[SOLVED] Captive portal works only with IP
-
Hi, i know there are a lot of posts about captive portal, but i didn't find any solution for my problem.
This is my pfsense version:
2.0-RC3 (i386)
built on Mon Jul 25 20:30:19 EDT 2011WLAN config:
10.59.1.8/24DHCP config:
10.59.1.12 -> 10.59.1.200
DNS1: 10.59.1.8
DNS2: 8.8.8.8I've one firewall rule applied on my Wlan, with all parameter set to "any" and the rule is set to PASS, so is totally open.
DNS Forwarder active.
The problem is when i insert an URL, i can't see captive portal page . The only way i can see the page is typing the WLAN ip (http://10.59.1.8:8000)
What's wrong in my configuration?
Thanks a lot :)
-
The computer you are using to access the URL, does it have a static IP address or is it running of DHCP?
Check that you have a DNS in your IP properties of the wlan adapter, as it will not access the domain locally. -
The computer has DHCP enable, and the first DNS is the WLAN ip:
IP: 10.59.1.13 - 255.255.255.0
Gateway: 10.59.1.8
DNS1: 10.59.1.8
DNS2: 8.8.8.8FFox says that could be a DNS problem, but seems all correct.
-
Please upgrade to latest snapshot and check if it fixes your issue?
Otherwise please post the result of ipfw show command and ifconfig output. -
At the risk of asking the obvious: you have enabled the captive portal on the appropriate interface (WLAN?)
Captive portal works fine for me on snapshot: 2.0-RC3 (i386) built on Wed Jul 20 01:31:15 EDT 2011
-
[2.0-RC3][root@firewall.isia]/root(1): ipfw show 65291 0 0 allow pfsync from any to any 65292 0 0 allow carp from any to any 65301 68 2246 allow ip from any to any layer2 mac-type 0x0806 65302 0 0 allow ip from any to any layer2 mac-type 0x888e 65303 0 0 allow ip from any to any layer2 mac-type 0x88c7 65304 0 0 allow ip from any to any layer2 mac-type 0x8863 65305 0 0 allow ip from any to any layer2 mac-type 0x8864 65306 0 0 allow ip from any to any layer2 mac-type 0x888e 65307 0 0 deny ip from any to any layer2 not mac-type 0x0800 65310 567 58413 allow ip from any to { 255.255.255.255 or 10.59.1.8 } in 65311 474 209740 allow ip from { 255.255.255.255 or 10.59.1.8 } to any out 65312 0 0 allow icmp from { 255.255.255.255 or 10.59.1.8 } to any out icm ptypes 0 65313 0 0 allow icmp from any to { 255.255.255.255 or 10.59.1.8 } in icmp types 8 65314 0 0 allow ip from table(3) to any in 65315 0 0 allow ip from any to table(4) out 65316 0 0 pipe tablearg ip from table(5) to any in 65317 0 0 pipe tablearg ip from any to table(6) out 65318 0 0 allow ip from any to table(7) in 65319 0 0 allow ip from table(8) to any out 65320 0 0 pipe tablearg ip from any to table(9) in 65321 0 0 pipe tablearg ip from table(10) to any out 65322 656 82308 allow ip from table(1) to any in 65323 903 935816 allow ip from any to table(2) out 65531 275 32259 fwd 127.0.0.1,8000 tcp from any to any in 65532 264 39517 allow tcp from any to any out 65533 312 26246 deny ip from any to any 65534 0 0 allow ip from any to any layer2 65535 0 0 allow ip from any to any
[2.0-RC3][root@firewall.isia]/root(32): ifconfig bge0: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500 options=8009b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,linkstate>ether 00:11:43:ab:3c:1e media: Ethernet autoselect (none) status: no carrier xl0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=80009 <rxcsum,vlan_mtu,linkstate>ether 00:04:76:18:b0:32 inet 192.168.0.3 netmask 0xff000000 broadcast 192.255.255.255 inet6 fe80::204:76ff:fe18:b032%xl0 prefixlen 64 scopeid 0x2 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>) status: