Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Exclude an Interface from DNSBL

    Captive Portal
    2
    5
    679
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AYSMAN
      last edited by

      Hi Guys,

      Hope someone will be able to point me in the right direction here, Here's my network layout.

      LAN 1  - 10.10.1.0/20 - Guest Network
      LAN 2  - 192.168.1.0/24 - Admin Network

      WAN - PPPoE

      I'm running Captive Portal on LAN 1. I have installed and configured pfblockerng to block certain websites on the Admin Network, But my problem is the same blocking applies to the Guest Network. My question is, How do I exclude the LAN 1's (Guest Network)  traffic from being filtered by pfblockerng? I already tried using 8.8.8.8 to bypass blocking as the default DNS for LAN 1 but this breaks the redirection to the Captive Portal page.

      Any Ideas?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Just pass 8.8.8.8/8.8.4.4 in the captive portal.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • A
          AYSMAN
          last edited by

          Hi Derelict

          Apologies if I posted on the wrong topic. If I bypass 8.8.8.8 and 8.8.4.4 on the captive portal do the clients still get redirected to the Captive Portal even in I use those DNS on the interface where the CP is enabled?

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Captive portal clients have to be able to resolve names to make the initial connection that triggers the redirect to the captive portal.

            If you do not want them set them to use the DNS resolver in pfSense because you are using DNSBL there, you must tell them to use something else.

            You must pass those DNS servers using the Allowed IP addresses in the Captive Portal or they will not be able to resolve names prior to authentication through the portal.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • A
              AYSMAN
              last edited by

              Worked Great!

              Thanks

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.