Captive Portal fails
-
Running 1.2-RELEASE
I have the following interfaces:
WAN: public IP
LAN: 192.168.0.x/24
OPT1: routable block of IP's from ISP /29
OPT2: 10.0.10.x/24auto-nat is turned off. I have NAT rules for both the 192. and 10. networks -> WAN
I have firewall rules permitting LAN subnet and OPT2 subnet to "any".
DHCP server is enabled for OPT2 and dns-forwarder is enabled as well. The OPT2 interface has (1) device connected, a D-link Wireless AP. The cable connects to one of the LAN ports, and the WAN port is not connected to anything. WAN is set to DHCP on the AP and is "down" in the system status. No NAT or static routes are configured on the AP.
When I enable captive portal for the OPT2 interface, there is ZERO effect on internet browsing (NAT'd traffic). If I try to ping hosts in either the LAN or OPT1 network, they are unreachable as expected. If I manually navigate to the captive portal login page, and login, I can then ping hosts in the LAN or OPT1 network. Internet browsing works before and after manually logging into the CP.
What gives? I've got about 6 hours into this and my hands are up in the air. . .
I had originally tried a PCI-wireless card instead of the extra NIC and AP on 1.2.2 and 1.2.3-RC, but had all sorts of instability issues and CP didn't work in any of the configs I tried there either. I clean-installed back to 1.2-RELEASE and removed the PCI wireless card (which isn't supported in 1.2-RELEASE) because it's been 100% stable with that combo. I'm talking > 6-mo uptime with zero issues on 1.2-RELEASE :)
I've heard there are issues with load balancing and CP, and I DID have two pools config'd for server load balancing (balancing between 2 web servers on the OPT1 interface), and didn't think that would effect CP on OPT2, but I even tried taking all that out, rebooting and config'ing OPT2 interface and CP from scratch. . same result
help!
-Rich
-
1.2-RELEASE
I've been seeing a similar problem, though I do have it working now, sorta. In particular, the thing I've noticed is that captive portal WORKS right after a reboot. But as soon as I go in and change ANYTHING in the firewall, aliases, or anything else that forces ipfw to reload, the captive portal breaks. When it breaks, all web traffic from hosts on that network pass, but pinging either direction fails.
So, my kinda-sorta fix, reboot after changing ANYTHING. This is particularly annoying 'cause the system in question is the main router at my work, ugh. :-\
-
hmm have you tried 1.2.3 - RC with the same hardware/ruleset, and if so results?
I'm thinking of trying 1.2.3 again, but with the ext. AP in place instead of the wireless card I had tried before. I'm HOPING that was the cause of the instability I had with 1.2.3 RC
-Rich