Re: [pfSense Support] Captive portal failure with subnets on LAN interface

Tue, 23 Feb 2010 08:11:41 -0800 

Perhaps it should be optional, I came across this with redirection as well, 
where the interface IP is hardcoded even if you select ''any'' there.
(which doesnt work if you have Squid on a different machine and redirect all 
http traffic towards the squid box :-))

Cheerio,
Remko

On Feb 23, 2010, at 4:26 PM, Nigel Metheringham wrote:

> I'm looking at pfsense 1.2.3.
> 
> We have a requirement to push several subnets through a captive portal, so 
> expected pfsense to be able to do this (with the "Disable MAC filtering" 
> option).
> 
> However any clients, other than on the local LAN network, that attempt to 
> route through the pfsense box get no packets back at all - no redirect to the 
> portal web page, nothing.
> 
> This is due to the following pf rule being used to push packets to the 
> captive portal stuff:-
> 
>       pass in quick on $lan from 192.168.50.0/24 to any keep state \
>       label "USER_RULE: Default LAN -> any" 
> 
> I can hack stuff so that things do work by changing /etc/inc/filter.inc (diff 
> has been white space mangled to stop it wrapping):-
> diff -u filter.inc.orig filter.inc
> --- filter.inc.orig     2010-02-23 15:24:02.000000000 +0000
> +++ filter.inc  2010-02-23 15:24:04.000000000 +0000
> @@ -1752,7 +1752,7 @@
>                             $src = $lanip;
>                             break;
>                         case 'lan':
> -                            $src = "{$lansa}/{$lansn}";
> +                            $src = "any";
>                             break;
>                         case 'pptp':
>                             $src = "{$pptpsa}/{$pptpsn}";
> 
> 
> which feels like doing surgery with a chainsaw...
> 
> Can anyone suggest a better fix for this?  And how do I do a proper bug 
> report to get this fixed in the next release...
> 
>       Nigel.
> 
> --
> [ Nigel Metheringham             [email protected] ]
> [ - Comments in this message are my own and not ITO opinion/policy - ]
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
> 
> Commercial support available - https://portal.pfsense.org
> 

-- 
/"\   Best regards,                        | [email protected]
\ /   Remko Lodder                      | re...@efnet
X    http://www.evilcoder.org/    |
/ \   ASCII Ribbon Campaign    | Against HTML Mail and News


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Commercial support available - https://portal.pfsense.org

Reply via email to