[SOLVED] Captive portal works only with IP



  • Hi, i know there are a lot of posts about captive portal, but i didn't find any solution for my problem.
    This is my pfsense version:
    2.0-RC3 (i386)
    built on Mon Jul 25 20:30:19 EDT 2011

    WLAN config:
    10.59.1.8/24

    DHCP config:
    10.59.1.12 -> 10.59.1.200  
    DNS1: 10.59.1.8
    DNS2: 8.8.8.8

    I've one firewall rule applied on my Wlan, with all parameter set to "any" and the rule is set to PASS, so is totally open.

    DNS Forwarder active.

    The problem is when i insert an URL, i can't see captive portal page . The only way i can see the page is typing the WLAN ip (http://10.59.1.8:8000)

    What's wrong in my configuration?

    Thanks a lot :)



  • The computer you are using to access the URL, does it have a static IP address or is it running of DHCP?
    Check that you have a DNS in your IP properties of the wlan adapter, as it will not access the domain locally.



  • The computer has DHCP enable, and the first DNS is the WLAN ip:
    IP: 10.59.1.13 - 255.255.255.0
    Gateway: 10.59.1.8
    DNS1: 10.59.1.8
    DNS2: 8.8.8.8

    FFox says that could be a DNS problem, but seems all correct.



  • Please upgrade to latest snapshot and check if it fixes your issue?
    Otherwise please post the result of ipfw show command and ifconfig output.



  • At the risk of asking the obvious: you have enabled the captive portal on the appropriate interface (WLAN?)

    Captive portal works fine for me on snapshot: 2.0-RC3 (i386) built on Wed Jul 20 01:31:15 EDT 2011



  • [2.0-RC3][root@firewall.isia]/root(1): ipfw show
    65291   0      0 allow pfsync from any to any
    65292   0      0 allow carp from any to any
    65301  68   2246 allow ip from any to any layer2 mac-type 0x0806
    65302   0      0 allow ip from any to any layer2 mac-type 0x888e
    65303   0      0 allow ip from any to any layer2 mac-type 0x88c7
    65304   0      0 allow ip from any to any layer2 mac-type 0x8863
    65305   0      0 allow ip from any to any layer2 mac-type 0x8864
    65306   0      0 allow ip from any to any layer2 mac-type 0x888e
    65307   0      0 deny ip from any to any layer2 not mac-type 0x0800
    65310 567  58413 allow ip from any to { 255.255.255.255 or 10.59.1.8 } in
    65311 474 209740 allow ip from { 255.255.255.255 or 10.59.1.8 } to any out
    65312   0      0 allow icmp from { 255.255.255.255 or 10.59.1.8 } to any out icm                        ptypes 0
    65313   0      0 allow icmp from any to { 255.255.255.255 or 10.59.1.8 } in icmp                        types 8
    65314   0      0 allow ip from table(3) to any in
    65315   0      0 allow ip from any to table(4) out
    65316   0      0 pipe tablearg ip from table(5) to any in
    65317   0      0 pipe tablearg ip from any to table(6) out
    65318   0      0 allow ip from any to table(7) in
    65319   0      0 allow ip from table(8) to any out
    65320   0      0 pipe tablearg ip from any to table(9) in
    65321   0      0 pipe tablearg ip from table(10) to any out
    65322 656  82308 allow ip from table(1) to any in
    65323 903 935816 allow ip from any to table(2) out
    65531 275  32259 fwd 127.0.0.1,8000 tcp from any to any in
    65532 264  39517 allow tcp from any to any out
    65533 312  26246 deny ip from any to any
    65534   0      0 allow ip from any to any layer2
    65535   0      0 allow ip from any to any
    
