Captive portal and allowed hosts



  • Hello

    I am using the latest (july 4th) version of pfsense on a P4 machine (no name) with 1 Gig of ram and 20 Gig Harddisk. I am using 2 Intel based NICs

    I have 30 users behind the firewall, some have direct access, some have access through the portal and some have no access to the internet except for some services such as virus updates and email

    My email is hosted by google (smtp,googlemail.com port set as documented for SSL and imap and pop. googlemail,com with appropriate port settings).
    the email clients are thunderbird and outlook 2003

    I also use the transparant proxy where I bypass the proxy for those addresses

    I set the allowed hosts in the portal settings to
    from (all) to smtp.googlemail.com
    from (all) to smtp.gmail.com
    from (all) to pop.googlemail.com
    from (all) to pop.gmail.com
    from (all) to imap.googlemail.com
    from (all) to imap.gmail.com

    my problem

    1. my users who don't go through the portal all can receive and send email without a problem
    2. all my other users occassionally receive an error message they can not
    • send sometimes
    • receive sometimes

    both actions send and receive sometimes give the error independent from each other
    sometimes the client can send but not receive
    sometimes the client can receive but not send
    80% of the time the client can send and receive without any intervention

    I cannot use discrete IP addresses as google has about 10 000 different addresses they rotate …

    if I give permission to the client to go through the portal using a password, the problem is gone but I am not allowed to give everyone permission (company policy)

    I am stuck now as I moved all emails to google apps in a process to reduce costs (licenses etc)
    I checked the log files and there is nothing in the log files indicating there is a problem resolving
    smtp
    pop
    imap on the googlemail or gmail domains

    but the user cannot connect

    please  help. I can send the log files if necessary (just indicate which ones you need)

    Philip Van Cleven

    Some more info

    I put the following in the configuration of allowed hosts
    both directions (!) www.google.com

    and the users are not able to go to www.google.com
    it used to work but it seems not to work anymore ... bug?

    just passed a couple of hours in front of the firewall and some machines in the factory
    it is definitely a bug ... the allowed hosts option in captive portal does not work anymore

    what to do now?


Locked