|
|
#1
07-27-2010, 08:16 AM
|
|||
|
|||
Paypal IPN
Hello does someone have any detailed steps for
configuring paypal IPNs I keep getting these email notifications (below) and no transactions are showing in Rush yet payments are being recieved and the portal system is working ****** Please check your server that handles PayPal Instant Payment Notification (IPN) messages. Messages sent to the following URL(s) are not being received: xxxx://10.0.0.xxx/WiFi-CPA/modules/payment/PayPal/ipn.php ****** Rush is natted behind a core Pfsense router that has some additional real world IPs available Rush has been given its own 1:1 real IP in Pf sense and the rules to allow traffic to rush are inplace as follows WAN TCP 80 (HTTP) xx.xxx.xxx.xx (ext.: xx.xxx.xxx.xx) 80 (HTTP) Wifi Rush WAN TCP/UDP 443 (HTTPS) xx.xxx.xxx.xx (ext.: xx.xxx.xxx.xx) 443 (HTTPS) Wifi Rush WAN TCP/UDP 1812 (RADIUS) xx.xxx.xxx.xx (ext.: xx.xxx.xxx.xx) 1812 (RADIUS) Wifi Rush WAN TCP/UDP 1813 (RADIUS accounting) xx.xxx.xxx.xx (ext.: xx.xxx.xxx.xx) 1813 (RADIUS accounting) Wifi Rush Do IPNs require some other magic port or secret configuration any help would be appreciated 
|
|
#5
07-29-2010, 08:57 AM
|
|||
|
|||
|
It is listed with the internal address which in this case is 10.0.0.138
But it is being 1:1 natted from our real Pfsense router so if I changed it to the real world IP then I would no longer have access to it from the network internally unless I configure the second nic in rush's underlying Pf sense system and give the lan the 10.0.0.138 Currently Rush is only being used as an authentication box for a few test hotspots and therfore only one nic is being used ie the WAN nic the LAN side is not connected to anything mayby that is whats going on perhaps it must be I assumed because it was not being used for any routing functions it didnt need to be so I guess then I should assign the wan to the real Ip and then give the LAN side the 10.0.0.138 address Although everything works correctly the way it is clients are paying and getting access as to be expected just no IPNs shouldnt I simply be able to do a port forward for the IPNs from our real core Pf router to the 10.0.0.138 and leave it as it is Thanx for the replies guys Last edited by Mad Dawg; 07-29-2010 at 09:03 AM.
|
|
#9
08-05-2010, 11:08 PM
|
|||
|
|||
|
Tried that and after i did the login page will not display to users on the hotspots however
if I use one of my other gateway routers as my internet (its on a remote segment of our network with its own internet source) I can access rush from it no problem so I know the 1:1 NAT is routing the realworld IP properly While this works fine for external access from another internet source it will not work for users who are already behind the lan and using the same PF router thats doing the 1:1 NAT if its also their internet gateway I assume that if I put rush behind my main PF gateway and use both nics in a wan and lan router type setup it would work fine but I do not want to have it block all my network at this point just catch the few hotspots I am testing If I were to move it behind my Gateway router would it only authenticate the hotspot aps that have the coova firmware on them or will it try to block everything for now I want the rest of my network traffic to pass through unrestricted Last edited by Mad Dawg; 08-05-2010 at 11:16 PM.
|
|
#10
08-05-2010, 11:15 PM
|
|||
|
|||
|
The issue is you have is an internal machine(client pc) trying to access an internal server(Hotspot gateway) via the external IP.
Most NAT implementations will not allow this so not sure there is a real solution. Research NAT hairpinning and you will find a common problem. Most solve it via some type of split DNS. have the address resolve to the internal IP for the internal network and the external IP for the external network.
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
