Right. So I changed the rules to:

TCP	OPT1 net	*	*	80 (HTTP)
TCP	OPT1 net	*	*	443 (HTTPS)

and tried again. Now there is no evidence of port 80 traffic whatsoever in
the firewall logs, only traffic to ports 5353, 192, and 53. I.e.;

13:31:52.338125	OPT1	172.16.16.199, port 5353	224.0.0.251, port 5353	UDP
13:31:51.761081	OPT1	172.16.16.199, port 50562	172.16.16.16, port 192	UDP
13:31:46.248300	OPT1	172.16.16.199, port 50560	172.16.16.16, port 53	UDP
13:31:46.247240	OPT1	172.16.16.199, port 50561	172.16.16.16, port 192	UDP

This made no sense to me although I noted that it was using UDP only now
and so amended the rules again to allow TCP/UDP. I.e.,

TCP/UDP	 OPT1 net	 *	 *	 80 (HTTP)
TCP/UDP	 OPT1 net	 *	 *	 443 (HTTPS)

And tried again and got more of the same - lots of queries from my machine
on ports 50776 through 50783 to the firewall at ports 53, 5353, and 192,
all UDP. Does anyone have any suggestions at all? This is making me batty!

Also, one thing that's odd is that on the Captive Portal page it says
(next to the "Choose File" button): "No file selected". Underneath that is
a link saying "view current page" which displays the page I've uploaded to
act as the captive portal page which I link from it. Can I presume this
part of Monowall is working properly?

Thanks very much!


> On Fri, 5 Nov 2004 11:49:40 -0700 (MST), Joshua Klein <josh at wireless dot is>
> wrote:
>> Chris,
>>
>> Good suggestion, but I checked, and ports 80/443 are enabled with the
>> following rules under OPT1:
>>
>> TCP     OPT1 net        80 (HTTP)       *       80 (HTTP)
>> TCP     OPT1 net        443 (HTTPS)     *       443 (HTTPS)
>>
>
> Well there's your problem.  HTTP/HTTPS traffic won't ever come from a
> source port of HTTP or HTTPS.  Source ports are always a random high
> port number.  Change the source port to any.
>
> -Chris
>
>