Opened 10 years ago
Last modified 9 years ago
#647 new incident
Captive portal ingelogde gebruiker, welke toch niet ingelogd is
| Reported by: | rick | Owned by: | |
|---|---|---|---|
| Keywords: | Cc: | ||
| Location: | Generiek |
Description
Heb een ingelogde gebruiker die niet kan internettten. Deze vrolijk naar het captive portal wordt ge-redirect om daarna de melding te krijgen dat de gebruiker al ingelogd is.
Na het flushen van de <wlportal> table in pf(4) is inloggen weer mogelijk, de vraag blijft waarom die redirect actief blijft.
HybridZTWvdSterre# pfctl -s all
TRANSLATION RULES:
no rdr on wlan0 inet proto tcp from <wlportal> to ! 172.16.0.0/12 port = http
no rdr on ue0 inet proto tcp from <wlportal> to ! 172.16.0.0/12 port = http
no rdr on vr0 inet proto tcp from <wlportal> to ! 172.16.0.0/12 port = http
rdr on wlan0 inet proto tcp from 172.16.0.0/12 to ! 172.16.0.0/12 port = http -> 172.31.255.1 port 8081
rdr on ue0 inet proto tcp from 172.16.0.0/12 to ! 172.16.0.0/12 port = http -> 172.31.255.1 port 8081
rdr on vr0 inet proto tcp from 172.16.0.0/12 to ! 172.16.0.0/12 port = http -> 172.31.255.1 port 8081
FILTER RULES:
pass quick on lo0 all flags S/SA keep state
pass all flags S/SA keep state
block return out on wlan0 inet from any to ! 172.16.0.0/12
block return out on ue0 inet from any to ! 172.16.0.0/12
block return out on vr0 inet from any to ! 172.16.0.0/12
pass out on wlan0 inet proto tcp from <wlportal> to ! 172.16.0.0/12 port = http flags S/SA keep state
pass out on ue0 inet proto tcp from <wlportal> to ! 172.16.0.0/12 port = http flags S/SA keep state
pass out on vr0 inet proto tcp from <wlportal> to ! 172.16.0.0/12 port = http flags S/SA keep state
pass out on wlan0 inet proto tcp from <wlportal> to ! 172.16.0.0/12 port = https flags S/SA keep state
pass out on ue0 inet proto tcp from <wlportal> to ! 172.16.0.0/12 port = https flags S/SA keep state
pass out on vr0 inet proto tcp from <wlportal> to ! 172.16.0.0/12 port = https flags S/SA keep state
No queue in use
STATES:
all udp 172.16.3.228:12345 -> 172.16.3.225:12345 MULTIPLE:MULTIPLE
all tcp 69.171.233.33:443 <- 172.17.105.34:36326 ESTABLISHED:ESTABLISHED
all tcp 172.17.105.34:36326 -> 69.171.233.33:443 ESTABLISHED:ESTABLISHED
all tcp 74.125.136.105:443 <- 172.17.105.34:57043 ESTABLISHED:ESTABLISHED
all tcp 172.17.105.34:57043 -> 74.125.136.105:443 ESTABLISHED:ESTABLISHED
all tcp 172.17.49.1:22 <- 172.17.34.1:59039 ESTABLISHED:ESTABLISHED
all tcp 172.17.106.2:443 <- 172.17.34.1:63099 FIN_WAIT_2:FIN_WAIT_2
all tcp 172.17.34.1:63099 -> 172.17.106.2:443 FIN_WAIT_2:FIN_WAIT_2
all tcp 172.17.106.2:443 <- 172.17.34.1:61966 FIN_WAIT_2:FIN_WAIT_2
all tcp 172.17.34.1:61966 -> 172.17.106.2:443 FIN_WAIT_2:FIN_WAIT_2
all tcp 172.17.106.2:443 <- 172.17.34.1:54428 FIN_WAIT_2:FIN_WAIT_2
all tcp 172.17.34.1:54428 -> 172.17.106.2:443 FIN_WAIT_2:FIN_WAIT_2
all tcp 172.17.105.2:443 <- 172.17.34.1:51083 FIN_WAIT_2:FIN_WAIT_2
all tcp 172.17.34.1:51083 -> 172.17.105.2:443 FIN_WAIT_2:FIN_WAIT_2
all tcp 172.17.105.2:443 <- 172.17.34.1:56307 FIN_WAIT_2:FIN_WAIT_2
all tcp 172.17.34.1:56307 -> 172.17.105.2:443 FIN_WAIT_2:FIN_WAIT_2
