that everything works.
Then add one rule .... and test severely.
Add another one, etc. -
Yes we need more information that 'I've tried everything and it's still the same'. There is no way we can help you with just that.
What did you actually try?
How did you test that?
What was the result?Steve
-
more information :
i add rules with :
main rules (first one )
protocol : any
Source : any
Destination : any
Destination Port Range : anyresult : some device get same problem the get ping from 8.8.8.8 but when i try open google.com theirs no connection bad dns config
add new rules
protocol : tcp/udp
Source : any
Destination : any
Destination Port Range : https (433)result : some device get same problem they get ping from 8.8.8.8 but when i try open google.com theirs no connection bad dns config
add new rulesprotocol : tcp/udp
Source : any
Destination : any
Destination Port Range : dns (53)result : some device get same problem they get ping from 8.8.8.8 but when i try open google.com theirs no connection bad dns config
these all rules i add .
add ideal timeout and hard timeout in captive portal
add Default lease time in dhcp server Maximum lease time in dhcp serverNOTE : the pfsense server get internet connection with dhcp from mikrotik ccr 1036 .
-
Ok so it looks like those clients cannot resolve URLs. To confirm that try to ping google.com rather than an IP address. Does it resolve?
If it doesn't then find out why. What are they using for DNS? I would expect that to be handed to them via DHCP and your any/any/any rule should allow traffic to any DNS server.
Check the state table traffic from those clients to port 53.Steve
-
hi steve
i think i know whats problem with it i give u my network diagram and explain the problem1- i install pfsense in hp workstation pc with 8 gb ram
pfsense have 1 lan this lan is wan connection for pfsense from my ccr 1036 and i add vlan 10 for captive portal and i insert it on mikrotik switch . the problem in my network i have 2 main wireless link these link for my access point each wireless work with wds so the problem if i disable any one of theme my problem solved but when i use these 2 link in same time i get the problem is there any help in this .NOTE : theirs no problem in link i test it in other router they work fine but the problem when i but theme in pfsense
thx
-
So are those wireless links your WAN connections?
Or do you mean just that you have two wifi access points?
And disabling one of them removes the issue?
A diagram may help here.
Steve
-
hi steve i think it solved i change wan connection from dhcp to pppoe the problem solved in some device
thank u
