How does CP block internet access?
-
Dear pfSense users, admins and all,
I am using pfSense and I love it.
Here is my scenario:
We have custom designed and developed CP landing page which asks for specific credentials (which are benign provided by SMS). After successful login user can access Internet for 60 min, as set limit. Firstly, I have to mention that LAN port also provides IP address as DHCP server is on it.So my question is HOW DOES CP BLOCKS USERS (SOURCE ADDRESS) TO ACCESS INTERNET UNLESS HE/SHE PASSED SUCCESSFULLY LOGIN.
Thank you all in advance.
-
You should have a look at the ipfw rules.
Goto SSH access.
Enteripfw zone list
to get the 'context'(s) of your portal(s) - note: more then 1 portal can exist.
Mine is2: sis0
which is the interface (OPT1) on which I run the Portal (of course, I'm NOT using LAN for this)
Now its time to get the rules:
ipfw -x 2 show
All you need now is some basic understanding about what a "ipfw firewall" is.
Basically:
... 65318 2817852 553246341 pipe tablearg ip from table(1) to any in 65319 2701090 2391214552 pipe tablearg ip from any to table(2) out ...
All authenticated portal users are loaded into table 1 and 2 (their IP and MAC).
If a portal user isn't authenticated, the portal user will hit one of these two rules:
... 65531 32792 2594776 fwd 127.0.0.1,8003 tcp from any to any dst-port 443 in 65532 19579 1611232 fwd 127.0.0.1,8002 tcp from any to any dst-port 80 in ...
(== http and https and gets redirected to out portal page).
If rule
65534 102444 7525149 deny ip from any to any ```is reached, they hit the wall.
-
Hi,
Thank you for detailed reply.
I just have problem with "ipfw zone list", it gives me this output:ipfw: Context is mandatory: No such file or directory
-
I just have problem with "ipfw zone list", it gives me this output:
ipfw: Context is mandatory: No such file or directory
When people are posting without mentioning their pfSense version, by default, we always talk about the latest stable version.
So, mine is, of course, 2.2.2
Your's isn't …. consequences are ... well ... beyond my imagination.Have a look at the pfSense manual : https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting ;)
-
Oh, I am so sorry. I should mentioned it before. Mine is 2.1.5-RELEASE
And I found correct command.