Captive Portal: disconnect user will be blocked



  • Hi,
    A fresh install of pfSense-memstick-2.2-BETA-amd64-20140919-1449.img and I tested that if a user is disconnected it will be blocked from the captive portal page.

    When user with IP 10.0.0.2 and mac xx:xx:xx:xx:xx:xx is disconnected from captive portal, it will not be removed from table 1 and 2, nevertheless the user will be blocked from access the captive portal page.
    It is strange the IP showing at table 1 and 2 is 0.0.0.0 and not the correct 10.0.0.2

    $ ipfw -x 2 show
    65291  0     0 allow pfsync from any to any
    65292  0     0 allow carp from any to any
    65301  1    46 allow ip from any to any layer2 mac-type 0x0806,0x8035
    65302  0     0 allow ip from any to any layer2 mac-type 0x888e,0x88c7
    65303  0     0 allow ip from any to any layer2 mac-type 0x8863,0x8864
    65307  0     0 deny ip from any to any layer2 not mac-type 0x0800,0x86dd
    65310 39  4880 allow ip from any to { 255.255.255.255 or 192.168.0.2 or 10.0.0.1 } in
    65311 49 40155 allow ip from { 255.255.255.255 or 192.168.0.2 or 10.0.0.1 } to any out
    65312  0     0 allow icmp from { 255.255.255.255 or 192.168.0.2 or 10.0.0.1 } to any out icmptypes 0
    65313  0     0 allow icmp from any to { 255.255.255.255 or 192.168.0.2 or 10.0.0.1 } in icmptypes 8
    65314  0     0 pipe tablearg ip from table(3) to any in
    65315  0     0 pipe tablearg ip from any to table(4) in
    65316  0     0 pipe tablearg ip from table(3) to any out
    65317  0     0 pipe tablearg ip from any to table(4) out
    65318  0     0 pipe tablearg ip from table(1) to any in
    65319  0     0 pipe tablearg ip from any to table(2) out
    65531  1   169 fwd 127.0.0.1,8003 tcp from any to any dst-port 443 in
    65532 33  1712 fwd 127.0.0.1,8002 tcp from any to any dst-port 80 in
    65533  8   424 allow tcp from any to any out
    65534  2   176 deny ip from any to any
    65535  0     0 allow ip from any to any
    
    $ ipfw -x 2 table 1 list
    0.0.0.0/32 mac xx:xx:xx:xx:xx:xx 2000
    
    $ ipfw -x 2 table 2 list
    0.0.0.0/32 mac xx:xx:xx:xx:xx:xx 2001
    


  • Hi,
    Just to confirm,
    I have the same issue with the 2.2-BETA (amd64) built on Thu Oct 16 18:20:50 CDT 2014 (and older).
    The IP showing at table 1 and 2 is 0.0.0.0 and not the correct to.

    If i flush table 1 and table 2, with

    
    ipfw -x 2 table 1 flush
    ipfw -x 2 table 2 flush
    
    

    i can reauthenticate a second time but if the user is disconnected, the problem returns

    kind regards



  • Hi,
    Tried with or without mac filter and with 2.2-BETA i386 Architecture and have the same issue



  • Hello @ all

    Same problem here:
    2.2-BETA (amd64)
    built on Mon Nov 10 02:26:14 CST 2014
    FreeBSD 10.1-RC4-p1

    Is must have to use 2.2 because it runs an hyper-v.  ::)

    First time login works fine.
    After disconect no landing page apears.

    Sorry for my bad english.




Log in to reply