Hi Thanks, but the ipfw command not working, I have try all commands of this topics https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting#Zones [2.3-RELEASE][admin@]/root: ipfw -x guest show ipfw: Context 0 is invalid [2.3-RELEASE][admin@]/root: ipfw -x zone1 show ipfw: Context 0 is invalid [2.3-RELEASE][admin@]/root: ipfw ipfw: usage: ipfw [options] do "ipfw -h" or "man ipfw" for details [2.3-RELEASE][admin@]/root: ipfw -x zonel show ipfw: Context 0 is invalid [2.3-RELEASE][admin@]/root: ipfw -x LAN_GUEST show ipfw: Context 0 is invalid [2.3-RELEASE][admin@]/root: ipfw show ipfw: Context is mandatory: No such file or directory [2.3-RELEASE][admin@]/root: ipfw -x context list ipfw: Context 0 is invalid [2.3-RELEASE][admin@]/root: ipfw_context -l ipfw_context: Command not found. [2.3-RELEASE][admin@]/root: [2.3-RELEASE][admin@]/root: ipfw_context -1 ipfw_context: Command not found. [2.3-RELEASE][admin@]/root: ipfw -x LAN_GUEST show ipfw: Context 0 is invalid [2.3-RELEASE][admin@]/root: ipfw -x 2 show ipfw: setsockopt: choosing context [2.3-RELEASE][admin@]/root: ipfw zone list ipfw: Error returned: Unknown error: -1 : Invalid argument do you know why ?

The plan is to both have a time limit for the users and to limit the amount of traffic for the users. Regarding the timing issue, I know that this is difficult when not having a users database to authenticate against. The only way would be to use the device's Mac addresses and to check when they logged in for the first time and then measure the time from then… Regarding the amount of traffic, I currently use ntopng to monitor and count the traffic the users are generating and as soon as they reached the 400 MB, I add their IP address to the firewall's block list. That's not a really convenient solution, as it involves manual tweaking where I thought ipSense could help... Are anonymous hotspot really that rare that there's no support needed for such features? (I think the free WiFi hotspots are becoming more and more common ... I think that the CP in pfSense would be even more attractive if there were more options for anonymous users... But's just my opinion. I still find it a great product and I can get what I need ;-) ) Regarding the suggestion with FreeRADIUS: This would be a great solution, but I have to create the users (i.e. the Mac addresses) first in order to be able to authenticate against the user database. As I don't know the Mac addresses of the customers, this is quite difficult... Best would be if such users be generated on the fly by the RADIUS server...

Didn't we already go over this in this thread. https://forum.pfsense.org/index.php?topic=133348.0 That you could just create a firewall rule to block access on your wifi router 2 network, and that you didn't need to nat it, etc. etc.

ok it works now, thank you NogBadTheBad!

You have to manage the contents of the MySQL database yourself. Neither the package nor pfSense will do that for you.

@mbutz89: I keep getting this error: PHP ERROR: Type: 1, File: /var/etc/captiveportal_guest.html, Line: 20, Message: Allowed memory size of 134217728 bytes exhausted (tried to allocate 112082944 bytes). Has anyone ever encountered this issue and is there a fix for it? Thank you for any future replies. This file does not belong to a clean install of pfSense. Some one (probably you) uploaded  "self made files" and they do not respect the syntax (html or PHP) or you try to include files that do not exist. Put thinks back as they ware originally and you'll be fine.

Even generating a new roll leaves trhe CSV empty. I'm really in trouble with that. Anyone any idea? I got voucher_gaeste_active and voucher_gaeste_used for each roll in /var/db. but where are the unused vouchers saved?

Thanks for the reply. By meaning of it: How can I create block rule in fw without blocking CP? I wanted to add the firewall rule than blocks all the traffic at the end of list, so that CP rules for redirection, and rules that allows users IP + MAC to pass apply before that rule.

https://forum.pfsense.org/index.php?topic=110577.0

I use these rules (see image) to enforce that users can only contact the DNS resolver running on pfSense. Abusing this DNS server (the one pfSense uses)  for tunneling purposes …. I don't know ... [image: dns-pfsense-portal.PNG] [image: dns-pfsense-portal.PNG_thumb]

Use /etc/rc.restart_webgui like the example shows, that will restart nginx instances for the GUI and Captive Portal. It happens quickly, there isn't really any incentive to restart only one or the other for something as infrequent as a certificate update (once per month at most, could be as rare as once every 90 days)

Great !

Thanks that works. Post is resolved :)

@YQ: ….. Not really. They specifically use nas identifiers to identify hotspots. (did a search on their site using google's "site:" parameter) Of course they use the NAS. And the IP …. and who knows what more. I have the technical doc from these guys http://www.passman-hotels.com/ (a portal operator in France) and their AP's are using VPN's. Or maybe they use a Radius server build for their own needs. I can't tell (and they won't tell me ^^).

@j4nus: Is there a way to specify the zone id ? The zone id 80 (in place 2) would be a good match, so the captive portal would run on tcp/8080 which is usually allowed (at least to connect a proxy). Using "8080" (http), it can be done. The dumb solution : create a portal zone. You'll see the port number increments. Continue creating until you reached '8080' for your http. Now, wipe all preceding zones. Or: The smart one : create a zone. Test drive it. Stop captive portal. Edit your config.xml (the captive portal is easy to find, change the ID (which will be added to 8000)). Save. Start portal. Check.

Thanks jimp! Will look into that. EDIT: Will FreeRADIUS do the trick? I see you can assign users a VLAN…

Wow, thanks for the quick reply and fix :)

Ohh i am a new to it soo i need some help. it would be great if some can help ok i need my log out page to display some things one is username of the logined in account second is the mac address third how much data the user used im am doing in a vmware soo till now no issue i dont know coding so hope you guys can help me out i modified a templet so dont think i designed it .. i have a issue in firefox also i need it to display it not like a pop up in firefox showing this network  requires you to login can any one help me out whit this too will test with chrome also hope it show without any issue [image: Untitledq.jpg] [image: Untitledq.jpg_thumb]

thanks a lot for your help Excuse me for my english