[ previous ] [ next ] [ threads ]
 
 From:  Jesse Guardiani <jesse at wingnet dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  1.2b3 Captive portal: possible MAC pass-through bug
 Date:  Sun, 23 Jan 2005 17:50:22 -0500 
Hello,

I posted earlier about this issue on Dec 12th 2004.

I have a m0n0wall 1.11 box at work and a 1.2b3 box
at home. Both boxes have a wireless AP attached to
OPT1.

The 1.2b3 box's Captive Portal MAC pass-through
doesn't seem to work. I have to add the machine's
IP address in order to allow the traffic.

Here's my client's wireless interface (config'd via DHCP, BTW):

[17:45]jesse@trevarthan:[~/.unison]% ifconfig eth2
eth2      Link encap:Ethernet  HWaddr 00:20:E0:8A:90:61
          inet addr:192.168.89.51  Bcast:192.168.89.255  Mask:255.255.255.0
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:354634 errors:0 dropped:0 overruns:0 frame:0
          TX packets:399143 errors:46 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:497991325 (474.9 Mb)  TX bytes:52067491 (49.6 Mb)
          Interrupt:11 Base address:0x4000 Memory:f0000000-f0000fff

[17:45]jesse@trevarthan:[~/.unison]% iwconfig eth2
eth2      IEEE 802.11-DS  ESSID:"TREVARTHAN"  Nickname:"Prism  I"
          Mode:Managed  Frequency:2.437 GHz  Access Point: 00:05:5D:25:76:38
          Bit Rate:11 Mb/s   Tx-Power=15 dBm   Sensitivity:1/3
          Retry min limit:8   RTS thr:off   Fragment thr:off
          Power Management:off
          Link Quality=62/92  Signal level=-36 dBm  Noise level=-144 dBm
          Rx invalid nwid:0  Rx invalid crypt:170  Rx invalid frag:0
          Tx excessive retries:36  Invalid misc:0   Missed beacon:0

And here's the relevent section of my 1.2b3 box's config:

 <captiveportal>
  <page>
  
<htmltext>PGZvcm0gbWV0aG9kPSJwb3N0IiBhY3Rpb249IiRQT1JUQUxfQUNUSU9OJCI+CiAgIDxpbnB1dCBuYW1lPSJhdXRoX3VzZXIiIHR5cGU9InRleHQiPgogICA8aW5wdXQgbmFtZT0iYXV0aF9wYXNzIiB0eXBlPSJwYXNzd29yZCI+CiAgIDxpbnB1dCBuYW1lPSJyZWRpcnVybCIgdHlwZT0iaGlkZGVuIiB2YWx1ZT0iJFBPUlRBTF9SRURJUlVSTCQiPgogICA8aW5wdXQgbmFtZT0iYWNjZXB0IiB0eXBlPSJzdWJtaXQiIHZhbHVlPSJDb250aW51ZSI+CjwvZm9ybT4K</htmltext>
  </page>
  <timeout/>
  <interface>opt1</interface>
  <idletimeout>60</idletimeout>
  <httpsname/>
  <certificate/>
  <private-key/>
  <redirurl/>
  <radiusip/>
  <radiusport/>
  <radiusacctport/>
  <radiuskey/>
  <passthrumac>
   <mac>00:05:5D:25:76:38</mac>
   <descr>wifi-ap.guardiani.net</descr>
  </passthrumac>
  <passthrumac>
   <mac>00:20:e0:8a:90:61</mac>
   <descr>trevarthan-wlan</descr>
  </passthrumac>
  <enable/>
  <nomacfilter/>
  <allowedip>
   <ip>192.168.89.51</ip>
   <descr>trevarthan-wlan</descr>
   <dir>from</dir>
  </allowedip>
 </captiveportal>

If I remove the allowedip rule then trevarthan-wlan cannot ping anything.
Has anyone seen this behavior before? Is it a known bug?

-- 
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)
http://www.wingnet.net