active xl1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=80009 <rxcsum,vlan_mtu,linkstate>ether 00:04:76:18:b0:2b inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::204:76ff:fe18:b02b%xl1 prefixlen 64 scopeid 0x3 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>) status: active rl0: flags=108843 <up,broadcast,running,simplex,multicast,ipfw_filter>metric 0 mtu 1500 options=8 <vlan_mtu>ether 00:e0:4c:39:14:6b inet 10.59.1.8 netmask 0xffffff00 broadcast 10.59.1.255 inet6 fe80::2e0:4cff:fe39:146b%rl0 prefixlen 64 scopeid 0x4 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>) status: active plip0: flags=8810 <pointopoint,simplex,multicast>metric 0 mtu 1500 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 nd6 options=3 <performnud,accept_rtadv>pflog0: flags=100 <promisc>metric 0 mtu 33200 pfsync0: flags=0<> metric 0 mtu 1460 syncpeer: 224.0.0.240 maxupd: 128 syncok: 1 enc0: flags=0<> metric 0 mtu 1536 ipfw0: flags=8801 <up,simplex,multicast>metric 0 mtu 65536</up,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></pointopoint,simplex,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu></up,broadcast,running,simplex,multicast,ipfw_filter></full-duplex></performnud,accept_rtadv></rxcsum,vlan_mtu,linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,vlan_mtu,linkstate></up,broadcast,running,simplex,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,linkstate></broadcast,simplex,multicast>
@Wallabybob
Yep. Captive portal configuration:
Enabled Captive Portal
Interfaces: WLAN (my third network card connected to my AP)
Idle timeout: 10 mins
Hard timeout: 60 mins
Auth: Local User Manager / Vouchersi've made some other test and there is something strange…
I log in captive portal (by ip) and browse 2 or 3 sites, then i disconnect my user from captive portal. If in Firefox I enter one of the past URL, i've the captive portal login page, if i try to write another URL, i've an error. -
It would probably help if you were more specific in your reports:
@Bloody:
The problem is when i insert an URL, i can't see captive portal page .
What do you see?
@Bloody:
I log in captive portal (by ip) and browse 2 or 3 sites, then i disconnect my user from captive portal. If in Firefox I enter one of the past URL, i've the captive portal login page, if i try to write another URL, i've an error.
Login by voucher or username?
Disconnect from captive portal by logout?
past URL is one of the 2 or 3 immediately previously browsed sites?
error on writing another URL: what error? reported by? writing another URL means typing a different URL (presumably not one of the immediately previously browsed URLs) in the browser location bar? -
In Chrome i've this error:
"The server at www.google.it can't be found, because the DNS lookup failed. …etc"
In FFox
"Firefox can't contact www.google.it server" (or something similar, i've this message in italian)-
Login by username and password
-
Disconnect using pfSense -> Status -> Captive portal
-
Open Firefox 5
-
Digit on URL bar: 10.59.1.8 and login in captive portal page
-
Browse in: www.libero.it , www.repubblica.it, www.google.it
-
Logout (in another pc connected in LAN i go to pfsense web interface -> Status -> Captive portal and disconnect my user)
-
In Firefox 5, now i write www.ferrari.it but i don't see captive portal page but only that error page (Firefox can't contact...)
if i write www.libero.it or www.repubblica.it (one of the site i visited previously) Firefox give me the captive portal page.
