CAPTIVE PORTAL - PASSTHRUMAC via command prompt



  • Hello,
    i've been trying to add a MAC-Address to the allowed MACs via the command prompt in the webgui.
    I tried using the following commands:
    $config['captiveportal']['test']['passthrumac']['1']['action'] = "pass";
    $config['captiveportal']['test']['passthrumac']['1']['mac'] = "00:00:00:00:00:00";
    $config['captiveportal']['test']['passthrumac']['1']['descr'] = "test";
    write_config();

    When executing the commands the MAC shows up in my CP Settings, but when trying to connect my device is redirected to the Login Page.

    I've tried retracing the procedure that is done to add a MAC in the pfsense Source code and realized that it adds some kind of firewall rule to allow that MAC through.

    Is it possible to do the same via php commands?



  • The active settings are "dumped" ones in a while to the config file, so in case of a restart or reboot, all settings can be reconstructed.
    Writing setting "by hand" to te config file doesnt make them active.

    @posto587 said in CAPTIVE PORTAL - PASSTHRUMAC via command prompt:

    Is it possible to do the same via php commands?

    You mentioned the answer already yourself !
    This has to be done :
    @posto587 said in CAPTIVE PORTAL - PASSTHRUMAC via command prompt:

    retracing the procedure that is done to add a MAC in the pfsense Source code and realized that it adds some kind of firewall rule to allow that MAC through.

    So you saw what's need to be done so the MAC is taking into account.

    The captive portal is
    Some ipfw firewall rules.
    Your GUI firewall rules.
    Some glue code.

    A solution might be : add settings to the config file, then stop the portal (don't forget to log everybody out !!) and start the portal again.
    Now your settings will be applied.
    But, because everybody has to logged out first, you would consider this as an option.

    Read also https://www.netgate.com/docs/pfsense/captiveportal/captive-portal-troubleshooting.html



  • I've found the answer by using the following shell commands:

    ipfw table test_pipe_mac add any, 00:00:00:00:00:00 pipenumber
    ipfw table test_pipe_mac add 00:00:00:00:00:00, any pipenumber+1
    ipfw pipe pipenumber config
    ipfw pipe pipenumber+1 config

    It activates the MAC in the ipfw and also configurates the chosen pipes for the traffic.



  • Hey posto, this is a really old thread, but I'm curious how you determine pipe number? The values in my ipfw table seem to all be unique, does that need to be the case or case I reuse one?



  • @ImLukeDeWitt said in CAPTIVE PORTAL - PASSTHRUMAC via command prompt:

    how you determine pipe number?

    To see them : the doc says :

    ipfw table all list
    

    Pipe numbers are unique for every visitor.
    This allows a 'speed per visitor'. pfSense itself can set this speed identical for all connected users, per portal.
    With the FreeRadius package you can set a speed per visitor.
    Allowed MAC's and URL's (converted in IP's) are also passed through pipes.

    When a connection is removed, the related pipes are freed up.
    The pipe-house-keeping is somewhat visible using the ipfw commands, but we can not interact with them, like reusing them.



  • Thanks for the reply Gertjan, I appreciate the help. I ended up just looking through the PFSense source and using their passthrumac functions. I saved the following in /etc/phpshellsessions/myscript and call it with pfSsh.php remotely. It's working for me so far, at some point I'll need to write a second script for removing macs as well.

    # Playback script to add a passthrumac
    # Usage: playback [this_script_name] [mac_address] [description]
    # Note: description can't have spaces in it. 
    
    # Setup
    require("captiveportal.inc");
    global $cpzone, $argv;
    
    $cpzone        = 'guest';
    $mac           = array();
    $mac['action'] = 'pass';
    $mac['mac']    = $argv[3];
    $mac['descr']  = $argv[4];
    
    # Add MAC to config file
    $config['captiveportal'][$cpzone]['passthrumac'][] = $mac;
    
    # Unlock for editing
    unlock($cpdblck);
    
    # Generate firewall rules, write firewall rules from lines in temp file
    $macrules = captiveportal_passthrumac_configure_entry($mac);
    file_put_contents("{$g['tmp_path']}/macentry_{$cpzone}.rules.tmp", $macrules);
    mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry_{$cpzone}.rules.tmp");
    
    # Update config file
    $writecfg = true;
    write_config(gettext("Captive Portal passthrumac configuration changed"));
    

    I found some help in this thread. If I was writing this script from scratch I'd probably make some changes but I left it as close to the original PFSense source as possible.


Log in to reply