captive portal traffic

Home Page Forums Network Management ZeroShell captive portal traffic

This topic contains 4 replies, has 0 voices, and was last updated by  new_zero_user 11 years, 8 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #40630

    I set up captive portal, and it does seem to redirect http(s) traffic to the login page. However, it seems to allow everything else through. I can ssh, ping, tracert, etc. What have I done wrong, or is the way it is designed? Thanks.

    #45361

    Zen
    Member

    From the FAQ http://www.zeroshell.net/eng/captiveportaldetails/

    “Such gateway blocks IP packets destined towards the outside and captures the http and https requests on TCP ports 80 and 443 redirecting them to a web server…”

    I take this as meaning only http and https requests are diverted – in theory, you should be able to use all other port and get through router sucessfully – I only just noticed this myself.

    In the next release, is it possible to make all ports unavailble untl the user has authenticate?

    EDIT: Consider putting the captive portal wireless on a different subnet if you’re concerned?

    #45362

    Yes, I did see that in the FAQ, but wanted clarification because it functions unlike other captive-portal-like software where all traffic is intially denied except for 80/443 which is then taken to the login page. The FAQ actually does make it seem like all IP traffic is blocked except for 80/443 which is redirected. The current implementation isn’t sufficient for my needs. I already have them on a separate subnet, but giving access to everything but port 80/443 is not quite what I am looking for. It would be nice if we had the option to block all traffic in a subsequent release. Thanks.

    #45363

    imported_fulvio
    Participant

    Very strange this behavior. I think there is a mistake in your configuration. Do you have added any firewall rule in the FORWARD chain?
    The firewall has the precedence on Captive Portal.
    Try to post more details about your configuration.

    #45364

    Ah… That would explain it. I didn’t realize the firewall took precedence. I have changed the forward chains.

    My forward chain’s default is to drop packets, but I enabled forwarding from eth02 (The wireless subnet) to eth01 (the outside world). Given that I want to keep the same effect of the firewall (i.e., don’t forward anything except packets from eth02 to eth01 and forward all related/established connections from eth01 to eth02), how do I get Captive Portal to work as intended? Thanks.

    #45365

    imported_fulvio
    Participant

    You should set the default policy of the FORWARD chain to ACCEPT and then put the rule

    DROP all opt — in ETH01 out ETH02 0.0.0.0/0 -> 0.0.0.0/0 state NEW

    In this case only RELATED and ESTABLISHED connections are forwarded by Zeroshell. All connections started from the WAN are dropped.

    Fulvio

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.