Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal not working under pfBlocker-devel

    Scheduled Pinned Locked Moved pfBlockerNG
    5 Posts 2 Posters 709 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      justice41
      last edited by

      J
      justice41 11 minutes ago

      Hello everyone. I have this issue with CP in the LAN which works fine. But installing pfBlocker breaks the CP in which client says have "Internet Access" but cannot access any sites. And logging in directly to :8002 does nothing.

      CP only - can browse normally
      pfBlocker only - can browse normally
      pfBlocker + CP - no connection
      pfBlocker + CP(but disabled) - can browse normally

      pfSense is a fresh install and everything is in default. Is there a conflict between these two services?

      [Posted here for pfBlocker]

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,

        Your issue is most probably not pfblocker related .
        To remove the issue : never ever edit or change captive portal settings while users are logged in.
        If you have to, you have to throw them of the portal, because they will get 'stuck'.

        It's a known, old issue,and a patch (use the path and the patch package) is proposed in the portal forum.

        If the issue is pfBlocker related : another advise : as portal users are typical non trusted users, they do not belong on the LAN interface. Use a dedicated interface. You could use pfBlockerng-devel on that interface - I do so and have no issues.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • J
          justice41
          last edited by

          Hello

          The thing is, everything is in default. No changes whatsoever. CP is working normally. Login page shows, works, and disconnecting users also works. Just that installing pfBlocker breaks the CP. Even if I change the interface to OPT1 it would still be the same. Login page does not show nor directly logging in has no connection also.. Either I can use pfBlocker or CP but not at the same time.

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            Do this test :

            aaff1982-4f38-4e26-b9b8-3be85e54e0d5-image.png

            and compare these with the ipfw firewall rules : thes erae the two tables that contain the "pass" rules :

            ipfw table all list | grep '_auth_'

            So, for me :

            [2.4.5-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ipfw table cpzone1_auth_down list
192.168.2.22/32 2045 32346 42479778 1597985246
192.168.2.61/32 2049 258045 327928165 1597985267
192.168.2.111/32 2043 30170 27498789 1597985844
192.168.2.237/32 2031 172539 174804555 1597985775

[2.4.5-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ipfw table cpzone1_auth_up list
192.168.2.22/32 c6:0d:9d:bf:12:dx 2044 18462 2470106 1597985246
192.168.2.61/32 b4:8b:19:00:9e:0x 2048 144932 20520809 1597985267
192.168.2.111/32 b6:03:24:ee:d8:8x 2042 26872 15886625 1597985847
192.168.2.237/32 b4:86:55:6a:8a:cx 2030 119359 84302573 1597985775

            There is a perfect match between these two tables and the GUI list : identical IP and MAC's.

            If the GUI list connected users that you can't find in the ipfw tables, you've been bitten by the "Your are connected" bug.

            @justice41 said in Captive Portal not working under pfBlocker-devel:

            No changes whatsoever. CP is working normally. Login page shows, works, and disconnecting users also works. Just that installing pfBlocker breaks the CP

            i'm using the CP for my clients / visitors, and have no troubles at all using pfBlockerNG-devel on the LAN and PORTAL interface :

            a1ef54a4-de56-414e-8b42-14e8def2ea33-image.png

            Read again the top part of this page. Every portal admin should know this page out of his head. The ipfw rules actually
            So, a good working local DNS is very important (it's always important, but this time it's very important).
            When you know that pfBlockerNG-devell also indirectly 'manipulates' DNS requests, all dependings what the feeds are that you have chosen.
            A pfBlockerNG-devel without feeds - the default install - does actually nothing, it doesn't change the resolver's behaviour in any kind, so it's presence is neutral.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            J 1 Reply Last reply Reply Quote 0
            • J
              justice41 @Gertjan
              last edited by

              ipfw shows a perfect match. And local DNS is working perfectly fine. Although I seem to have found the problem in which one of the feeds is blocking the localhost for some reason. For now I disabled localhost being included in the DNS and thing works ok now.
              If somewhere breaks again, might be better to just remove that feed.

              thnx for the reply.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.