Right. So I changed the rules to:
TCP OPT1 net * * 80 (HTTP)
TCP OPT1 net * * 443 (HTTPS)
and tried again. Now there is no evidence of port 80 traffic whatsoever in
the firewall logs, only traffic to ports 5353, 192, and 53. I.e.;
13:31:52.338125 OPT1 172.16.16.199, port 5353 188.8.131.52, port 5353 UDP
13:31:51.761081 OPT1 172.16.16.199, port 50562 172.16.16.16, port 192 UDP
13:31:46.248300 OPT1 172.16.16.199, port 50560 172.16.16.16, port 53 UDP
13:31:46.247240 OPT1 172.16.16.199, port 50561 172.16.16.16, port 192 UDP
This made no sense to me although I noted that it was using UDP only now
and so amended the rules again to allow TCP/UDP. I.e.,
TCP/UDP OPT1 net * * 80 (HTTP)
TCP/UDP OPT1 net * * 443 (HTTPS)
And tried again and got more of the same - lots of queries from my machine
on ports 50776 through 50783 to the firewall at ports 53, 5353, and 192,
all UDP. Does anyone have any suggestions at all? This is making me batty!
Also, one thing that's odd is that on the Captive Portal page it says
(next to the "Choose File" button): "No file selected". Underneath that is
a link saying "view current page" which displays the page I've uploaded to
act as the captive portal page which I link from it. Can I presume this
part of Monowall is working properly?
Thanks very much!
> On Fri, 5 Nov 2004 11:49:40 -0700 (MST), Joshua Klein <josh at wireless dot is>
>> Good suggestion, but I checked, and ports 80/443 are enabled with the
>> following rules under OPT1:
>> TCP OPT1 net 80 (HTTP) * 80 (HTTP)
>> TCP OPT1 net 443 (HTTPS) * 443 (HTTPS)
> Well there's your problem. HTTP/HTTPS traffic won't ever come from a
> source port of HTTP or HTTPS. Source ports are always a random high
> port number. Change the source port to any.