1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Shibby 106 Captive Portal Timeout

Discussion in 'Tomato Firmware' started by bmupton, Feb 25, 2013.

  1. bmupton

    bmupton Serious Server Member

    Hi all,

    I recently "upgraded" from the latest Teaman build to Shibby's latest build (106 at the time of this writing). I say upgraded in that there's just more stuff in this build (Big-VPN) compared to Teaman's. I don't even know why I upgraded. Guess I was bored. Teaman was working fine for me.

    Anyhow, I noticed the Captive Portal settings in Shibby (I'll be clear here, I was NOT using captive portal on Teaman because I didn't want to run it on my main LAN and in his build that's the interface it gets enabled for) you can enable it for any interface you like...so I figured I'd give it a try.

    I have four LAN interfaces (br0-br3) each on different subnets. Each of the three additional LANs have a virtual wireless interface assigned to them. My main LAN is 192.168.1.1 then I have two guest networks one that is WPA2 protected that I share with friends and one that is open entirely (these are on 191.168.2.1 and 192.168.3.1 respectively). Then I have a fourth network that is WPA2 protected that I also assign port 4 on the router to via VLAN gui and it's traffic gets routed over a VPN connection (using the script found at this link: http://linksysinfo.org/index.php?threads/any-way-to-bypass-vpn-selectively.33468/#post-164693).

    That all works beautifully.

    What I would like to do is enable the captive portal on the open guest interface. When I do this, however, the splash page shows as expected, but clicking the agree button sits there until the connection times out and my browser tells me that the request has timed out. Disabling the captive portal immediately solves the issue and the open network has Internet access again.

    Any ideas? I've been searching but I haven't come across anyone else having this issue with a solution posted.

    I should also say I have enabled QoS and it is working as well without issue.
     
  2. Michclark

    Michclark New Member Member


    I'm seeing the problem you're describing (it's now 2015). I'm using Shibby based on Tomato 1.28 built on 24 March 2015.

    I've tracked the issue into iptables. It looks like the NoCat iptable chain is dropping the packets that should be authorized. Looking at the NoCat chain stats shows drop counts even when an authorized MAC is in the MANGLE table.

    The Mangle table is supposed to be marking the packets, but it looks like the MARK is NOT making it from mangle to the filter table. There are matches for mark 1,2 and 3 and none of them are hit. I suspect the packet is actually NOT marked, since playing around with logging packets marked 0-4 is not showing anything in the logs.
     
  3. Magdiel1975

    Magdiel1975 Networkin' Nut Member

    I am having issues with Captive Portal with br1 .. it does not work at all when applied to any other LAN besides the default br0.

    Also, I have tried using other html templates and it's very buggy and does not work.. I have already posted several times about this, but noeone responds at all.
     
  4. Magdiel1975

    Magdiel1975 Networkin' Nut Member

    I found a solution for my problem...
    I forgot I had some rules blocking guest networks from accessing the router's ui, so ofcourse Captive Portal is not going to work for the guest networks...so, I found I needed to add this exception...
    iptables -I INPUT -i br1 -p tcp --dport 5280 -j ACCEPT
     

Share This Page