all tcp 172.17.106.2:443 <- 172.17.34.1:51682 FIN_WAIT_2:FIN_WAIT_2
all tcp 172.17.34.1:51682 -> 172.17.106.2:443 FIN_WAIT_2:FIN_WAIT_2
all udp 172.16.3.228:12345 -> 172.16.3.226:12345 SINGLE:NO_TRAFFIC
all udp 172.16.3.228:12345 -> 172.16.3.227:12345 SINGLE:NO_TRAFFIC
all tcp 74.125.136.188:5228 <- 172.17.106.15:51829 TIME_WAIT:TIME_WAIT
all tcp 172.17.106.15:51829 -> 74.125.136.188:5228 TIME_WAIT:TIME_WAIT
all udp 172.16.7.4:12345 -> 172.16.7.3:12345 SINGLE:NO_TRAFFIC
all udp 172.16.7.4:12345 -> 172.16.7.5:12345 SINGLE:NO_TRAFFIC
all udp 172.16.7.4:12345 -> 172.16.7.6:12345 SINGLE:NO_TRAFFIC
all udp 172.16.3.228:12345 -> 172.16.7.130:12345 SINGLE:NO_TRAFFIC
all udp 172.16.3.228:12345 -> 172.16.7.131:12345 SINGLE:NO_TRAFFIC
all udp 172.16.3.228:12345 -> 172.16.7.132:12345 SINGLE:NO_TRAFFIC
all udp 172.16.3.228:12345 -> 172.16.7.133:12345 SINGLE:NO_TRAFFIC
all udp 172.16.3.228:12345 -> 172.16.7.134:12345 SINGLE:NO_TRAFFIC
all udp 172.16.3.228:49433 -> 172.16.4.46:53 MULTIPLE:SINGLE
all udp 172.16.3.228:65100 -> 172.16.4.46:53 MULTIPLE:SINGLE
all icmp 172.17.49.1:15766 <- 172.16.3.22:15766 0:0
all udp 172.16.3.228:123 -> 172.17.169.1:123 MULTIPLE:SINGLE
INFO:
Status: Enabled for 20 days 19:19:01 Debug: Urgent
State Table Total Rate
current entries 34
searches 3982496 2.2/s
inserts 755666 0.4/s
removals 755632 0.4/s
Counters
match 31139191 17.3/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 0 0.0/s
state-mismatch 62 0.0/s
state-insert 6 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s
TIMEOUTS:
tcp.first 120s
tcp.opening 30s
tcp.established 86400s
tcp.closing 900s
tcp.finwait 45s
tcp.closed 90s
tcp.tsdiff 30s
udp.first 60s
udp.single 30s
udp.multiple 60s
icmp.first 20s
icmp.error 10s
other.first 60s
other.single 30s
other.multiple 60s
frag 30s
interval 10s
adaptive.start 6000 states
adaptive.end 12000 states
src.track 0s
LIMITS:
states hard limit 10000
src-nodes hard limit 10000
frags hard limit 5000
tables hard limit 1000
table-entries hard limit 200000
TABLES:
wlportal
OS FINGERPRINTS:
700 fingerprints loaded
HybridZTWvdSterre# pfctl -t wlportal -T show
172.17.105.23
172.17.105.34
172.17.106.64
172.17.106.95
172.17.106.111
172.17.106.118
172.17.106.120
172.17.106.133
172.17.106.137
172.17.106.139
172.17.106.161
09:26:09.517567 IP (tos 0x0, ttl 64, id 58984, offset 0, flags [DF], proto TCP (6), length 52)
172.17.106.161.41862 > 172.31.255.1.80: Flags [.], cksum 0x4327 (correct), seq 561, ack 1466, win 1092, options [nop,nop,TS val 5613773 ecr 3489252376], length 0
09:26:09.522751 IP (tos 0x0, ttl 64, id 58985, offset 0, flags [DF], proto TCP (6), length 52)
172.17.106.161.41862 > 172.31.255.1.80: Flags [.], cksum 0x3c15 (correct), seq 561, ack 2914, win 1454, options [nop,nop,TS val 5613773 ecr 3489252376], length 0
09:26:09.523200 IP (tos 0x0, ttl 64, id 58986, offset 0, flags [DF], proto TCP (6), length 52)
172.17.106.161.41862 > 172.31.255.1.80: Flags [F.], cksum 0x3591 (correct), seq 561, ack 4205, win 1816, options [nop,nop,TS val 5613773 ecr 3489252390], length 0
09:26:09.523294 IP (tos 0x0, ttl 64, id 12988, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 0 (->4634)!)
