CP issue

Forums Network Management ZeroShell CP issue

  • This topic is empty.
Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • June 11, 2010 at 9:55 pm #42439
    redfive
    Participant

    Hi there,
    I noticed a problem with the captive portal, in practice two host ( through
    OUI mac address I’m sure they are apple ) , after receiving IP from DHCP ,either can go on apple’s sites or using some apple application on internet (using ports 143, 993, 1080 TCP) without login ….any idea ?? thanks

    June 14, 2010 at 11:46 am #50437
    redfive
    Participant

    Hi, bad news…. I installed on my winx pc Hotspot Shield, and I can surf the web without the login in the captive portal page…the program uses the 8046 udp port
    How can I make a firewall rule that allow hosts ( before the authentication ) only the 80 and 443 tcp ports ?

    here my firewall rules, the captive portal is active on ETH01.6
    and I belive the CapPort rule are correct , at time of this firewall’s rule capture no host was connected

    Chain INPUT (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    25915 3848K SYS_INPUT all — * * 0.0.0.0/0 0.0.0.0/0
    0 0 SYS_HTTPS tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
    2479 311K SYS_HTTPS tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
    624 38516 SYS_SSH tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
    0 0 LOG all — ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/00
    1′
    0 0 ACCEPT all — ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    0 0 LOG tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1195 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/002′
    0 0 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1195
    118 15710 LOG all — ETH00 * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/003′
    1288 233K ACCEPT all — ETH00 * 0.0.0.0/0 0.0.0.0/0
    0 0 LOG all — ETH00.5 * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/004′
    0 0 ACCEPT all — ETH00.5 * 0.0.0.0/0 0.0.0.0/0
    1331 85975 ACCEPT all — ETH00.6 * 0.0.0.0/0 0.0.0.0/0
    5623 394K ACCEPT all — ETH01 * 0.0.0.0/0 0.0.0.0/0
    0 0 LOG all — VPN99 * 192.168.250.2 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/007′
    0 0 ACCEPT all — VPN99 * 192.168.250.2 0.0.0.0/0
    0 0 LOG tcp — ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1194 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/008′
    0 0 ACCEPT tcp — ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1194
    2376 96652 LOG all — ppp0 * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/009′
    2748 117K DROP all — ppp0 * 0.0.0.0/0 0.0.0.0/0

    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    62 17698 LOG all — ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/
    001′
    1045 522K ACCEPT all — ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    0 0 DROP 41 — * * 0.0.0.0/0 0.0.0.0/0
    0 0 DROP tcp — ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
    0 0 DROP udp — ETH01 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
    0 0 LOG all — ETH00.5 * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/005′
    0 0 ACCEPT all — ETH00.5 * 0.0.0.0/0 0.0.0.0/0
    62 7494 LOG all — ETH00.6 * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/006′
    997 153K ACCEPT all — ETH00.6 * 0.0.0.0/0 0.0.0.0/0
    0 0 DROP tcp — ETH00 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
    0 0 LOG udp — ETH00 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/010′
    0 0 DROP udp — ETH00 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
    0 0 ACCEPT all — ETH00 * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all — ETH01 * 0.0.0.0/0 0.0.0.0/0
    0 0 LOG all — * VPN99 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/
    013′
    0 0 ACCEPT all — * VPN99 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    0 0 LOG all — VPN99 * 192.168.250.2 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/014′
    0 0 ACCEPT all — VPN99 * 192.168.250.2 0.0.0.0/0
    0 0 LOG all — * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/015′
    0 0 DROP all — * * 0.0.0.0/0 0.0.0.0/0
    0 0 CapPort all — * * 0.0.0.0/0 0.0.0.0/0

    Chain OUTPUT (policy ACCEPT 14554 packets, 4834K bytes)
    pkts bytes target prot opt in out source destination
    25430 6731K SYS_OUTPUT all — * * 0.0.0.0/0 0.0.0.0/0

    Chain CapPort (1 references)
    pkts bytes target prot opt in out source destination
    0 0 CapPortACL all — ETH00.6 * 0.0.0.0/0 0.0.0.0/0

    Chain CapPortACL (1 references)
    pkts bytes target prot opt in out source destination
    0 0 CapPortFS all — * * 0.0.0.0/0 0.0.0.0/0
    0 0 CapPortFC all — * * 0.0.0.0/0 0.0.0.0/0
    0 0 CapPortWL all — * * 0.0.0.0/0 0.0.0.0/0
    0 0 DROP all — * * 0.0.0.0/0 0.0.0.0/0

    Chain CapPortFC (1 references)
    pkts bytes target prot opt in out source destination

    Chain CapPortFS (1 references)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
    0 0 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67

    Chain CapPortWL (1 references)
    pkts bytes target prot opt in out source destination

    Chain NetBalancer (0 references)
    pkts bytes target prot opt in out source destination

    Chain SYS_HTTPS (2 references)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT all — lo * 0.0.0.0/0 0.0.0.0/0
    2021 257K ACCEPT all — ETH01 * 0.0.0.0/0 0.0.0.0/0
    458 53926 ACCEPT all — ETH00 * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all — VPN99 * 192.168.250.2 0.0.0.0/0
    0 0 ACCEPT all — ETH00.5 * 0.0.0.0/0 0.0.0.0/0
    0 0 DROP all — * * 0.0.0.0/0 0.0.0.0/0

    Chain SYS_INPUT (1 references)
    pkts bytes target prot opt in out source destination
    160 253K ACCEPT all — lo * 0.0.0.0/0 0.0.0.0/0
    823 72820 ACCEPT tcp — ETH00.6 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:12080:12083
    0 0 DROP tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:12080:12083
    206 17987 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 state ESTABLISHED
    186 250K ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp spt:80 state ESTABLISHED
    0 0 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp spt:8245 state ESTABLISHED
    12 912 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp spt:123 state ESTABLISHED
    1390 84828 RETURN all — * * 0.0.0.0/0 0.0.0.0/0

    Thanks

    June 15, 2010 at 12:52 pm #50438
    ppalias
    Member

    Looks like captive portal is on the wrong interface

    Chain CapPort (1 references)
    pkts bytes target prot opt in out source destination
    0 0 CapPortACL all — ETH00.6 * 0.0.0.0/0 0.0.0.0/0

    June 15, 2010 at 5:44 pm #50439
    redfive
    Participant

    Thanks , ppalias for your reply
    the interface is correct, two rules were wrong…
    the default policy for the forward chain is drop, but I added , at line 6

    FORWARD/006 ACCEPT all — ETH00.6 * 0.0.0.0/0 0.0.0.0/0

    which allows some applications not using tcp port 80/443 to bypass login page

    removing that rule, and the last rule added by GUI

    FORWARD/015 DROP all — * * 0.0.0.0/0 0.0.0.0/0

    the captive portal works fine .
    thanks

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.