Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive portal and allowed hosts

    Scheduled Pinned Locked Moved Captive Portal
    1 Posts 1 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      clevenp
      last edited by

      Hello

      I am using the latest (july 4th) version of pfsense on a P4 machine (no name) with 1 Gig of ram and 20 Gig Harddisk. I am using 2 Intel based NICs

      I have 30 users behind the firewall, some have direct access, some have access through the portal and some have no access to the internet except for some services such as virus updates and email

      My email is hosted by google (smtp,googlemail.com port set as documented for SSL and imap and pop. googlemail,com with appropriate port settings).
      the email clients are thunderbird and outlook 2003

      I also use the transparant proxy where I bypass the proxy for those addresses

      I set the allowed hosts in the portal settings to
      from (all) to smtp.googlemail.com
      from (all) to smtp.gmail.com
      from (all) to pop.googlemail.com
      from (all) to pop.gmail.com
      from (all) to imap.googlemail.com
      from (all) to imap.gmail.com

      my problem

      1. my users who don't go through the portal all can receive and send email without a problem
      2. all my other users occassionally receive an error message they can not
      • send sometimes
      • receive sometimes

      both actions send and receive sometimes give the error independent from each other
      sometimes the client can send but not receive
      sometimes the client can receive but not send
      80% of the time the client can send and receive without any intervention

      I cannot use discrete IP addresses as google has about 10 000 different addresses they rotate …

      if I give permission to the client to go through the portal using a password, the problem is gone but I am not allowed to give everyone permission (company policy)

      I am stuck now as I moved all emails to google apps in a process to reduce costs (licenses etc)
      I checked the log files and there is nothing in the log files indicating there is a problem resolving
      smtp
      pop
      imap on the googlemail or gmail domains

      but the user cannot connect

      please  help. I can send the log files if necessary (just indicate which ones you need)

      Philip Van Cleven

      Some more info

      I put the following in the configuration of allowed hosts
      both directions (!) www.google.com

      and the users are not able to go to www.google.com
      it used to work but it seems not to work anymore ... bug?

      just passed a couple of hours in front of the firewall and some machines in the factory
      it is definitely a bug ... the allowed hosts option in captive portal does not work anymore

      what to do now?

      1 Reply Last reply Reply Quote 1
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.