Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NMAP INTERFACE VLAN -> WITH CAPTIVE PORTAL

    Scheduled Pinned Locked Moved Captive Portal
    8 Posts 3 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dmajela
      last edited by

      Huh
      I'm running some tests and don't know what this wrong … maybe rules, do not know ...

      I have one interface with 10 vlans.

      ALL intefaces with CAPTIVE PORTAL "VOUCHER"

      The test !!!!!

      WITH CAPTIVE-PORTAL

      My ip 172.16.3.10

      NMAP -T4 -A -v -Pn  172.16.2.0/24

      there is a rule that blocks any  any  any  any

      But....

      172.16.2.0 "n"  all IP´S  send SYN/ACK to "n" ports.

      WITHOUT  CAPTIVE-PORTAL

      NMAP -T4 -A -v -Pn  172.16.2.0/24

      NO SYN/ACK

      SOMEONE ALREADY MADE THIS TEST? COULD HELP ME.

      Thanks

      1 Reply Last reply Reply Quote 0
      • D
        dmajela
        last edited by

        :(            NOBODY ????????

        Please….

        Thanks.

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          You haven't provided enough information to do anything but guess as what might be happening.

          Though if you are scanning from a host behind the portal, and you haven't signed onto the portal yet, you may be hitting the redirect rule and getting unexpected results.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • D
            dmajela
            last edited by

            I think this is it. I wish this did not happen. What do I do?
            Thank you.

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              If you authenticate via the portal before trying to access anything, it should flow freely. However, if you really must run network scans, it's best to run them from a place that has as little filtering as possible, because of just this reason: you never know if you are really seeing the results of scanning the remote host, or if it's being filtered/altered somewhere in between.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • D
                dmajela
                last edited by

                understood.
                Let's say a machine starts a User bombard the pfsense with these SYN / SYNACK.
                I'm afraid that might cause a DOS.
                This is my concern.

                thank JIMP

                1 Reply Last reply Reply Quote 0
                • E
                  eri--
                  last edited by

                  You can prevent this with firewall rules.
                  Specifying the rate connections can be created.

                  1 Reply Last reply Reply Quote 0
                  • D
                    dmajela
                    last edited by

                    Ermal…...

                    I created a rule that prohibits all but the captive configured on the interface.
                    It seems that when the captive-enabled interface, they do not respect the firewall
                    rules, after the user authenticates to the captive rules are then followed.
                    Something that I think should happen is just spotting nmap tcp port 8000
                    for authentication, nothing more.

                    Thank you very much

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.