[ previous ] [ next ] [ threads ]
 From:  "=?ISO-8859-1?Q?R=F6nnblom_Jan=E5ke_?= /Teknous" <jan dash ake dot ronnblom at skeria dot skelleftea dot se>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  critical problem with captive portal and access in monowall 1.23b
 Date:  Wed, 24 Oct 2007 17:25:30 +0200

We're using m0n0wall as a captive portal. The m0n0wall handles routing between
the WAN and LAN. NAT is not used. 

We have had a problem these last weeks with a few PCs. When the client connects
they get an IP address from our DHCP but when they try to connect to the
captive portal the webbrowser times out with an message that it cant find the
server. The problem is resolved when the clients get a new ip address or by
rebooting the m0n0wall. We have at maximum 150 - 160 clients connected to this

I did check the status.php and found this.

The client has mac address:    00:16:ce:86:31:ac  UHLW        0       19   fxp1   1144

Following the trace of this is found:

10062      83974       8088693 skipto 50000 ip from to any in
10062     116968     140878071 skipto 50000 ip from any to out

But further below this is also:

20062      24140       2110738 deny ip from not MAC any
00:19:5b:70:2d:f7 any layer2 in
20062         57          3060 deny ip from any to not MAC
00:19:5b:70:2d:f7 any layer2 out

I'm not used to the ipfw output in *BSD but it seems  that when a client is
disconnected or leaves the network that sometimes the m0n0wall doesn't remove
the MAC address filter???

The only thing I can do tho restore the service for this IP address is to
reboot the m0n0wall.

Anyone have any idea?

Janåke Rönnblom
IT avdelningen, Teknous, Skellefteå Kommun
Assistentgatan 23
931 77 Skelleftea (Sweden)
Phone  : +46-910-58 54 24
Mobile : 070-397 07 43
Fax    : +46-910-58 54 99
URL    : http://skeria.skelleftea.se
"Those who do not understand Unix are condemned to reinvent it, poorly." --
Henry Spencer