Thanks :)
-
-
O.o it works…
I don't change anything, just update pfsense and now seems it works.
i'll try clean my cache and i'll try some other notebook...i confirm...now it works. i didn't do anything, just restart my AP, my router and start pfsense today, update this one to new version (2.0-RC3 (i386) -built on Thu Jul 28 23:16:13 EDT 2011 ). Nothing more.
i post again the results of ifconfig and ipfw show (i don't know if could be useful)
ifconfig bge0: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500 options=8009b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,linkstat ="" e="">ether 00:11:43:ab:3c:1e media: Ethernet autoselect (none) status: no carrier xl0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=80009 <rxcsum,vlan_mtu,linkstate>ether 00:04:76:18:b0:32 inet 192.168.0.3 netmask 0xff000000 broadcast 192.255.255.255 inet6 fe80::204:76ff:fe18:b032%xl0 prefixlen 64 scopeid 0x2 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>) status: active xl1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=80009 <rxcsum,vlan_mtu,linkstate>ether 00:04:76:18:b0:2b inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::204:76ff:fe18:b02b%xl1 prefixlen 64 scopeid 0x3 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>) status: active rl0: flags=108843 <up,broadcast,running,simplex,multicast,ipfw_filter>metric 0 m tu 1500 options=8 <vlan_mtu>ether 00:e0:4c:39:14:6b inet 10.59.1.8 netmask 0xffffff00 broadcast 10.59.1.255 inet6 fe80::2e0:4cff:fe39:146b%rl0 prefixlen 64 scopeid 0x4 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>) status: active plip0: flags=8810 <pointopoint,simplex,multicast>metric 0 mtu 1500 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 nd6 options=3 <performnud,accept_rtadv>pflog0: flags=100 <promisc>metric 0 mtu 33200 pfsync0: flags=0<> metric 0 mtu 1460 syncpeer: 224.0.0.240 maxupd: 128 syncok: 1 enc0: flags=0<> metric 0 mtu 1536 ipfw0: flags=8801 <up,simplex,multicast>metric 0 mtu 65536 ipfw show 65291 0 0 allow pfsync from any to any 65292 0 0 allow carp from any to any 65301 14 464 allow ip from any to any layer2 mac-type 0x0806 65302 0 0 allow ip from any to any layer2 mac-type 0x888e 65303 0 0 allow ip from any to any layer2 mac-type 0x88c7 65304 0 0 allow ip from any to any layer2 mac-type 0x8863 65305 0 0 allow ip from any to any layer2 mac-type 0x8864 65306 0 0 allow ip from any to any layer2 mac-type 0x888e 65307 0 0 deny ip from any to any layer2 not mac-type 0x0800 65310 329 34233 allow ip from any to { 255.255.255.255 or 10.59.1.8 } in 65311 277 118046 allow ip from { 255.255.255.255 or 10.59.1.8 } to any out 65312 0 0 allow icmp from { 255.255.255.255 or 10.59.1.8 } to any out icmptypes 0 65313 0 0 allow icmp from any to { 255.255.255.255 or 10.59.1.8 } in icmptypes 8 65314 0 0 allow ip from table(3) to any in 65315 0 0 allow ip from any to table(4) out 65316 0 0 pipe tablearg ip from table(5) to any in 65317 0 0 pipe tablearg ip from any to table(6) out 65318 0 0 allow ip from any to table(7) in 65319 0 0 allow ip from table(8) to any out 65320 0 0 pipe tablearg ip from any to table(9) in 65321 0 0 pipe tablearg ip from table(10) to any out 65322 653 78203 allow ip from table(1) to any in 65323 685 660723 allow ip from any to table(2) out 65531 296 26923 fwd 127.0.0.1,8000 tcp from any to any in 65532 264 35405 allow tcp from any to any out 65533 472 42177 deny ip from any to any 65534 0 0 allow ip from any to any layer2 65535 0 0 allow ip from any to any</up,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></pointopoint,simplex,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu></up,broadcast,running,simplex,multicast,ipfw_filter></full-duplex></performnud,accept_rtadv></rxcsum,vlan_mtu,linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,vlan_mtu,linkstate></up,broadcast,running,simplex,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,linkstat></broadcast,simplex,multicast>
Thanks for yours help guys.
Bye :)