Disable NAT on the wifi router and create a static route pointing to the ip of the wifi router for the wifi subnet.
Basically convert the setup into a routed network instead of a NATed setup.

With some help from these two posts I've manged a solution:
http://forum.pfsense.org/index.php/topic,5796.0.html (auto posting the form)
http://forum.pfsense.org/index.php/topic,5368.0.html (passing action & redirurl to custom .php page)

I'd still appreciate any corrections or suggestions.  Thanks!

index.html:

Redirecting . . .

p.php:```

$message = ""; // set default error message to empty $portal_redirurl = $_GET['portal_redirurl']; // get portal_redirurl from URL $portal_action = $_GET['portal_action']; // get portal_action from URL // if form submitted, validate

if ($_POST['submitted'] == 1)
{
$email = $_POST['email']; // get submitted e-mail address
$pattern = '/.@...*/'; // used to "validate" submitted e-mail address

// if valid, process and auto-submit portal form if (preg_match($pattern, $_POST['email']) > 0) { // use e-mail here . . . // build auto-submitting for to allow user thru captive portal echo " "; exit; // prevents latter code from displaying

}
// if email is invalid, set error message to be displayed
        $message = "E-mail address must be valid!

";
}
?>

ACCEPTABLE USE POLICY <iframe src="captiveportal-aup.html" style="width:90%;height:65%;margin-bottom:20px;"></iframe> $message";?>

<form method="post" action="<?echo $_SERVER['PHP_SELF'] . " ?portal_action=" . $portal_action . " &portal_redirurl=" . $portal_redirurl;?>">
Please enter your e-mail address:

By clicking 'Continue' you agree to the Acceptable Use Policy. </form>

I'm guessing you're using SquidGuard?  The general problem has been discussed in many threads.  Can I suggest you use the search function (the search menu, not the search box above, so you search the entire forum) and read them, rather than having people repeat what's already been written.

This document can help you.

http://santiagozky.wordpress.com/2007/11/04/wifi-con-autenticacion-por-radius-y-mysql-bajo-ubuntu/

Greetings

Luciano

You would need to setup pfsense with a wan and a lan then setup captive portal accounts. After that you would assign captive portal to the LAN interface.

On your original issue with getting your PBX to work behind pfSense. I am the developer of the FreeSWITCH package for pfSense and before that I used Asterisk behind pfSense.

To get a PBX to work behind pfSense you can need to setup Advanced outbound NAT at Firewall -> NAT -> Advanced Outbound NAT and set it to 'static'. For best result use pfSense 1.2.3 RC1 which has a change in it to maintain UDP connections alive. Another change that is needed is to setup System -> Advanced -> Firewall Optimization -> Conservative. If the phone system is behind NAT then you need to make NAT Port Forward entries for SIP and RTP. Then make sure the Rules are setup correctly most likely this would be created when you create the NAT Port Forward entries.

There is a failure in DD-WRT not PFSENSE.
I solved this for the moment by allowing AP9 mac in CP. The problem is that everybody can now get in that way.

OK I found the problem.

When you activate the captive portal it's impossible to join the CARP IP address of the interface where the captive portail activated.
Just go in the menu: Services/Captive Portl /  Allowed IP addresses
and add rules "direction" => To and put the CARP IP Address, in my case .85  And thats all good (very usefull for DNS reolution, you can now put .85 for the DNS in DHCP configuration, and the SSL for the captive portal working on the virtual IP address.)

You probably want to ask that question in the Captive Portal forum, rather than the General one (after you've searched).

Please do not post the same question multiple times.

No this is not possible.

But even if it where possible.
Beginning by having multiple subnets on the same physical layer.
This is bad practice. Someone could assign himself directly an IP and have access to everything (in his subnet).
Also its not good for your security to identify users based on MAC.
Do you know how easy it is to sniff some traffic on a network and fake one of the "authenticated" MACs?

Maybe if you could elaborate on what you're trying to do in the end someone could provide a better solution.

Just wanna ask a question;

I have a similer problem but the situation is something like this:

I have fixed computer's that are on the pass through macs list of the CP
Those computer's are also on the static pool of the DHCP
Firewall rules do apply to THOSE machines.

But when I try to connect with a dinamic client, only the firewall rules apply which I set before turning CP on. (80 443 and msn live login port)
They can't use the webcam on msn nor play WOW.

The symptoms are, New rules (which works for ONLY static's) defined after CP turning on.
Old rules works for auth'ing clients, but not the New ones.

Any idea's?

Nevermind, I found it out by myself. For those who are intrested in the solution:
Log in to pfSense and go to Diagnostics -> Edit File.

Edit the following file: /usr/local/captiveportal/index.php

To use one of the POST value's you can alter the var called $my_redirecturl. Since I dont want to send the username in plain text I've put md5 encryption around it.

Snippet:

$my_redirurl .= "&id=" . md5($_POST['auth_user']);

Thanks for the answer by the way  :)

So can you tell me how did you achieved that goal? I do have an external MySQL DB Server so all I need is Chillispot. But I need guidance  :(

It is definitely what I'm looking for.
I'll write down a post as a feature request, with some details of our shared "wish" :D

DestekTeknik,
sorry to tell for pfsense, but the solution I found and I'm going to test is to use another appliance I found in the internet. Following the URL: http://www.zeroshell.net/

I made the assumption that the backup and restore of the config would take care of that.

The 80/20 rule turned out to be true. I just got the version that was working, reloaded from scratch setting up the base config, and then imported that back in, and that worked perfectly. When I get some time, I will try the rebuild manually from scratch again and test it.

ok thank u all
and i happy for all ur help