From d624c7902cf71d8fe739fd68595784949902a948 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Wed, 1 Sep 2010 18:52:24 -0400 Subject: Since IPFW is redirecting to the captive portal running on 127.0.0.1: 65531 11375 1820680 fwd 127.0.0.1,8000 tcp from any to any in We need to permit traffic from the Captive Portal interface to 127.0.0.1. Otherwise the portal will not come up without a seperate rule allowing it or a allow all rule. How to reproduce: Set your captive portal interface rule to allow traffic from its subnet to it's subnet. IE: * OPT1 net * OPT1 net * * none Try using the captive portal. Now add in this commit and the portal should work without a dedicated user rule permitting traffic to 127.0.0.1. The other solution is to change the IPFW fwd to redirect to the Captive Portal interface IP address in question but this is much easier and just as clean. --- etc/inc/filter.inc | 1 + 1 file changed, 1 insertion(+) (limited to 'etc/inc/filter.inc') diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index faa99da..35f3354 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1918,6 +1918,7 @@ function filter_rules_generate() { if (count($cpiplist) > 0 && count($cpiflist) > 0) { $cpinterface = implode(" ", $cpiflist); $cpaddresses = implode(" ", $cpiplist); + $ipfrules .= "pass in quick on { {$cpinterface} } proto tcp from any to { 127.0.0.1 } port { 8000 8001 } keep state(sloppy)\n"; $ipfrules .= "pass in quick on { {$cpinterface} } proto tcp from any to { {$cpaddresses} } port { 8000 8001 } keep state(sloppy)\n"; $ipfrules .= "pass out quick on { {$cpinterface} } proto tcp from { {$cpaddresses} } port { 8000 8001 } to any keep state(sloppy)\n"; } -- cgit v1.1