[ previous ] [ next ] [ threads ]
 From:  rgreiner <mrgreiner at gmail dot com>
 Cc:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Strange Bug in the captive portal
 Date:  Tue, 07 Apr 2009 12:38:51 -0300

I think I've just hit a bug in version 1.235.

The following started to happen in one of our installs:
After authenticating properly in the captive portal page, the users
couldn't navigate, but could ping our DNS (which is in a valid network,
on the monowall WAN side) without problems. From the monowall machine, I
could ping both internal machines and the internet without problems.

Then came the strange part. Typing the address number of one of our web
servers directly into the url field of the browser, the user could open
the page of the web server. Didn't make sense to me, but I checked it
many times, and the situation did repeat itself. Also, putting a desktop
with the same IP as Monowall, on the same cable, everything worked
correctly, so it had to be something in the Monowall machine. I've tried
a firmware update (using the same 1.235 version). No good. Then, a full
reset to factory defaults, and reconfiguring everything. Also no good.

After some fiddling, I disabled the captive portal completely, and
suddenly the users could navigate. Also, noticing a firewall unload
message on the Monowall console, I rechecked all configurations, but
there was nothing wrong.

Finally, in the captive portal page, at "Maximum concurrent
connections", in the "per client IP address" field, I've tried to add a
value of '0' (zero) instead of leaving it blank. Everything started to
work.Strange part: Removing the zero and leaving the field blank did NOT
make it stop working. The server is now working fine. Even with a reboot
it didn't stop working. My personal conclusion is that somehow, a value
of 1 or some other dirt did got into the config somehow, and due to this
the user had it navigation severely restricted.

I can NOT reproduce the problem, since, as I said, now the box is
working with the mentioned field blank, even after a reboot. Has anyone
else seen anything like that?

The hardware for this monowall box:

Asus PC-DL board
Xeon 2.66GHz
LAN: em0
WAN: rl0

Thank you,


                Marcos Roberto Greiner

   Os otimistas acham que estamos no melhor dos mundos
    Os pessimistas tem medo de que isto seja verdade