Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bug @ pfSense_ipfw_Tableaction

    Scheduled Pinned Locked Moved 2.2 Snapshot Feedback and Problems - RETIRED
    11 Posts 5 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      azurata
      last edited by

      In the captiveportal.inc, function portal_allow(), when

      			if (!isset($config['captiveportal'][$cpzone]['nomacfilter']))
      				$_gb = @pfSense_ipfw_Tableaction($cpzoneid, IP_FW_TABLE_XADD, 1, $clientip, $clientsn, $clientmac, $bw_up_pipeno);
      			else
      				$_gb = @pfSense_ipfw_Tableaction($cpzoneid, IP_FW_TABLE_XADD, 1, $clientip, $clientsn, NULL, $bw_up_pipeno);
      
      			if (!isset($config['captiveportal'][$cpzone]['nomacfilter']))
      				$_gb = @pfSense_ipfw_Tableaction($cpzoneid, IP_FW_TABLE_XADD, 2, $clientip, $clientsn, $clientmac, $bw_down_pipeno);
      			else
      				$_gb = @pfSense_ipfw_Tableaction($cpzoneid, IP_FW_TABLE_XADD, 2, $clientip, $clientsn, NULL, $bw_down_pipeno);
      
      

      the variable $clientip will hold the client IP, but when passed to pfSense_ipfw_Tableaction it will not be used, instead  the IP will allways be 0.0.0.0 in the ipfw table.

      This function is at /usr/local/lib/php/20121212/pfSense.so
      I can't find the source.

      regards azurata

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Under what circumstances do you get 0.0.0.0 there? Not seeing that.

        1 Reply Last reply Reply Quote 0
        • A
          azurata
          last edited by

          1. fresh snapshot amd64 install with pfSense-memstick-2.2-BETA-amd64-20141105-1226.img;
          2. add user1 with captive portal login privilege;
          3. enable captive portal on lan and wan;
          4. try to open google.com and get redirected to the captive portal page and login as user1;
          5. redirected to google.com;
          6. check firewall table 1 and 2 with ipfw -x 2 table 1 list;ipfw -x 2 table 2 list;
          7. the IP of user1 at ipfw tables will be 0.0.0.0;
          8. kill user1
          9. check firewall table 1 and 2 with ipfw -x 2 table 1 list;ipfw -x 2 table 2 list;
          10. rule is still there and user is not redirected to the captive portal anymore.

          regards azurata

          1 Reply Last reply Reply Quote 0
          • A
            amstramgram
            last edited by

            Hi,
            I write just to support  you azurata and say that i can reproduce this issue with FreeBSD 2.2 BETA 10.1-RC4-p1
            I allow myself to point your previous topic about this problem
            https://forum.pfsense.org/index.php?topic=81984.0

            I can add that i have test with and without authentication, with or without mac filter, with i386 and x64 distro.
            If i flush table 1 et 2 after kill user, i can authenticate again but it disconnect all user and the issue stay the same.

            Regards

            1 Reply Last reply Reply Quote 0
            • E
              eri--
              last edited by

              This is an ipfw command issue and not a kernel issue.

              That command issue will be fixed before 2.2 release.

              1 Reply Last reply Reply Quote 0
              • A
                azurata
                last edited by

                @cmb please push the fix to ipfw from your pfsense snapshot.
                @cmb:

                Under what circumstances do you get 0.0.0.0 there? Not seeing that.

                regards azurata

                1 Reply Last reply Reply Quote 0
                • C
                  cmb
                  last edited by

                  I have the same ipfw as the rest of you. I'll try the mentioned circumstance when I have a moment and make sure there's a bug ticket open with the exact specifics.

                  1 Reply Last reply Reply Quote 0
                  • C
                    cmb
                    last edited by

                    ticket opened on this.
                    https://redmine.pfsense.org/issues/4002

                    1 Reply Last reply Reply Quote 0
                    • A
                      amstramgram
                      last edited by

                      Hi,
                      Perhaps tickets #4001 and #4002 on redmine are linked all together.

                      @Ermal thanks for patching #4002 but the trouble with #4001 is still there.

                      I've tried the last snapshot and it's better but an user who is disconnected from his session is blocked, and can't re-authenticate a second time.

                      With the last snapshot (Thu Nov 13 06:05:47 CST 2014 ) ipfw tables 1 and 2 are now populated correctly with ip and mac address (and  not 0.0.0.0/32) but when i kill one user, his records stay in tables 1 and 2… and i need to  flush manualy tables (and i kill all users... because i don't know how to flush only one ip/mac) to authenticate again.

                      regards

                      1 Reply Last reply Reply Quote 0
                      • rbgargaR
                        rbgarga Developer Netgate Administrator
                        last edited by

                        I've pushed fixes today, please try next round of snapshots

                        Renato Botelho

                        1 Reply Last reply Reply Quote 0
                        • A
                          amstramgram
                          last edited by

                          Hi,

                          I've tried this morning. (built on Thu Nov 13 22:13:57 CST 2014 )
                          It works (for me) like a charm.

                          Thank you very  much

                          Regards

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.