Welcome, Guest. Please login or register.
Did you miss your activation email?
17 May, 2012, 11:23:48 pm
Home Help Search Login Register

Kitaplar

Dökümanlar

Lazarus and FreePascal

Erişim

Stats

Members
Stats
  • Total Posts: 384
  • Total Topics: 97
  • Online Today: 13
  • Online Ever: 86
  • (10 May, 2012, 11:29:23 pm)
Users Online
Users: 0
Guests: 12
Total: 12
+  Linux Programlama
|-+  Forum
| |-+  Linux ve BSD Genel Kullanım
| | |-+  PfSense
| | | |-+  captive portal sorunu		 « previous next »
Pages: [1] Go Down Print
Author Topic: captive portal sorunu  (Read 2702 times)
b-yaz
Newbie
*
Posts: 23


View Profile
« on: 19 April, 2010, 08:10:25 am »
merhabalar,
yeni keşfettiğim bir olayı paylaşıp sizden yardımlarınızı rica edeceğim.
pfsense makinasını kurup ağa taktığımda (squid+squidguard+captiveportal) ilk başlarda herşey normal giderken, birkaç tane nat ayarı yaparak dışarıdan içeriye belli portlarden erişim izinleri verdim. ancak aradan yarım saat geçer geçmez nat ayarları işlemiyordu, makineye yeniden başlatsam da durum değişmiyordu. daha sonra captive portalı kapatınca ya da ipfw -q -f flush komutunu verince düzeldiğini gördüm. ancak captive portal ı kullanmam gerekli ayrıca az önce yazdığım komutu uygulayınca da captive portal çalışmıyor.

konuyla ilgili bilgisi olan yardımcı olabilirse çok sevinirim, teşekkürler...
Logged
alivardar
Administrator
Full Member
*****
Posts: 160


View Profile WWW
« Reply #1 on: 19 April, 2010, 09:03:41 am »
selamlar

captive portal aktif olduktan sonra firewall listesinde bir şey var mı?
ipw ile listeye bakın hepsi aktif olduktan ve problem başladıktan sonra

Buradan kopyaladım.

http://www.freebsd.org/doc/handbook/firewalls-ipfw.html


To list all the rules in sequence:

# ipfw list

To list all the rules with a time stamp of when the last time the rule was matched:

# ipfw -t list

The next example lists accounting information, the packet count for matched rules along with the rules themselves. The first column is the rule number, followed by the number of outgoing matched packets, followed by the number of incoming matched packets, and then the rule itself.

# ipfw -a list

List the dynamic rules in addition to the static rules:

# ipfw -d list

Also show the expired dynamic rules:

# ipfw -d -e list

Zero the counters:

# ipfw zero

Zero the counters for just the rule with number NUM:

# ipfw zero NUM
Logged
b-yaz
Newbie
*
Posts: 23


View Profile
« Reply #2 on: 19 April, 2010, 12:13:03 pm »
#ipfw show komutuyla şu satırları almıştım sorun ortaya çıktığında

