Nomadix handles this in an interesting way. Their gateway does arp spoofing for every address it hears a arp request for or broadcast for. Wonder if this can be done with ebtables as well at the gateway. OR a rewrite of proxyarp.

well that´s a way of doing it ofcourse, it´s cinda complicated setup just because it doesent support secure auth. Besides i dont think captive portal supports authentication check against 2 active directorys(if it´s not in the first then it checks the second one), or does it? I´d really wouldent mind swapping out the astaro but it seem hard to do atm :/ /F

@denis31: Same problem here. Captive Portal doesn't work on OPT* interfaces (unless I call http://<pfsenseip>:8000 ) It only works on LAN interface.</pfsenseip> See http://doc.pfsense.org/index.php/Captive_Portal_and_VLANs

You have to put in an Allowed IP entry for that host.

Embedded does automount r/w when doing stuff like uploading a CP file. Other than that, mounting a CD for read & WRITE is sub optimal.

You can do that with the captive portal. You don't have to use authentication, though it may require clicking a button to pass through. It can redirect the client's first page request anywhere you want.

This thread is a dupe, see here: http://forum.pfsense.org/index.php/topic,20101.0.html In summary: the link from /usr/local/captiveportal to /var/db/cpelements is missing.  I tried to re-create it, but was met with a read-only filesystem error, probably because I'm running live-cd.  I hope the devs have a suggestion. Mike

@fvaz: ok… I Find and fix the problem.. I would like to change to.... Go to etc\inc there are the file captiveportal.inc... Edit the file, go to line 423 and put the rule " redirect non-authenticated clients to captive portal add 19904 set 1 fwd 127.0.0.1,8001 tcp from any to any 443 in let the responses from the captive portal web server back out add 19905 set 1 pass tcp from any 443 to any out " Works, if you have https on the captive portal, put port 8000 if you have http on the login portal Hope... Help... (lost many days to find this issue ) no work

I was attempting to do this as well.  Neither 1.2.3 nor 2.0-BETA1 can do this.  Hopefully a future addition?  :) @rhy7s: Just wondering, is there any reason why the captive portal can't use the firewall's aliases in the pass-through options?

I don't use WLAN. GUEST is FastEthernet-RJ45 to my neighbors computer.

@estatecafe We are discussing 1.2.3-Release here at the moment. And in terms of user accounts, i am using FreeRADIUS + phpMyPrepaid and point my CP radius settings to my RADIUS. Since Voucher dont exist on 1.2.3-Release.  Maybe you can closely coordinate with 2.0 Developers for CP. Regards,

forgot to mention, if you are trying to access any other port besides 443/80/81/8080 (the standard http ports) it will NOT work. you mentioned telnet, if you try to access email through outlook on a network that has a cp outlook wont work you have to open a browser first and then go through the cp stuff before getting on the net.

thats right you are not using a wan link. you may have to fake it then

Thanks. I've just disabled DHCP server on wrt320n (and also wrt610n) and changed plug with inet source from WAN to LAN. IP list based pass through -> mac list (for wired network) CP works like a charm. :) SOLVED.

@cylent: UPDATE: I DID IT. ITS NOW WORKING thanks to all who didnt participate. it was so simple i cant believe i missed it!!! basically i added the opt1 interface to the proxy server list from the gui Now; question 2 arises. There is a speed limit option for CP users. well the passthrough users for mac address. dont they get full speed? how can we let them get full speed and not the speed limit specified? also, would it be possible in the future to allow all users to have their own assigned speed? :) Future will tell if that's the whole story for your setup. Are you using transparent? I cannot seem to get both CP and Squid working and sometime I have got it to work sort of once and not more etc. I have an upgraded system with quite a few packages so there may be other variables involved. Let us know if you experience any more problems or oddities. Cheers,