@Gertjan: So, your CP is running from LAN. What are the LAN firewall rules ? Is it possible that you run CP from it's own OPT1 interface ? (another thread is going on right now about troubles running CP from LAN ….) I would say : CP is meant to be running from OPTx, not from the network card 'LAN'. I'm using the CP now for 3 years (LAN = compagny, CP = non trusted clients - I use pfsense for a hotel, with the classic setup) ok.i'm let enable CP on OPT1 interface it's work. ;) thank you for advance

Yes, you're right, it's all what I want. But, I would like to be assured in it, that the traffic from/to "ip list" hosts doesn't accounts with Radius at all. p.s. as I know, for example, mikrotik radius clients always counts "walled garden" traffic.

@MoRoZ: thanx. I think this topic migth be post to FAQ When the pfsense is equiped with wifi-card, this Wiki is valid : http://doc.m0n0.ch/handbook/wireless.html - an OPT1 interface IS implied. But : The CP-wiki itself from here http://doc.m0n0.ch/handbook/captiveportal.html indicated that the LAN port CAN be used. Now, who am I to say that's logic that LAN isn't the good one for mounting CP on it, but one of the present OPTx should do the job. @lwaldo: my cp no funtion with windows vista or windows mobile? Don't know. I can connect very well with my 1.2.1-RC1 built on Sun Aug 31 06:26:57 EDT 2008 using Vista Pro, or a IPhone II for that matter. Please note that your question / remark contains no details at all, and might as well not be related to this thread.

I believe that with 'new traffic shaper' in the 1.3 release it will be able to dynamically changing user's bandwidth settings.

Ok, answering my own question here. This is the code I added to my PHP login page to make it work function returnmacAddress() { // This code is under the GNU Public Licence // Written by michael_stankiewicz {don't spam} at yahoo {no spam} dot com // Get the arp executable path $location = `which arp`; $location = rtrim($location); // Execute the arp command and store the output in $arpTable $arpTable = `$location -a`; // Split the output so every line is an entry of the $arpSplitted array $arpSplitted = split("\n",$arpTable); // Get the remote ip address (the ip address of the client, the browser) $remoteIp = $GLOBALS['REMOTE_ADDR']; $remoteIp = str_replace(".", "\\.", $remoteIp); // Cycle the array to find the match with the remote ip address foreach ($arpSplitted as $value) { // Split every arp line, this is done in case the format of the arp // command output is a bit different than expected $valueSplitted = split(" ",$value); foreach ($valueSplitted as $spLine) { if (preg_match("/$remoteIp/",$spLine)) { $ipFound = true; } // The ip address has been found, now rescan all the string // to get the mac address if ($ipFound) { // Rescan all the string, in case the mac address, in the string // returned by arp, comes before the ip address // (you know, Murphy's laws) reset($valueSplitted); foreach ($valueSplitted as $spLine) { if (preg_match("/[0-9a-f][0-9a-f][:-]"."[0-9a-f][0-9a-f][:-]"."[0-9a-f][0-9a-f][:-]"."[0-9a-f][0-9a-f][:-]"."[0-9a-f][0-9a-f][:-]"."[0-9a-f][0-9a-f]/i",$spLine)) { return $spLine; } } } $ipFound = false; } } return false; } ?> And then where I want to display the MAC address we put:

Since no one seems to bother with documenting this, and I just finished banging my head against this issue where the redirect just keeps reloading itself and not going to the page specified. To fix it you MUST do the quotation marks in the META HTTP-EQUIV line correctly: Bad Good Hope this saves other people torment anguish and wasted time Googling. @Gertjan: @alexander007: I found the problem ;D What was it  ? :D Do we have to supose that somethings is wrong with your posts ?

Awesome!  That worked.  I had turned on Advanced before, but had not deleted the rule.  Many thanks!!

Many thanks for the input, but as I tentatively suggested the other day, in fact the problem was caused by my firewall rules - I was blocking too much!

Ah, ok.  Sounds easy enough.  It sounds to me like your clients can't resolve DNS, therefore can't get to much of anything.  What I would do (and what I have done before in a relatively similar situation) is create a bind instance that serves only this network and hand it out to clients.  In this bind (or whatever your DNS server of choice is) configure it to answer www.yourdomain.com for every query.  You wouldn't even need the CP for that.  You may want to also block DNS queries to any other servers to prevent folks from just configuring their own resolvers. nb

In fact, I use CP only for wireless user. Then, I just need to send a email for a user that user wired network. I'll try to explain. I have a wired and wireless network for my company. I use PF and Cp only for external people of my company. For some security policies, I need to change the CP password everyday and send the new password to the reception email. Then, when a external person come to the reception, the receptionist can give the new password of the day. To do this, did I realy need a external mysql database? can't I create and cron job to launch a scrit to change the local database?

Use onload to execute a javascript, which uses setTimeout() to submit the form after a few seconds. Note however that you still must have a hidden form embedded in the page.

Thanks! I look forward to testing it.

Stanelie Sorry by the time, I was on hollidays  ;D I don't remember what was wrong, but it was somehing with the Radius server on W2k3 server, so use this guide to solve your problem http://www.pfsense.org/mirror.php?section=tutorials/cp_config/radius_win2k3.htm bye

@mechanicalmetal: But as far as setting the subnet for the interface, do I do that through pfsense? On PFSense go to the menu 'Interfaces' then to 'Opt1' Set 'Bridge with' to none and Set the 'IP configuration' to something like 10.2.0.1 / 24 or you could use 192.168.2.1 / 24 your choice on the IP you want. Services -> DHCP Server -> Opt1 And set up a DHCP range for your optional interface. Firewall -> Rules -> Opt1 tab Action: Pass Interface: Opt1 Protocol: any Source: any Destination: any Description: Opt to Any That should be enough to get your Opt1 interface working for a laptop or anything connected to it.

Hmmm, is this a NAT or routed setup?  All of mine are currently routed and I don't see this behavior.  Once the timer is expired their connectivity is killed.

No problem.  If it can be done with the CP, I've probably done it.  =P