172.31.255.1.80 > 172.17.106.161.41862: Flags [.], cksum 0x388c (correct), seq 4205, ack 562, win 1040, options [nop,nop,TS val 3489252403 ecr 5613773], length 0
Nu de table flushen:
HybridZTWvdSterre# pfctl -t wlportal -T flush
Hierna is internet weer mogelijk:
HybridZTWvdSterre# pfctl -s all TRANSLATION RULES: no rdr on wlan0 inet proto tcp from <wlportal> to ! 172.16.0.0/12 port = http no rdr on ue0 inet proto tcp from <wlportal> to ! 172.16.0.0/12 port = http no rdr on vr0 inet proto tcp from <wlportal> to ! 172.16.0.0/12 port = http rdr on wlan0 inet proto tcp from 172.16.0.0/12 to ! 172.16.0.0/12 port = http -> 172.31.255.1 port 8081 rdr on ue0 inet proto tcp from 172.16.0.0/12 to ! 172.16.0.0/12 port = http -> 172.31.255.1 port 8081 rdr on vr0 inet proto tcp from 172.16.0.0/12 to ! 172.16.0.0/12 port = http -> 172.31.255.1 port 8081 FILTER RULES: pass quick on lo0 all flags S/SA keep state pass all flags S/SA keep state block return out on wlan0 inet from any to ! 172.16.0.0/12 block return out on ue0 inet from any to ! 172.16.0.0/12 block return out on vr0 inet from any to ! 172.16.0.0/12 pass out on wlan0 inet proto tcp from <wlportal> to ! 172.16.0.0/12 port = http flags S/SA keep state pass out on ue0 inet proto tcp from <wlportal> to ! 172.16.0.0/12 port = http flags S/SA keep state pass out on vr0 inet proto tcp from <wlportal> to ! 172.16.0.0/12 port = http flags S/SA keep state pass out on wlan0 inet proto tcp from <wlportal> to ! 172.16.0.0/12 port = https flags S/SA keep state pass out on ue0 inet proto tcp from <wlportal> to ! 172.16.0.0/12 port = https flags S/SA keep state pass out on vr0 inet proto tcp from <wlportal> to ! 172.16.0.0/12 port = https flags S/SA keep state No queue in use STATES: all udp 172.16.3.228:12345 -> 172.16.3.225:12345 MULTIPLE:MULTIPLE all tcp 69.171.233.33:443 <- 172.17.105.34:36326 ESTABLISHED:ESTABLISHED all tcp 172.17.105.34:36326 -> 69.171.233.33:443 ESTABLISHED:ESTABLISHED all tcp 74.125.136.105:443 <- 172.17.105.34:57043 ESTABLISHED:ESTABLISHED all tcp 172.17.105.34:57043 -> 74.125.136.105:443 ESTABLISHED:ESTABLISHED all tcp 172.17.49.1:22 <- 172.17.34.1:59039 ESTABLISHED:ESTABLISHED all tcp 74.125.206.101:443 <- 172.17.106.161:42315 FIN_WAIT_2:ESTABLISHED all tcp 172.17.106.161:42315 -> 74.125.206.101:443 ESTABLISHED:FIN_WAIT_2 all tcp 184.173.147.61:443 <- 172.17.106.161:35434 CLOSING:ESTABLISHED all tcp 172.17.106.161:35434 -> 184.173.147.61:443 ESTABLISHED:CLOSING all tcp 74.125.136.103:443 <- 172.17.106.161:43653 CLOSING:ESTABLISHED all tcp 172.17.106.161:43653 -> 74.125.136.103:443 ESTABLISHED:CLOSING all tcp 74.125.136.104:443 <- 172.17.106.161:56706 CLOSING:ESTABLISHED all tcp 