Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Captive Portal: disconnect user will be blocked

    2.2 Snapshot Feedback and Problems - RETIRED
    4
    5
    1299
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      azurata last edited by

      Hi,
      A fresh install of pfSense-memstick-2.2-BETA-amd64-20140919-1449.img and I tested that if a user is disconnected it will be blocked from the captive portal page.

      When user with IP 10.0.0.2 and mac xx:xx:xx:xx:xx:xx is disconnected from captive portal, it will not be removed from table 1 and 2, nevertheless the user will be blocked from access the captive portal page.
      It is strange the IP showing at table 1 and 2 is 0.0.0.0 and not the correct 10.0.0.2

      $ ipfw -x 2 show
65291  0     0 allow pfsync from any to any
65292  0     0 allow carp from any to any
65301  1    46 allow ip from any to any layer2 mac-type 0x0806,0x8035
65302  0     0 allow ip from any to any layer2 mac-type 0x888e,0x88c7
65303  0     0 allow ip from any to any layer2 mac-type 0x8863,0x8864
65307  0     0 deny ip from any to any layer2 not mac-type 0x0800,0x86dd
65310 39  4880 allow ip from any to { 255.255.255.255 or 192.168.0.2 or 10.0.0.1 } in
65311 49 40155 allow ip from { 255.255.255.255 or 192.168.0.2 or 10.0.0.1 } to any out
65312  0     0 allow icmp from { 255.255.255.255 or 192.168.0.2 or 10.0.0.1 } to any out icmptypes 0
65313  0     0 allow icmp from any to { 255.255.255.255 or 192.168.0.2 or 10.0.0.1 } in icmptypes 8
65314  0     0 pipe tablearg ip from table(3) to any in
65315  0     0 pipe tablearg ip from any to table(4) in
65316  0     0 pipe tablearg ip from table(3) to any out
65317  0     0 pipe tablearg ip from any to table(4) out
65318  0     0 pipe tablearg ip from table(1) to any in
65319  0     0 pipe tablearg ip from any to table(2) out
65531  1   169 fwd 127.0.0.1,8003 tcp from any to any dst-port 443 in
65532 33  1712 fwd 127.0.0.1,8002 tcp from any to any dst-port 80 in
65533  8   424 allow tcp from any to any out
65534  2   176 deny ip from any to any
65535  0     0 allow ip from any to any

      $ ipfw -x 2 table 1 list
0.0.0.0/32 mac xx:xx:xx:xx:xx:xx 2000

      $ ipfw -x 2 table 2 list
0.0.0.0/32 mac xx:xx:xx:xx:xx:xx 2001
      1 Reply Last reply Reply Quote 0
      • A
        amstramgram last edited by

        Hi,
        Just to confirm,
        I have the same issue with the 2.2-BETA (amd64) built on Thu Oct 16 18:20:50 CDT 2014 (and older).
        The IP showing at table 1 and 2 is 0.0.0.0 and not the correct to.

        If i flush table 1 and table 2, with

        
ipfw -x 2 table 1 flush
ipfw -x 2 table 2 flush

        i can reauthenticate a second time but if the user is disconnected, the problem returns

        kind regards

        1 Reply Last reply Reply Quote 0
        • A
          amstramgram last edited by

          Hi,
          Tried with or without mac filter and with 2.2-BETA i386 Architecture and have the same issue

          1 Reply Last reply Reply Quote 0
          • M
            manuel.biz last edited by

            Hello @ all

            Same problem here:
            2.2-BETA (amd64)
            built on Mon Nov 10 02:26:14 CST 2014
            FreeBSD 10.1-RC4-p1

            Is must have to use 2.2 because it runs an hyper-v.  ::)

            First time login works fine.
            After disconect no landing page apears.

            Sorry for my bad english.

            1 Reply Last reply Reply Quote 0
            • C
              cmb last edited by

              confirmed, ticket open
              https://redmine.pfsense.org/issues/4001

              1 Reply Last reply Reply Quote 0
              • First post
                Last post