    
    [2.0-RC3][root@firewall.isia]/root(32): ifconfig
    bge0: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
            options=8009b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,linkstate>ether 00:11:43:ab:3c:1e
            media: Ethernet autoselect (none)
            status: no carrier
    xl0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            options=80009 <rxcsum,vlan_mtu,linkstate>ether 00:04:76:18:b0:32
            inet 192.168.0.3 netmask 0xff000000 broadcast 192.255.255.255
            inet6 fe80::204:76ff:fe18:b032%xl0 prefixlen 64 scopeid 0x2
            nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
    xl1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            options=80009 <rxcsum,vlan_mtu,linkstate>ether 00:04:76:18:b0:2b
            inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
            inet6 fe80::204:76ff:fe18:b02b%xl1 prefixlen 64 scopeid 0x3
            nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
    rl0: flags=108843 <up,broadcast,running,simplex,multicast,ipfw_filter>metric 0 mtu 1500
            options=8 <vlan_mtu>ether 00:e0:4c:39:14:6b
            inet 10.59.1.8 netmask 0xffffff00 broadcast 10.59.1.255
            inet6 fe80::2e0:4cff:fe39:146b%rl0 prefixlen 64 scopeid 0x4
            nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
    plip0: flags=8810 <pointopoint,simplex,multicast>metric 0 mtu 1500
    lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
            options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
            inet6 ::1 prefixlen 128
            inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
            nd6 options=3 <performnud,accept_rtadv>pflog0: flags=100 <promisc>metric 0 mtu 33200
    pfsync0: flags=0<> metric 0 mtu 1460
            syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
    enc0: flags=0<> metric 0 mtu 1536
    ipfw0: flags=8801 <up,simplex,multicast>metric 0 mtu 65536</up,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></pointopoint,simplex,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu></up,broadcast,running,simplex,multicast,ipfw_filter></full-duplex></performnud,accept_rtadv></rxcsum,vlan_mtu,linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,vlan_mtu,linkstate></up,broadcast,running,simplex,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,linkstate></broadcast,simplex,multicast> 
    

    @Wallabybob
    Yep. Captive portal configuration:
    Enabled Captive Portal
    Interfaces: WLAN (my third network card connected to my AP)
    Idle timeout: 10 mins
    Hard timeout: 60 mins
    Auth: Local User Manager / Vouchers

    i've made some other test and there is something strange…
    I log in captive portal (by ip) and browse 2 or 3 sites, then i disconnect my user from captive portal. If in Firefox I enter one of the past URL, i've the captive portal login page, if i try to write another URL, i've an error.



  • It would probably help if you were more specific in your reports:

    @Bloody:

    The problem is when i insert an URL, i can't see captive portal page .

    What do you see?

    @Bloody:

    I log in captive portal (by ip) and browse 2 or 3 sites, then i disconnect my user from captive portal. If in Firefox I enter one of the past URL, i've the captive portal login page, if i try to write another URL, i've an error.

    Login by voucher or username?
    Disconnect from captive portal by logout?
    past URL is one of the 2 or 3 immediately previously browsed sites?
    error on writing another URL: what error? reported by? writing another URL means typing a different URL (presumably not one of the immediately previously browsed URLs) in the browser location bar?



  • In Chrome i've this error:
    "The server at www.google.it can't be found, because the DNS lookup failed. …etc"
    In FFox
    "Firefox can't contact www.google.it server" (or something similar, i've this message in italian)

    • Login by username and password

    • Disconnect using pfSense -> Status -> Captive portal

    • Open Firefox 5

    • Digit on URL bar: 10.59.1.8 and login in captive portal page

    • Browse in: www.libero.it , www.repubblica.it, www.google.it

    • Logout (in another pc connected in LAN i go to pfsense web interface -> Status -> Captive portal and disconnect my user)

    • In Firefox 5, now i write www.ferrari.it but i don't see captive portal page but only that error page (Firefox can't contact...)
      if i write www.libero.it or www.repubblica.it (one of the site i visited previously) Firefox give me the captive portal page.