172.17.106.161:56706 -> 74.125.136.104:443 ESTABLISHED:CLOSING all tcp 173.194.65.94:80 <- 172.17.106.161:52202 ESTABLISHED:ESTABLISHED all tcp 172.17.106.161:52202 -> 173.194.65.94:80 ESTABLISHED:ESTABLISHED all tcp 173.194.78.188:443 <- 172.17.106.162:37837 CLOSING:ESTABLISHED all tcp 172.17.106.162:37837 -> 173.194.78.188:443 ESTABLISHED:CLOSING all tcp 74.125.206.100:443 <- 172.17.106.162:44534 ESTABLISHED:ESTABLISHED all tcp 172.17.106.162:44534 -> 74.125.206.100:443 ESTABLISHED:ESTABLISHED all udp 172.16.3.228:514 -> 172.16.4.46:514 SINGLE:NO_TRAFFIC all tcp 172.16.3.228:28323 -> 144.76.7.58:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 172.16.3.228:32664 -> 91.200.16.50:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 172.16.3.228:48132 -> 91.200.16.50:443 FIN_WAIT_2:FIN_WAIT_2 all tcp 172.16.3.228:34301 -> 91.200.16.50:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 172.16.3.228:25454 -> 91.200.16.50:443 FIN_WAIT_2:FIN_WAIT_2 all tcp 172.31.255.1:8081 (173.194.65.102:80) <- 172.17.106.12:47351 FIN_WAIT_2:FIN_WAIT_2 all tcp 74.125.136.188:5228 <- 172.17.106.12:50526 TIME_WAIT:TIME_WAIT all tcp 172.17.106.12:50526 -> 74.125.136.188:5228 TIME_WAIT:TIME_WAIT all udp 172.16.3.228:123 -> 129.250.35.250:123 SINGLE:NO_TRAFFIC all udp 172.16.3.228:57305 -> 172.20.8.1:53 SINGLE:NO_TRAFFIC all udp 172.16.3.228:12401 -> 172.17.7.1:53 SINGLE:NO_TRAFFIC all udp 172.16.3.228:44765 -> 172.17.39.1:53 SINGLE:NO_TRAFFIC all udp 172.16.3.228:18684 -> 172.18.128.1:53 SINGLE:NO_TRAFFIC all udp 172.16.3.228:53020 -> 172.17.169.1:53 SINGLE:NO_TRAFFIC all udp 172.16.3.228:35266 -> 172.17.86.1:53 SINGLE:NO_TRAFFIC all udp 172.16.3.228:20626 -> 172.17.97.1:53 SINGLE:NO_TRAFFIC all tcp 172.17.49.1:22 <- 172.16.7.100:12455 ESTABLISHED:ESTABLISHED all udp 127.0.0.1:20229 -> 127.0.0.1:53 MULTIPLE:SINGLE all udp 127.0.0.1:53 <- 127.0.0.1:20229 SINGLE:MULTIPLE all udp 127.0.0.1:48011 -> 127.0.0.1:53 MULTIPLE:SINGLE all udp 127.0.0.1:53 <- 127.0.0.1:48011 SINGLE:MULTIPLE all udp 127.0.0.1:57741 -> 127.0.0.1:53 MULTIPLE:SINGLE all udp 127.0.0.1:53 <- 127.0.0.1:57741 SINGLE:MULTIPLE all udp 127.0.0.1:31333 -> 127.0.0.1:53 MULTIPLE:SINGLE all udp 127.0.0.1:53 <- 127.0.0.1:31333 SINGLE:MULTIPLE all udp 127.0.0.1:17498 -> 127.0.0.1:53 MULTIPLE:SINGLE all udp 127.0.0.1:53 <- 127.0.0.1:17498 SINGLE:MULTIPLE all udp 127.0.0.1:56213 -> 127.0.0.1:53 MULTIPLE:SINGLE all udp 127.0.0.1:53 <- 127.0.0.1:56213 SINGLE:MULTIPLE all udp 127.0.0.1:17878 -> 127.0.0.1:53 MULTIPLE:SINGLE all udp 127.0.0.1:53 <- 127.0.0.1:17878 SINGLE:MULTIPLE all udp 127.0.0.1:52408 -> 127.0.0.1:53 MULTIPLE:SINGLE all udp 127.0.0.1:53 <- 127.0.0.1:52408 SINGLE:MULTIPLE all udp 127.0.0.1:16755 -> 