diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2007-12-07 19:42:42 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2007-12-07 19:42:42 +0000 |
commit | 421f8b5faa721658b5f55d4ca6dc0334f260f450 (patch) | |
tree | 4e80fcbf88548aa06853c7856ece4807b45eafb5 /etc/inc/captiveportal.inc | |
parent | 8b86df37526d864200b7b29953e6d9d98343e1f0 (diff) | |
download | pfsense-421f8b5faa721658b5f55d4ca6dc0334f260f450.zip pfsense-421f8b5faa721658b5f55d4ca6dc0334f260f450.tar.gz |
Sometimes when the user enters the hostname of the HTTPs captive portal server it resolves the IP address to $LANIP. Allow access to $LANIP in addition to the $CPIP so that we can speedup captive portal by 10000* in these cases.
Diffstat (limited to 'etc/inc/captiveportal.inc')
-rw-r--r-- | etc/inc/captiveportal.inc | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 6b0f9a1..4e67c72 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -293,7 +293,8 @@ function captiveportal_rules_generate() { $cpifn = $config['captiveportal']['interface']; $cpif = $config['interfaces'][$cpifn]['if']; $cpip = $config['interfaces'][$cpifn]['ipaddr']; - + $lanip = $config['interfaces']['lan']['ipaddr']; + /* note: the captive portal daemon inserts all pass rules for authenticated clients as skipto 50000 rules to make traffic shaping work */ @@ -356,16 +357,26 @@ add 1204 set 1 pass icmp from any to $cpip in icmptype 0 add 1300 set 1 pass udp from any to $cpip 53 in add 1301 set 1 pass udp from $cpip 53 to any out +# allow access to our DNS forwarder if it incorrectly resolves the hostname to $lanip +add 1300 set 1 pass udp from any to $lanip 53 in +add 1301 set 1 pass udp from $lanip 53 to any out + # allow access to our web server add 1302 set 1 pass tcp from any to $cpip 8000 in add 1303 set 1 pass tcp from $cpip 8000 to any out +# allow access to lan web server incase the dns name resolves incorrectly to $lanip +add 1302 set 1 pass tcp from any to $lanip 8000 in +add 1303 set 1 pass tcp from $lanip 8000 to any out + EOD; if (isset($config['captiveportal']['httpslogin'])) { $cprules .= <<<EOD add 1304 set 1 pass tcp from any to $cpip 8001 in add 1305 set 1 pass tcp from $cpip 8001 to any out +add 1302 set 1 pass tcp from any to $lanip 8001 in +add 1303 set 1 pass tcp from $lanip 8001 to any out EOD; } |