Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Captive Portal: disconnect user will be blocked

    2.2 Snapshot Feedback and Problems - RETIRED
    4
    5
    1299
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      azurata last edited by

      Hi,
      A fresh install of pfSense-memstick-2.2-BETA-amd64-20140919-1449.img and I tested that if a user is disconnected it will be blocked from the captive portal page.

      When user with IP 10.0.0.2 and mac xx:xx:xx:xx:xx:xx is disconnected from captive portal, it will not be removed from table 1 and 2, nevertheless the user will be blocked from access the captive portal page.
      It is strange the IP showing at table 1 and 2 is 0.0.0.0 and not the correct 10.0.0.2

      $ ipfw -x 2 show
      65291  0     0 allow pfsync from any to any
      65292  0     0 allow carp from any to any
      65301  1    46 allow ip from any to any layer2 mac-type 0x0806,0x8035
      65302  0     0 allow ip from any to any layer2 mac-type 0x888e,0x88c7
      65303  0     0 allow ip from any to any layer2 mac-type 0x8863,0x8864
      65307  0     0 deny ip from any to any layer2 not mac-type 0x0800,0x86dd
      65310 39  4880 allow ip from any to { 255.255.255.255 or 192.168.0.2 or 10.0.0.1 } in
      65311 49 40155 allow ip from { 255.255.255.255 or 192.168.0.2 or 10.0.0.1 } to any out
      65312  0     0 allow icmp from { 255.255.255.255 or 192.168.0.2 or 10.0.0.1 } to any out icmptypes 0
      65313  0     0 allow icmp from any to { 255.255.255.255 or 192.168.0.2 or 10.0.0.1 } in icmptypes 8
      65314  0     0 pipe tablearg ip from table(3) to any in
      65315  0     0 pipe tablearg ip from any to table(4) in
      65316  0     0 pipe tablearg ip from table(3) to any out
      65317  0     0 pipe tablearg ip from any to table(4) out
      65318  0     0 pipe tablearg ip from table(1) to any in
      65319  0     0 pipe tablearg ip from any to table(2) out
      65531  1   169 fwd 127.0.0.1,8003 tcp from any to any dst-port 443 in
      65532 33  1712 fwd 127.0.0.1,8002 tcp from any to any dst-port 80 in
      65533  8   424 allow tcp from any to any out
      65534  2   176 deny ip from any to any
      65535  0     0 allow ip from any to any
      
      $ ipfw -x 2 table 1 list
      0.0.0.0/32 mac xx:xx:xx:xx:xx:xx 2000
      
      $ ipfw -x 2 table 2 list
      0.0.0.0/32 mac xx:xx:xx:xx:xx:xx 2001
      
      1 Reply Last reply Reply Quote 0
      • A
        amstramgram last edited by

        Hi,
        Just to confirm,
        I have the same issue with the 2.2-BETA (amd64) built on Thu Oct 16 18:20:50 CDT 2014 (and older).
        The IP showing at table 1 and 2 is 0.0.0.0 and not the correct to.

        If i flush table 1 and table 2, with

        
        ipfw -x 2 table 1 flush
        ipfw -x 2 table 2 flush
        
        

        i can reauthenticate a second time but if the user is disconnected, the problem returns

        kind regards

        1 Reply Last reply Reply Quote 0
        • A
          amstramgram last edited by

          Hi,
          Tried with or without mac filter and with 2.2-BETA i386 Architecture and have the same issue

          1 Reply Last reply Reply Quote 0
          • M
            manuel.biz last edited by

            Hello @ all

            Same problem here:
            2.2-BETA (amd64)
            built on Mon Nov 10 02:26:14 CST 2014
            FreeBSD 10.1-RC4-p1

            Is must have to use 2.2 because it runs an hyper-v.  ::)

            First time login works fine.
            After disconect no landing page apears.

            Sorry for my bad english.

            1 Reply Last reply Reply Quote 0
            • C
              cmb last edited by

              confirmed, ticket open
              https://redmine.pfsense.org/issues/4001

              1 Reply Last reply Reply Quote 0
              • First post
                Last post