• Captive Portal PAT (Port Address Translation) support

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    GruensFroeschliG

    Disable NAT on the wifi router and create a static route pointing to the ip of the wifi router for the wifi subnet.
    Basically convert the setup into a routed network instead of a NATed setup.

  • [SOLUTION] What's $PORTAL_ACTION$ ? Need help with custom PHP page.

    Locked
    2
    0 Votes
    2 Posts
    11k Views
    S

    With some help from these two posts I've manged a solution:
    http://forum.pfsense.org/index.php/topic,5796.0.html (auto posting the form)
    http://forum.pfsense.org/index.php/topic,5368.0.html (passing action & redirurl to custom .php page)

    I'd still appreciate any corrections or suggestions.  Thanks!

    index.html:

    Redirecting . . .

    p.php:```

    $message = ""; // set default error message to empty $portal_redirurl = $_GET['portal_redirurl']; // get portal_redirurl from URL $portal_action = $_GET['portal_action']; // get portal_action from URL // if form submitted, validate

    if ($_POST['submitted'] == 1)
    {
    $email = $_POST['email']; // get submitted e-mail address
    $pattern = '/.@...*/'; // used to "validate" submitted e-mail address

    // if valid, process and auto-submit portal form if (preg_match($pattern, $_POST['email']) > 0) { // use e-mail here . . . // build auto-submitting for to allow user thru captive portal echo " "; exit; // prevents latter code from displaying

    }
    // if email is invalid, set error message to be displayed
            $message = "E-mail address must be valid!

    ";
    }
    ?>

    ACCEPTABLE USE POLICY <iframe src="captiveportal-aup.html" style="width:90%;height:65%;margin-bottom:20px;"></iframe> $message";?>

    <form method="post" action="<?echo $_SERVER['PHP_SELF'] . " ?portal_action=" . $portal_action . " &portal_redirurl=" . $portal_redirurl;?>">
    Please enter your e-mail address:

    By clicking 'Continue' you agree to the Acceptable Use Policy. </form>
  • MOVED: Freeradius - changes to /etc/raddb/users not working

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • MOVED: Log website visited per users

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Can't download attached file from email.

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    Cry HavokC

    I'm guessing you're using SquidGuard?  The general problem has been discussed in many threads.  Can I suggest you use the search function (the search menu, not the search box above, so you search the entire forum) and read them, rather than having people repeat what's already been written.

  • Freeradius backend for creating users

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    L

    This document can help you.

    http://santiagozky.wordpress.com/2007/11/04/wifi-con-autenticacion-por-radius-y-mysql-bajo-ubuntu/

    Greetings

    Luciano

  • Is it Possible to use PFSENSE as just a Captive portal

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    C

    You would need to setup pfsense with a wan and a lan then setup captive portal accounts. After that you would assign captive portal to the LAN interface.

    On your original issue with getting your PBX to work behind pfSense. I am the developer of the FreeSWITCH package for pfSense and before that I used Asterisk behind pfSense.

    To get a PBX to work behind pfSense you can need to setup Advanced outbound NAT at Firewall -> NAT -> Advanced Outbound NAT and set it to 'static'. For best result use pfSense 1.2.3 RC1 which has a change in it to maintain UDP connections alive. Another change that is needed is to setup System -> Advanced -> Firewall Optimization -> Conservative. If the phone system is behind NAT then you need to make NAT Port Forward entries for SIP and RTP. Then make sure the Rules are setup correctly most likely this would be created when you create the NAT Port Forward entries.

  • CP refuse change of AP, what to do? (NOT PFSENSE)

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    E

    There is a failure in DD-WRT not PFSENSE.
    I solved this for the moment by allowing AP9 mac in CP. The problem is that everybody can now get in that way.

  • [FIXED] Captive + SSL + CARP VIP: VIP does'nt respond

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    C

    OK I found the problem.

    When you activate the captive portal it's impossible to join the CARP IP address of the interface where the captive portail activated.
    Just go in the menu: Services/Captive Portl /  Allowed IP addresses
    and add rules "direction" => To and put the CARP IP Address, in my case .85  And thats all good (very usefull for DNS reolution, you can now put .85 for the DNS in DHCP configuration, and the SSL for the captive portal working on the virtual IP address.)

  • Kiosk function in PFsense

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    Cry HavokC

    You probably want to ask that question in the Captive Portal forum, rather than the General one (after you've searched).

  • Assign IP and Limit mac address

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    GruensFroeschliG

    Please do not post the same question multiple times.

    No this is not possible.

    But even if it where possible.
    Beginning by having multiple subnets on the same physical layer.
    This is bad practice. Someone could assign himself directly an IP and have access to everything (in his subnet).
    Also its not good for your security to identify users based on MAC.
    Do you know how easy it is to sniff some traffic on a network and fake one of the "authenticated" MACs?

    Maybe if you could elaborate on what you're trying to do in the end someone could provide a better solution.

  • 0 Votes
    7 Posts
    5k Views
    D

    Just wanna ask a question;

    I have a similer problem but the situation is something like this:

    I have fixed computer's that are on the pass through macs list of the CP
    Those computer's are also on the static pool of the DHCP
    Firewall rules do apply to THOSE machines.

    But when I try to connect with a dinamic client, only the firewall rules apply which I set before turning CP on. (80 443 and msn live login port)
    They can't use the webcam on msn nor play WOW.

    The symptoms are, New rules (which works for ONLY static's) defined after CP turning on.
    Old rules works for auth'ing clients, but not the New ones.

    Any idea's?

  • Using the POST values….

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    A

    Nevermind, I found it out by myself. For those who are intrested in the solution:
    Log in to pfSense and go to Diagnostics -> Edit File.

    Edit the following file: /usr/local/captiveportal/index.php

    To use one of the POST value's you can alter the var called $my_redirecturl. Since I dont want to send the username in plain text I've put md5 encryption around it.

    Snippet:

    $my_redirurl .= "&id=" . md5($_POST['auth_user']);
  • Timer based accounts

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    D

    Thanks for the answer by the way  :)

    So can you tell me how did you achieved that goal? I do have an external MySQL DB Server so all I need is Chillispot. But I need guidance  :(

  • Kerberos?

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Limited number of mac addresses ?

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Simple radius account generation

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    B

    It is definitely what I'm looking for.
    I'll write down a post as a feature request, with some details of our shared "wish" :D

  • CP and squid with logs per AuthUser

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    I

    DestekTeknik,
    sorry to tell for pfsense, but the solution I found and I'm going to test is to use another appliance I found in the internet. Following the URL: http://www.zeroshell.net/

  • Captive portal stopped working after 1.2.2 upgrade

    Locked
    12
    0 Votes
    12 Posts
    9k Views
    D

    I made the assumption that the backup and restore of the config would take care of that.

    The 80/20 rule turned out to be true. I just got the version that was working, reloaded from scratch setting up the base config, and then imported that back in, and that worked perfectly. When I get some time, I will try the rebuild manually from scratch again and test it.

  • The simplist way to how i control people can get sevice

    Locked
    14
    0 Votes
    14 Posts
    7k Views
    A

    ok thank u all
    and i happy for all ur help

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.