127.0.0.1:53 MULTIPLE:SINGLE all udp 127.0.0.1:53 <- 127.0.0.1:16755 SINGLE:MULTIPLE all udp 127.0.0.1:42508 -> 127.0.0.1:53 MULTIPLE:SINGLE all udp 127.0.0.1:53 <- 127.0.0.1:42508 SINGLE:MULTIPLE all udp 127.0.0.1:23903 -> 127.0.0.1:53 MULTIPLE:SINGLE all udp 127.0.0.1:53 <- 127.0.0.1:23903 SINGLE:MULTIPLE all udp 127.0.0.1:20783 -> 127.0.0.1:53 MULTIPLE:SINGLE all udp 127.0.0.1:53 <- 127.0.0.1:20783 SINGLE:MULTIPLE all udp 127.0.0.1:47340 -> 127.0.0.1:53 MULTIPLE:SINGLE all udp 127.0.0.1:53 <- 127.0.0.1:47340 SINGLE:MULTIPLE all udp 127.0.0.1:42236 -> 127.0.0.1:53 MULTIPLE:SINGLE all udp 127.0.0.1:53 <- 127.0.0.1:42236 SINGLE:MULTIPLE all udp 127.0.0.1:49248 -> 127.0.0.1:53 MULTIPLE:SINGLE all udp 127.0.0.1:53 <- 127.0.0.1:49248 SINGLE:MULTIPLE all udp 172.16.3.228:12345 -> 172.16.3.226:12345 SINGLE:NO_TRAFFIC all udp 172.16.3.228:12345 -> 172.16.3.227:12345 SINGLE:NO_TRAFFIC all udp 172.16.3.228:12345 -> 172.16.3.229:12345 SINGLE:NO_TRAFFIC all udp 172.16.3.228:12345 -> 172.16.3.230:12345 SINGLE:NO_TRAFFIC all udp 172.16.7.4:12345 -> 172.16.7.1:12345 SINGLE:NO_TRAFFIC all udp 172.16.7.4:12345 -> 172.16.7.2:12345 SINGLE:NO_TRAFFIC all udp 172.16.7.4:12345 -> 172.16.7.3:12345 SINGLE:NO_TRAFFIC all udp 172.16.7.4:12345 -> 172.16.7.5:12345 SINGLE:NO_TRAFFIC all udp 172.16.7.4:12345 -> 172.16.7.6:12345 SINGLE:NO_TRAFFIC all udp 172.16.3.228:12345 -> 172.16.7.130:12345 SINGLE:NO_TRAFFIC all udp 172.16.3.228:12345 -> 172.16.7.131:12345 SINGLE:NO_TRAFFIC all udp 172.16.3.228:12345 -> 172.16.7.132:12345 SINGLE:NO_TRAFFIC all udp 172.16.3.228:12345 -> 172.16.7.133:12345 SINGLE:NO_TRAFFIC all udp 172.16.3.228:12345 -> 172.16.7.134:12345 SINGLE:NO_TRAFFIC INFO: Status: Enabled for 20 days 19:31:31 Debug: Urgent State Table Total Rate current entries 82 searches 3990948 2.2/s inserts 756348 0.4/s removals 756266 0.4/s Counters match 31153363 17.3/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 0 0.0/s proto-cksum 0 0.0/s state-mismatch 62 0.0/s state-insert 6 0.0/s state-limit 0 0.0/s src-limit 0 0.0/s synproxy 0 0.0/s TIMEOUTS: tcp.first 120s tcp.opening 30s tcp.established 86400s tcp.closing 900s tcp.finwait 45s tcp.closed 90s tcp.tsdiff 30s udp.first 60s udp.single 30s udp.multiple 60s icmp.first 20s icmp.error 10s other.first 60s other.single 30s other.multiple 60s frag 30s interval 10s adaptive.start 6000 states adaptive.end 12000 states src.track 0s LIMITS: states hard limit 10000 src-nodes hard limit 10000 frags hard limit 5000 tables hard limit 1000 table-entries hard limit 200000 TABLES: wlportal OS FINGERPRINTS: 700 fingerprints loaded HybridZTWvdSterre# pfctl -t wlportal -T show 172.17.106.161
Note:
See TracTickets
for help on using tickets.