    Thanks :)



  • O.o it works…
    I don't change anything, just update pfsense and now seems it works.
    i'll try clean my cache and i'll try some other notebook...

    i confirm...now it works. i didn't do anything, just restart my AP, my router and start pfsense today, update this one to new version (2.0-RC3 (i386) -built on Thu Jul 28 23:16:13 EDT 2011 ). Nothing more.

    i post again the results of ifconfig and ipfw show (i don't know if could be useful)

    ifconfig
    bge0: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
            options=8009b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,linkstat  =""  e="">ether 00:11:43:ab:3c:1e
            media: Ethernet autoselect (none)
            status: no carrier
    xl0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            options=80009 <rxcsum,vlan_mtu,linkstate>ether 00:04:76:18:b0:32
            inet 192.168.0.3 netmask 0xff000000 broadcast 192.255.255.255
            inet6 fe80::204:76ff:fe18:b032%xl0 prefixlen 64 scopeid 0x2
            nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
    xl1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            options=80009 <rxcsum,vlan_mtu,linkstate>ether 00:04:76:18:b0:2b
            inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
            inet6 fe80::204:76ff:fe18:b02b%xl1 prefixlen 64 scopeid 0x3
            nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
    rl0: flags=108843 <up,broadcast,running,simplex,multicast,ipfw_filter>metric 0 m                          tu 1500
            options=8 <vlan_mtu>ether 00:e0:4c:39:14:6b
            inet 10.59.1.8 netmask 0xffffff00 broadcast 10.59.1.255
            inet6 fe80::2e0:4cff:fe39:146b%rl0 prefixlen 64 scopeid 0x4
            nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
    plip0: flags=8810 <pointopoint,simplex,multicast>metric 0 mtu 1500
    lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
            options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
            inet6 ::1 prefixlen 128
            inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
            nd6 options=3 <performnud,accept_rtadv>pflog0: flags=100 <promisc>metric 0 mtu 33200
    pfsync0: flags=0<> metric 0 mtu 1460
            syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
    enc0: flags=0<> metric 0 mtu 1536
    ipfw0: flags=8801 <up,simplex,multicast>metric 0 mtu 65536
    
     ipfw show
    65291   0      0 allow pfsync from any to any
    65292   0      0 allow carp from any to any
    65301  14    464 allow ip from any to any layer2 mac-type 0x0806
    65302   0      0 allow ip from any to any layer2 mac-type 0x888e
    65303   0      0 allow ip from any to any layer2 mac-type 0x88c7
    65304   0      0 allow ip from any to any layer2 mac-type 0x8863
    65305   0      0 allow ip from any to any layer2 mac-type 0x8864
    65306   0      0 allow ip from any to any layer2 mac-type 0x888e
    65307   0      0 deny ip from any to any layer2 not mac-type 0x0800
    65310 329  34233 allow ip from any to { 255.255.255.255 or 10.59.1.8 } in
    65311 277 118046 allow ip from { 255.255.255.255 or 10.59.1.8 } to any out
    65312   0      0 allow icmp from { 255.255.255.255 or 10.59.1.8 } to any out icmptypes 0
    65313   0      0 allow icmp from any to { 255.255.255.255 or 10.59.1.8 } in icmptypes 8
    65314   0      0 allow ip from table(3) to any in
    65315   0      0 allow ip from any to table(4) out
    65316   0      0 pipe tablearg ip from table(5) to any in
    65317   0      0 pipe tablearg ip from any to table(6) out
    65318   0      0 allow ip from any to table(7) in
    65319   0      0 allow ip from table(8) to any out
    65320   0      0 pipe tablearg ip from any to table(9) in
    65321   0      0 pipe tablearg ip from table(10) to any out
    65322 653  78203 allow ip from table(1) to any in
    65323 685 660723 allow ip from any to table(2) out
    65531 296  26923 fwd 127.0.0.1,8000 tcp from any to any in
    65532 264  35405 allow tcp from any to any out
    65533 472  42177 deny ip from any to any
    65534   0      0 allow ip from any to any layer2
    65535   0      0 allow ip from any to any</up,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></pointopoint,simplex,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu></up,broadcast,running,simplex,multicast,ipfw_filter></full-duplex></performnud,accept_rtadv></rxcsum,vlan_mtu,linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,vlan_mtu,linkstate></up,broadcast,running,simplex,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,linkstat></broadcast,simplex,multicast> 
    

    Thanks for yours help guys.

    Bye :)


Locked