Reply To: Virtual Server and Captive Problem

Home Page Forums Network Management Networking Virtual Server and Captive Problem Reply To: Virtual Server and Captive Problem

#52191

redfive
Participant

the behavior is strongly bound to the FW rules … assuming that you haven’t any rule in the forward chain , only nat and CP enabled , you can try to add the AP’s mac-addresses and their ip addresses in the Captive portal free client…but in this case , a smart client could change its ip and mac address and surf free , a more secure method is to add , for each AP, a rule in the forward chain , beginning from the top
, so they will be processed before than CP rules ..assuming that your AP’s have ip address .10.3 , .10.4 , .10.5 ,and ETH00 is client side interface (AP’s) while ETH01 is lan side interface , rules like
1 in ETH00 out ETH01 proto tcp source ip 192.168.10.3 dest.ip 192.168.2.0/24 s.port 80 status ESTABLISHED , action ACCEPT. (LOG)
2 in ETH00 out ETH01 proto tcp source ip 192.168.10.4 dest.ip 192.168.2.0/24 s.port 80 status ESTABLISHED , action ACCEPT. (LOG)
3 in ETH00 out ETH01 proto tcp source ip 192.168.10.5 dest.ip 192.168.2.0/24 s.port 80 status ESTABLISHED , action ACCEPT. (LOG)
Try also to not use , in virtual server, well known ports , but eg. 8084 to 80 , 8085 to 80 , 8086 to 80 ..then rules like
in ETH01 ip 192.168.2.247 proto tcp local port 8084 remote ip 192.168.10.3 remote port 80
in ETH01 ip 192.168.2.247 proto tcp local port 8085 remote ip 192.168.10.4 remote port 80
in ETH01 ip 192.168.2.247 proto tcp local port 8086 remote ip 192.168.10.5 remote port 80
should works..