Captive portal and allowed hosts
-
Hello
I am using the latest (july 4th) version of pfsense on a P4 machine (no name) with 1 Gig of ram and 20 Gig Harddisk. I am using 2 Intel based NICs
I have 30 users behind the firewall, some have direct access, some have access through the portal and some have no access to the internet except for some services such as virus updates and email
My email is hosted by google (smtp,googlemail.com port set as documented for SSL and imap and pop. googlemail,com with appropriate port settings).
the email clients are thunderbird and outlook 2003I also use the transparant proxy where I bypass the proxy for those addresses
I set the allowed hosts in the portal settings to
from (all) to smtp.googlemail.com
from (all) to smtp.gmail.com
from (all) to pop.googlemail.com
from (all) to pop.gmail.com
from (all) to imap.googlemail.com
from (all) to imap.gmail.commy problem
- my users who don't go through the portal all can receive and send email without a problem
- all my other users occassionally receive an error message they can not
- send sometimes
- receive sometimes
both actions send and receive sometimes give the error independent from each other
sometimes the client can send but not receive
sometimes the client can receive but not send
80% of the time the client can send and receive without any interventionI cannot use discrete IP addresses as google has about 10 000 different addresses they rotate …
if I give permission to the client to go through the portal using a password, the problem is gone but I am not allowed to give everyone permission (company policy)
I am stuck now as I moved all emails to google apps in a process to reduce costs (licenses etc)
I checked the log files and there is nothing in the log files indicating there is a problem resolving
smtp
pop
imap on the googlemail or gmail domainsbut the user cannot connect
please help. I can send the log files if necessary (just indicate which ones you need)
Philip Van Cleven
Some more info
I put the following in the configuration of allowed hosts
both directions (!) www.google.comand the users are not able to go to www.google.com
it used to work but it seems not to work anymore ... bug?just passed a couple of hours in front of the firewall and some machines in the factory
it is definitely a bug ... the allowed hosts option in captive portal does not work anymorewhat to do now?