Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CP Redirect Problems

    Captive Portal
    2
    6
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      petros
      last edited by

      Hi All
      I did see some info on this issue and tried some of the suggestions but still have not been able to get things working fully.

      My setup is that pfsense is in bridge mode. I bridged the lan and wan, assigned the bridge to opt1 and gave opt1 and ip address.

      I configured cp to use radius authentication and added ip addresses of the dns servers in allowed addresses of cp as was suggested in another thread.

      The users still do not get redirected to the portal page but I can log in manually at <ip_address:8000>I verified that the users can resolve from nslookup

      I ran  ipfw_context -l and got:

      Currently defined contextes and their members:
      portal_name: bridge0,

      I also ran ipfw -x portal_name list and got:

      65291 allow pfsync from any to any
      65292 allow carp from any to any
      65301 allow ip from any to any layer2 mac-type 0x0806,0x8035
      65302 allow ip from any to any layer2 mac-type 0x888e,0x88c7
      65303 allow ip from any to any layer2 mac-type 0x8863,0x8864
      65307 deny ip from any to any layer2 not mac-type 0x0800,0x86dd
      65310 allow ip from any to { 255.255.255.255 or ip_address } in
      65311 allow ip from { 255.255.255.255 or ip_address  } to any out
      65312 allow icmp from { 255.255.255.255 or ip_address  } to any out icmptypes 0
      65313 allow icmp from any to { 255.255.255.255 or ip_address  } in icmptypes 8
      65314 pipe tablearg ip from table(3) to any in
      65315 pipe tablearg ip from any to table(4) in
      65316 pipe tablearg ip from table(3) to any out
      65317 pipe tablearg ip from any to table(4) out
      65318 pipe tablearg ip from table(1) to any in
      65319 pipe tablearg ip from any to table(2) out
      65532 fwd 127.0.0.1,8000 tcp from any to any dst-port 80 in
      65533 allow tcp from any to any out
      65534 deny ip from any to any
      65535 allow ip from any to any

      I even did a restart just to see but no go.</ip_address:8000>

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Try entering something like http://8.8.8.8/ in the browser.

        If the browser is set to initially try an https site, it will hang.

        I've never set up a CP on a bridge like you are.  If you disable the portal can you browse normally?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • P
          petros
          last edited by

          Even if I enter a regular site it still comes back with website unavailable. I can browse normally once the cp is disabled. As soon as I enable it, I have this problem. Oh I forgot to mention, for the clients, I have to use the IP address of OPT1 as the gateway.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Even if I enter a regular site it still comes back with website unavailable. I can browse normally once the cp is disabled. As soon as I enable it, I have this problem. Oh I forgot to mention, for the clients, I have to use the IP address of OPT1 as the gateway.

            Hang on.  I don't get that you bridged LAN and WAN.  Are you trying to use CP on a transparent bridge?  That doesn't work.  If you bridge WAN and LAN, assign an IP address to the bridge interface, and your clients send traffic to the bridge interface as their default gateway, where is left for pfSense to route the traffic?

            “Captive portal

            Captive portal (Chapter 24, Captive Portal) is not compatible with transparent bridging because it requires an IP on the interface being bridged, used to serve the portal contents, and that IP must be the gateway for clients. This means that you can't, for example, bridge LAN to WAN and hope to capture clients with the portal.”

            Excerpt From: Jim Pingle. “pfSense-2.1-book.epub.”

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • P
              petros
              last edited by

              Well I was actually setting it up as the book recommended on page 227 right after the paragraph you quoted.
              Below is the quote:

              In pfSense 2.0 and later this can work if you are bridging multiple local interfaces to all route through
              pfSense (e.g. LAN1, LAN2, LAN3, etc). If you assign the bridge interface, give it an IP, and that IP
              is used as the gateway by clients on the bridge, then it can function as expected.

              1 Reply Last reply Reply Quote 0
              • P
                petros
                last edited by

                Y'know, looking at the paragraph again, I think I misunderstood it. Thanks for that pointer.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.