Using pfsense as a wifi gateway
-
Hi,
I have several wireless APs that are deployed in a small business. Currently each AP filters MACs on the AP itself. I want to find a solution where I can have one system sitting between my APs and my trusted network to filter the MAC address for me. This way I don't have to type one MAC into 16 different APs.Is it possible to use pfsense to filter MACs when passing traffic from one interface to another?
-
Captive portal can do pass through mac authentication. Maybe that would work for you? Not sure why you would use mac filtering and not a key, certificate or password based approach. what are you trying to achieve?
-
I am trying to create a simple device that just filters MACs. This pfsense box might also fun havp and squid. The reason I don't want to use certificates or password based auth with RADIUS is because some devices connecting don't support cert or pass based auth, like maybe a Wii. Just MAC filtering would simply provide the security i am looking for.
The APs could use other security. I was looking at the pf commands for MAC blocking and couldn't find anything that is Nativity support in the stable release of pfsense. I could do it with ip tables and create a web GUI for it, but again I would like pfsense. Maybe someone has done this before with something else like IPCop?
-
FreeBSD 7.1 added mac blacklisting via arp(8), so this would be available (from the command line) in the 1.2.3 snapshots. There is also arp white or blacklisting via wlan_acl (see ifconfig) for wireless interfaces. I suspect that no one has bothered to add these to the gui due to the fact that MAC addresses are easily spoofable.
-
An excellent solution dotdash.
Perhaps I could take a look at a snapshot and contribute a WebGUI for MAC filtering? -
You could either create a diff and send it to someone on the core team, or create a git clone and submit the changes for review. You would just need to add an interface for the mac: commands and maybe have the wireless status also show the list mac output.