Home Page › Forums › Network Management › ZeroShell › CP issue
- This topic is empty.
-
AuthorPosts
-
June 11, 2010 at 9:55 pm #42439
redfive
ParticipantHi there,
I noticed a problem with the captive portal, in practice two host ( through
OUI mac address I’m sure they are apple ) , after receiving IP from DHCP ,either can go on apple’s sites or using some apple application on internet (using ports 143, 993, 1080 TCP) without login ….any idea ?? thanksJune 14, 2010 at 11:46 am #50437redfive
ParticipantHi, bad news…. I installed on my winx pc Hotspot Shield, and I can surf the web without the login in the captive portal page…the program uses the 8046 udp port
How can I make a firewall rule that allow hosts ( before the authentication ) only the 80 and 443 tcp ports ?here my firewall rules, the captive portal is active on ETH01.6
and I belive the CapPort rule are correct , at time of this firewall’s rule capture no host was connectedChain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
25915 3848K SYS_INPUT all — * * 0.0.0.0/0 0.0.0.0/0
0 0 SYS_HTTPS tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
2479 311K SYS_HTTPS tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
624 38516 SYS_SSH tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 LOG all — ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/00
1′
0 0 ACCEPT all — ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 LOG tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1195 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/002′
0 0 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1195
118 15710 LOG all — ETH00 * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/003′
1288 233K ACCEPT all — ETH00 * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all — ETH00.5 * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/004′
0 0 ACCEPT all — ETH00.5 * 0.0.0.0/0 0.0.0.0/0
1331 85975 ACCEPT all — ETH00.6 * 0.0.0.0/0 0.0.0.0/0
5623 394K ACCEPT all — ETH01 * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all — VPN99 * 192.168.250.2 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/007′
0 0 ACCEPT all — VPN99 * 192.168.250.2 0.0.0.0/0
0 0 LOG tcp — ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1194 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/008′
0 0 ACCEPT tcp — ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1194
2376 96652 LOG all — ppp0 * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/009′
2748 117K DROP all — ppp0 * 0.0.0.0/0 0.0.0.0/0Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
62 17698 LOG all — ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/
001′
1045 522K ACCEPT all — ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP 41 — * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP tcp — ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 DROP udp — ETH01 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 LOG all — ETH00.5 * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/005′
0 0 ACCEPT all — ETH00.5 * 0.0.0.0/0 0.0.0.0/0
62 7494 LOG all — ETH00.6 * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/006′
997 153K ACCEPT all — ETH00.6 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP tcp — ETH00 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 LOG udp — ETH00 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/010′
0 0 DROP udp — ETH00 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT all — ETH00 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all — ETH01 * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all — * VPN99 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/
013′
0 0 ACCEPT all — * VPN99 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 LOG all — VPN99 * 192.168.250.2 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/014′
0 0 ACCEPT all — VPN99 * 192.168.250.2 0.0.0.0/0
0 0 LOG all — * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/015′
0 0 DROP all — * * 0.0.0.0/0 0.0.0.0/0
0 0 CapPort all — * * 0.0.0.0/0 0.0.0.0/0Chain OUTPUT (policy ACCEPT 14554 packets, 4834K bytes)
pkts bytes target prot opt in out source destination
25430 6731K SYS_OUTPUT all — * * 0.0.0.0/0 0.0.0.0/0Chain CapPort (1 references)
pkts bytes target prot opt in out source destination
0 0 CapPortACL all — ETH00.6 * 0.0.0.0/0 0.0.0.0/0Chain CapPortACL (1 references)
pkts bytes target prot opt in out source destination
0 0 CapPortFS all — * * 0.0.0.0/0 0.0.0.0/0
0 0 CapPortFC all — * * 0.0.0.0/0 0.0.0.0/0
0 0 CapPortWL all — * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all — * * 0.0.0.0/0 0.0.0.0/0Chain CapPortFC (1 references)
pkts bytes target prot opt in out source destinationChain CapPortFS (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67Chain CapPortWL (1 references)
pkts bytes target prot opt in out source destinationChain NetBalancer (0 references)
pkts bytes target prot opt in out source destinationChain SYS_HTTPS (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all — lo * 0.0.0.0/0 0.0.0.0/0
2021 257K ACCEPT all — ETH01 * 0.0.0.0/0 0.0.0.0/0
458 53926 ACCEPT all — ETH00 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all — VPN99 * 192.168.250.2 0.0.0.0/0
0 0 ACCEPT all — ETH00.5 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all — * * 0.0.0.0/0 0.0.0.0/0Chain SYS_INPUT (1 references)
pkts bytes target prot opt in out source destination
160 253K ACCEPT all — lo * 0.0.0.0/0 0.0.0.0/0
823 72820 ACCEPT tcp — ETH00.6 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:12080:12083
0 0 DROP tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:12080:12083
206 17987 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 state ESTABLISHED
186 250K ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp spt:80 state ESTABLISHED
0 0 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp spt:8245 state ESTABLISHED
12 912 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp spt:123 state ESTABLISHED
1390 84828 RETURN all — * * 0.0.0.0/0 0.0.0.0/0Thanks
June 15, 2010 at 12:52 pm #50438ppalias
MemberLooks like captive portal is on the wrong interface
Chain CapPort (1 references)
pkts bytes target prot opt in out source destination
0 0 CapPortACL all — ETH00.6 * 0.0.0.0/0 0.0.0.0/0June 15, 2010 at 5:44 pm #50439redfive
ParticipantThanks , ppalias for your reply
the interface is correct, two rules were wrong…
the default policy for the forward chain is drop, but I added , at line 6FORWARD/006 ACCEPT all — ETH00.6 * 0.0.0.0/0 0.0.0.0/0
which allows some applications not using tcp port 80/443 to bypass login page
removing that rule, and the last rule added by GUI
FORWARD/015 DROP all — * * 0.0.0.0/0 0.0.0.0/0
the captive portal works fine .
thanks -
AuthorPosts
- You must be logged in to reply to this topic.