CP issue

Home Page Forums Network Management ZeroShell CP issue

This topic contains 2 replies, has 0 voices, and was last updated by  redfive 8 years, 10 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #42439

    redfive
    Participant

    Hi there,
    I noticed a problem with the captive portal, in practice two host ( through
    OUI mac address I’m sure they are apple ) , after receiving IP from DHCP ,either can go on apple’s sites or using some apple application on internet (using ports 143, 993, 1080 TCP) without login ….any idea ?? thanks

    #50437

    redfive
    Participant

    Hi, bad news…. I installed on my winx pc Hotspot Shield, and I can surf the web without the login in the captive portal page…the program uses the 8046 udp port
    How can I make a firewall rule that allow hosts ( before the authentication ) only the 80 and 443 tcp ports ?

    here my firewall rules, the captive portal is active on ETH01.6
    and I belive the CapPort rule are correct , at time of this firewall’s rule capture no host was connected

    Chain INPUT (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    25915 3848K SYS_INPUT all — * * 0.0.0.0/0 0.0.0.0/0
    0 0 SYS_HTTPS tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
    2479 311K SYS_HTTPS tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
    624 38516 SYS_SSH tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
    0 0 LOG all — ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/00
    1′
    0 0 ACCEPT all — ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    0 0 LOG tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1195 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/002′
    0 0 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1195
    118 15710 LOG all — ETH00 * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/003′
    1288 233K ACCEPT all — ETH00 * 0.0.0.0/0 0.0.0.0/0
    0 0 LOG all — ETH00.5 * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/004′
    0 0 ACCEPT all — ETH00.5 * 0.0.0.0/0 0.0.0.0/0
    1331 85975 ACCEPT all — ETH00.6 * 0.0.0.0/0 0.0.0.0/0
    5623 394K ACCEPT all — ETH01 * 0.0.0.0/0 0.0.0.0/0
    0 0 LOG all — VPN99 * 192.168.250.2 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/007′
    0 0 ACCEPT all — VPN99 * 192.168.250.2 0.0.0.0/0
    0 0 LOG tcp — ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1194 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/008′
    0 0 ACCEPT tcp — ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1194
    2376 96652 LOG all — ppp0 * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `INPUT/009′
    2748 117K DROP all — ppp0 * 0.0.0.0/0 0.0.0.0/0

    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    62 17698 LOG all — ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/
    001′
    1045 522K ACCEPT all — ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    0 0 DROP 41 — * * 0.0.0.0/0 0.0.0.0/0
    0 0 DROP tcp — ETH01 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
    0 0 DROP udp — ETH01 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
    0 0 LOG all — ETH00.5 * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/005′
    0 0 ACCEPT all — ETH00.5 * 0.0.0.0/0 0.0.0.0/0
    62 7494 LOG all — ETH00.6 * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/006′
    997 153K ACCEPT all — ETH00.6 * 0.0.0.0/0 0.0.0.0/0
    0 0 DROP tcp — ETH00 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
    0 0 LOG udp — ETH00 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/010′
    0 0 DROP udp — ETH00 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
    0 0 ACCEPT all — ETH00 * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all — ETH01 * 0.0.0.0/0 0.0.0.0/0
    0 0 LOG all — * VPN99 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/
    013′
    0 0 ACCEPT all — * VPN99 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    0 0 LOG all — VPN99 * 192.168.250.2 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/014′
    0 0 ACCEPT all — VPN99 * 192.168.250.2 0.0.0.0/0
    0 0 LOG all — * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/015′
    0 0 DROP all — * * 0.0.0.0/0 0.0.0.0/0
    0 0 CapPort all — * * 0.0.0.0/0 0.0.0.0/0

    Chain OUTPUT (policy ACCEPT 14554 packets, 4834K bytes)
    pkts bytes target prot opt in out source destination
    25430 6731K SYS_OUTPUT all — * * 0.0.0.0/0 0.0.0.0/0

    Chain CapPort (1 references)
    pkts bytes target prot opt in out source destination
    0 0 CapPortACL all — ETH00.6 * 0.0.0.0/0 0.0.0.0/0

    Chain CapPortACL (1 references)
    pkts bytes target prot opt in out source destination
    0 0 CapPortFS all — * * 0.0.0.0/0 0.0.0.0/0
    0 0 CapPortFC all — * * 0.0.0.0/0 0.0.0.0/0
    0 0 CapPortWL all — * * 0.0.0.0/0 0.0.0.0/0
    0 0 DROP all — * * 0.0.0.0/0 0.0.0.0/0

    Chain CapPortFC (1 references)
    pkts bytes target prot opt in out source destination

    Chain CapPortFS (1 references)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
    0 0 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67

    Chain CapPortWL (1 references)
    pkts bytes target prot opt in out source destination

    Chain NetBalancer (0 references)
    pkts bytes target prot opt in out source destination

    Chain SYS_HTTPS (2 references)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT all — lo * 0.0.0.0/0 0.0.0.0/0
    2021 257K ACCEPT all — ETH01 * 0.0.0.0/0 0.0.0.0/0
    458 53926 ACCEPT all — ETH00 * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all — VPN99 * 192.168.250.2 0.0.0.0/0
    0 0 ACCEPT all — ETH00.5 * 0.0.0.0/0 0.0.0.0/0
    0 0 DROP all — * * 0.0.0.0/0 0.0.0.0/0

    Chain SYS_INPUT (1 references)
    pkts bytes target prot opt in out source destination
    160 253K ACCEPT all — lo * 0.0.0.0/0 0.0.0.0/0
    823 72820 ACCEPT tcp — ETH00.6 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:12080:12083
    0 0 DROP tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:12080:12083
    206 17987 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 state ESTABLISHED
    186 250K ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp spt:80 state ESTABLISHED
    0 0 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp spt:8245 state ESTABLISHED
    12 912 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp spt:123 state ESTABLISHED
    1390 84828 RETURN all — * * 0.0.0.0/0 0.0.0.0/0

    Thanks

    #50438

    ppalias
    Member

    Looks like captive portal is on the wrong interface

    Chain CapPort (1 references)
    pkts bytes target prot opt in out source destination
    0 0 CapPortACL all — ETH00.6 * 0.0.0.0/0 0.0.0.0/0

    #50439

    redfive
    Participant

    Thanks , ppalias for your reply
    the interface is correct, two rules were wrong…
    the default policy for the forward chain is drop, but I added , at line 6

    FORWARD/006 ACCEPT all — ETH00.6 * 0.0.0.0/0 0.0.0.0/0

    which allows some applications not using tcp port 80/443 to bypass login page

    removing that rule, and the last rule added by GUI

    FORWARD/015 DROP all — * * 0.0.0.0/0 0.0.0.0/0

    the captive portal works fine .
    thanks

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.