search

opnsense / core

OPNsense GUI, API and systems backend
https://opnsense.org/
BSD 2-Clause "Simplified" License
3.36k stars 754 forks source link

[BUG] Captive Portal is not creating IPFW Firwall rules for >1 zones #1390

Closed fabianfrz closed 7 years ago

fabianfrz commented 7 years ago

I configured two zones and only the rules for http and https for one zone has been created.

fabianfrz commented 7 years ago

Version: 17.1 with 17.1.1 kernel

AdSchellevis commented 7 years ago

@fabianfrz I tested two zones on my machine, which seem to generate the correct rules. Are you using more interfaces per zone? Can you share some additional information about your setup (configured networks, ipfw forward rules, etc)?

fabianfrz commented 7 years ago

I used two zones, one on em5 and one on em6, and first it generated the rules only for em5 while both were enabled but after disabling the captive portal on em5, it generated the rule for em6.

It is one captive portal zone per interface.

AdSchellevis commented 7 years ago

can you dump an ipfw show? My end doesn't produce the same issue.

fabianfrz commented 7 years ago

no I cannot because the firewall is not under my control anymore, however I know that the fwd part was only included for one interface

AdSchellevis commented 7 years ago

Ok, let's keep this issue open, I can't reproduce it, but maybe someone else can eventually.

fabianfrz commented 7 years ago

Maybe this information helps: both have http and https redirects enabled (transparent proxy)

AdSchellevis commented 7 years ago

unfortunately not, below my output with two interfaces (em2, em2_vlan4)

ipfw show | grep fwd
05000    0       0 fwd 127.0.0.1,8000 tcp from any to any dst-port 443 in via em0
05000    0       0 fwd 127.0.0.1,9000 tcp from any to any dst-port 80 in via em0
05001    0       0 fwd 127.0.0.1,8001 tcp from any to any dst-port 443 in via em2_vlan4
05001    0       0 fwd 127.0.0.1,9001 tcp from any to any dst-port 80 in via em2_vlan4
65532    0       0 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 via em0
65532    2     104 fwd 127.0.0.1,3129 tcp from any to any dst-port 443 via em0
65532    0       0 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 via em2_vlan4
65532    0       0 fwd 127.0.0.1,3129 tcp from any to any dst-port 443 via em2_vlan4
fabianfrz commented 7 years ago

I created a fresh VM on virtual Box with 17.1.1 and I cannot reproduce the issue by myself.

AdSchellevis commented 7 years ago

@fabianfrz ok, I'll close this now, if it ever pops-up and you know how to reproduce, feel free to reopen. Thanks for testing!