00030 1190  305389 skipto 50000 ip from any to any in via re0 keep-state
00050    1      28 skipto 29900 ip from any to any MAC x0:x3:x1:x9:xd:xe any keep-state
00050    9    2642 skipto 29900 ip from any to any MAC any x0:x3:x1:x9:xd:xe keep-state
00050    2      56 skipto 29900 ip from any to any MAC 00:03:81:49:7e:7b any keep-state
00050   42    5192 skipto 29900 ip from any to any MAC any x0:x3:x1:x9:xe:xb keep-state
00050    2      56 skipto 29900 ip from any to any MAC x0:x3:x1:x9:xf:xd any keep-state
00050    9    2642 skipto 29900 ip from any to any MAC any x0:x3:x1:x9:xf:dd keep-state
00050    3     384 skipto 29900 ip from any to any MAC x0:x3:x1:x9:x0:xd any keep-state
00050   68    7769 skipto 29900 ip from any to any MAC any x0:x3:x1:x9:x0:xd keep-state
00050   49   16072 skipto 29900 ip from any to any MAC x0:x3:x1:xc:x3:xd any keep-state
00050  104   33674 skipto 29900 ip from any to any MAC any x0:x3:x1:xc:x3:xd keep-state
00050    1     328 skipto 29900 ip from any to any MAC x0:x3:x1:x1:x7:xf any keep-state
00050    3     688 skipto 29900 ip from any to any MAC any x0:x3:x1:x1:x7:xf keep-state
00050    1     328 skipto 29900 ip from any to any MAC x0:x3:x1:x7:x4:x1 any keep-state
00050    2     642 skipto 29900 ip from any to any MAC any x0:x3:x1:x7:x4:x1 keep-state
00050    3      84 skipto 29900 ip from any to any MAC x0:x7:xc:x8:x0:xe any keep-state
00050    6     330 skipto 29900 ip from any to any MAC any x0:x7:xc:x8:x0:xe keep-state
00050    0       0 skipto 29900 ip from any to any MAC x0:xb:xf:x0:x4:x7 any keep-state
00050    0       0 skipto 29900 ip from any to any MAC any x0:xb:xf:x0:x4:x7 keep-state
00050    0       0 skipto 29900 ip from any to any MAC x0:xb:xf:x0:xe:x2 any keep-state
00050    0       0 skipto 29900 ip from any to any MAC any x0:xb:xf:x0:xe:x2 keep-state
00050    0       0 skipto 29900 ip from any to any MAC x0:xb:xf:x2:x3:xb any keep-state
00050    0       0 skipto 29900 ip from any to any MAC any x0:xb:xf:x2:x3:xb keep-state
00050    0       0 skipto 29900 ip from any to any MAC x0:xb:xf:x2:xc:x7 any keep-state
00050    0       0 skipto 29900 ip from any to any MAC any x0:xb:xf:x2:xc:x7 keep-state
00050    0       0 skipto 29900 ip from any to any MAC x0:xb:xf:x2:xc:x8 any keep-state
00050    0       0 skipto 29900 ip from any to any MAC any x0:xb:xf:x2:xc:x8 keep-state
00050    0       0 skipto 29900 ip from any to any MAC x0:xc:x0:xf:x7:x0 any keep-state
00050  714  140297 skipto 29900 ip from any to any MAC any x0:xc:x0:xf:x7:x0 keep-state
00500    0       0 allow pfsync from any to any
00500    0       0 allow carp from any to any
00500  645  329352 allow ip from 192.168.2.1 to any out via dc0
00501  538   96938 allow ip from any to 192.168.2.1 in via dc0
01000 1863  429288 skipto 50000 ip from any to any not layer2 not via dc0
01001    0       0 allow ip from any to any layer2 not via dc0
01100   57    2406 allow ip from any to any layer2 mac-type 0x0806
01100    0       0 allow ip from any to any layer2 mac-type 0x888e
01100    0       0 allow ip from any to any layer2 mac-type 0x88c7
01100    0       0 allow ip from any to any layer2 mac-type 0x8863
01100    0       0 allow ip from any to any layer2 mac-type 0x8864
01100    0       0 allow ip from any to any layer2 mac-type 0x8863
01100    0       0 allow ip from any to any layer2 mac-type 0x8864
01100    0       0 allow ip from any to any layer2 mac-type 0x888e
01101    0       0 deny ip from any to any layer2 not mac-type 0x0800
01102 1482  350957 skipto 20000 ip from any to any layer2
01200    1     328 allow udp from any 68 to 255.255.255.255 dst-port 67 in
01201    0       0 allow udp from any 68 to 192.168.2.1 dst-port 67 in
01202    0       0 allow udp from 192.168.2.1 67 to any dst-port 68 out
01203    0       0 allow icmp from 192.168.2.1 to any out icmptypes 8
01204    0       0 allow icmp from any to 192.168.2.1 in icmptypes 0
01300    0       0 allow udp from any to 192.168.2.1 dst-port 53 in
01300    0       0 allow udp from any to 192.168.2.1 dst-port 53 in
01301    0       0 allow udp from 192.168.2.1 53 to any out
01301    0       0 allow udp from 192.168.2.1 53 to any out
01302    0       0 allow tcp from any to 192.168.2.1 dst-port 8000 in
01302    0       0 allow tcp from any to 192.168.2.1 dst-port 8000 in
01303    0       0 allow tcp from 192.168.2.1 8000 to any out
01303    0       0 allow tcp from 192.168.2.1 8000 to any out
10000  642   62416 skipto 50000 ip from 192.168.2.41 to any in
10000  660  255227 skipto 50000 ip from any to 192.168.2.41 out
19902   20    1873 fwd 127.0.0.1,8000 tcp from any to any dst-port 80 in
19903   14    1668 allow tcp from any 80 to any out
19904  503   52563 deny ip from any to any
20000    0       0 deny ip from 192.168.2.41 to any not MAC any x0:xb:x4:x9:xe:x1 layer2 in
20000    0       0 deny ip from any to 192.168.2.41 not MAC x0:xb:x4:x9:xe:x1 any layer2 out
29900 2375  534591 allow ip from any to any layer2
65535 4516 1105183 allow ip from any to any
Logged
b-yaz
Newbie
*
Posts: 23


View Profile
« Reply #3 on: 17 June, 2010, 11:24:56 am »
sorunun sebebi ethernet kartlarıymış. ethernet kartlarını tp-link TG-3269 olarak değiştirdim şu an sorunsuz çalışıyor. daha önceki ethernet kartları 10/100 3com ethernet kartlarıydı. şimdikiler gbit ethernet.
Logged
alivardar
Administrator
Full Member
*****
Posts: 160


View Profile WWW
« Reply #4 on: 17 June, 2010, 02:35:47 pm »

geçmiş olsun
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Forum / Destek

GPL Applications

TinyPortal v1.0 beta 4 © Bloc


Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines Valid XHTML 1.0! Valid CSS!