News: This forum is now permanently frozen.
Pages: [1]
Topic: Help on Captive Portal  (Read 3583 times)
« on: March 06, 2008, 19:24:24 »
arnel *
Posts: 3

Hello,

I've successfully installed m0n0wall and I'm running captive portal on it and it's running great except for one minor problem. My m0n0wall has two NIC cards (for LAN and WAN) and they are both in different public IPs (network).  For some reason the LAN public IPs are not visible from external network. I can only see the WAN interface IP address from external network. I don't know what I'm missing in my m0n0wall configuration but I wasn't able to pinpoint why my LAN public IPs are being translated into my WAN IP address (see ipnat -lv results below). The reason why I use routable IPs for my LAN is to avoid using NAT but unexpectedly the LAN IPs (clients) are being translated into WAN IP.  The client's ip address which is the real public IP assigned by the DHCP server is not visible from external networks..

LAN (149.14.130.66/27) --------- m0n0wall---------WAN (149.14.130.23/27)


Below is the ipnat -lv status. I don't know why the LAN IPs is being mapped into WAN interface IP address.

 
List of active MAP/Redirect filters:
map xl1 149.14.130.64/26 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map xl1 149.14.130.64/26 -> 0.0.0.0/32 portmap tcp/udp auto
map xl1 149.14.130.64/26 -> 0.0.0.0/32

List of active sessions:
MAP 149.14.130.100 <- -> 149.14.130.23  [169.32.35.150]
   age 1111 use 0 sumd 0xffb2/0xffb2 pr 1 bkt 1107/645 flags 0 drop 0/0
   ifp xl1 bytes 888 pkts 12
MAP 149.14.130.100 1035  <- -> 149.14.130.23  37339 [164.57.28.1 53]
   age 1124 use 0 sumd 0x8d83/0x8d83 pr 17 bkt 1327/1032 flags 2 drop 0/0
   ifp xl1 bytes 1248 pkts 8
MAP 149.42.130.100 1035  <- -> 149.14.130.23  37339 [164.57.28.2 53]
   age 949 use 0 sumd 0x8d83/0x8d83 pr 17 bkt 1333/1038 flags 2 drop 0/0
   ifp xl1 bytes 2057 pkts 16

List of active host mappings:
149.42.130.100 -> 0.0.0.0 (use = 1 hv = 121)
149.42.130.100 -> 0.0.0.0 (use = 2 hv = 121)
« Reply #1 on: March 06, 2008, 21:07:24 »
Manuel Kasper
Administrator
*****
Posts: 364

m0n0wall uses NAT on the WAN interface by default, since that's what the vast majority of users wants/needs/expects. However, you can disable NAT by enabling "advanced outbound NAT" but not defining any specific rules (yes, a bit counterintuitive, I know).
« Reply #2 on: March 06, 2008, 22:55:05 »
arnel *
Posts: 3

Hi Manuel,

Thanks for your reply. I did enable the advanced outbound NAT but doing that I couldn't connect to external networks. Any thoughts or suggestions will be appreciated.

Thanks.
Arnel
« Reply #3 on: March 06, 2008, 23:49:34 »
arnel *
Posts: 3

I found out that all the LAN traffic are being blocked by the firewall that's why I couldn't connect to external networks/Internet. But even if I open up all the traffic in my firewall by permitting everything the firewall still blocks all the traffic as I've seen in the firewall logs. This is when I enable the 'advance NAT outbound'. My question is why the firewall is blocking the traffic and how will I be able to make those traffic pass through. 
« Reply #4 on: April 02, 2008, 10:27:00 »
cybrsrfr *
Posts: 5

If you have captive portal being used on the WAN that can block the traffic. I had this problem and solved it today. I originally thought that  adding the LAN mac address (pass-thru mac) would allow the computer through but this didn't work in two directions.  To get it to work as I needed I had to add the LAN IP address to the 'Allowed IP Addresses' with both From and To. Apologies if the terminology is not exact I use PFSense primarily. The Captive Portal feature for PFSense comes from m0n0wall so it should be pretty close to what I described above.
« Reply #5 on: April 03, 2008, 22:57:10 »
SlickNetAaron *
Posts: 44

I found out that all the LAN traffic are being blocked by the firewall that's why I couldn't connect to external networks/Internet. But even if I open up all the traffic in my firewall by permitting everything the firewall still blocks all the traffic as I've seen in the firewall logs. This is when I enable the 'advance NAT outbound'. My question is why the firewall is blocking the traffic and how will I be able to make those traffic pass through. 

Have you read the HowTO for using PUBLIC IPs on your LAN?

When u enable Advanced Outbound NAT, you must also delete the default NAT rule(s). 

Also, the firewall is stateful, so if connections were being blocked and then you changed the rules, those same connections will be blocked.  Reset States to flush the states and allow all rules to be applied.

Aaron

 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines