Captive portal will not redirect to portal page

Derelict

8002 actually.

Gertjan

Hummm …

Right for the '8002' !

The port will be choses by the redirection in pfSEnse. Visitors don't have to know these details.

jbrown

Thanks.  I will do that.

What about my issue with my vlan 255 on my cisco 3560 having an ip address of 172.16.255.1 - same ip address as my OPTx interface.

How does one go about this?  Sorry, very new to all of this.

thanks again

Derelict

Assign different addresses on the same subnet to your interfaces.

jbrown

I need to back up a bit….

When you posted about how it should be at 8002 and not 8000 i was still on pfSense 2.1.5.  I didnt realize until after I posted my last post.  so i did the upgrade (which i lost my squid proxy and content filter, but whatever - was still in trial mode anyways)

So now that I am upgraded to latest and greatest.  I deleted all my captive portal instances and started a fresh one on a OPTx interface.  I enable it.  It lets me go right to the url i want to go to without going to the redirect page.  i also tried 172.16.255.2:8002/login.php  i get nothing.

So confused

Derelict

Are you behind another router?

Anything in any of the passthroughs? (IP, Hostname, MAC?)

Any users listed in Status > Captive Portal??

Instead of saying what you think you did, how about posting what you've actually done.  Interface config, portal config, firewall rules, etc.

https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting#Captive_portal_not_redirecting

jbrown

Ok, forget about my OPTx interfaces, i have another issue with that.

So I set up captive portal back on my lan interface again and it redirects me to the captive portal page.  however, when i enter a username and password and click continue it just reloads the portal page as if i entered in the username and password wrong.  i have captive portal set to no authentication.  Any help?

I am getting somewhere thanks to your help, just need a lot of hand holding.  ;D

Derelict

If your browser thinks it's going to the portal page URL, that will happen.  It might also try to redirect you to the page you attempted.  There is a lot to be desired regarding pfSense's CP handling of this.

1. After you log in, is there an IP/MAC entry in Status > Captive Portal??
2. After you log in, if you manually enter an outside URL, does it work?

If you always want to be redirected after login regardless, use the After authentication Redirection URL in the captive portal settings.

I would like to see much better handling of the originally attempted URL.  It'd also be nice to have some way to redirect things like the Apple test URLs to something sane too.

I have looked at the code and got scared away.

In general it works well enough.

jbrown

After I log in, yes there is a IP/MAC entry.
After I log in, if i manually enter an outside url, no, it does not work.

I tried using the after uthentication redirection url - when i logged in, it reloaded the portal page but it changed the redirurl to what it should be.

thoughts?

Derelict

"Does not work" gives us nothing to go on.

Post your config.  You probably don't have firewall rules for DNS, or wrong DNS servers, or no firewall rules allowing traffic out, or no NAT rules, or ??.  With what we have it'd just be a guess.  Did you go through the list in the link above?

jbrown

This use to work before so not sure what happened.

when i say does not work, i mean that it will go back to the portal page if i enter an outside url.

how do i post config?  just post the whole xml?

Derelict

Screen shots are probably better.  You have something hosed if you get a captive portal entry for the correct IP/MAC pair and keep getting redirected to the portal page when you enter other URLs.  How about just ping?  Can you ping, say, 8.8.8.8 after logging in?

jbrown

I cant ping 8.8.8.8 after logging into captive portal.  what screen shots would you want?  thanks again.

Derelict

Captive portal, LAN, LAN Rules, outbound NAT, DHCP Server.

Gertjan

… added to that: what services are running ? (Status => Services) - logs extracts from Stats => System logs => Portal Auth and DHCP (all lines that are related to the Portail Interface - you can remove the others)

Derelict

If this is squid again I give up.

jbrown

I attached screenshots, hopefully this helps.  i am not using dhcp on pfsense.

Derelict

And if you open a browser after authentication and enter www.cnn.com from host 04:7d:7b1c:7f / 172.16.1.184 you get the portal page again?

Let me spin up a quick captive portal on "pfSense B" LAN (diagram in the sig) and see what's what.

Derelict

Works fine here.

$ ipfw -x 2 list
65291 allow pfsync from any to any
65292 allow carp from any to any
65301 allow ip from any to any layer2 mac-type 0x0806,0x8035
65302 allow ip from any to any layer2 mac-type 0x888e,0x88c7
65303 allow ip from any to any layer2 mac-type 0x8863,0x8864
65307 deny ip from any to any layer2 not mac-type 0x0800,0x86dd
65310 allow ip from any to { 255.255.255.255 or 172.26.2.1 } in
65311 allow ip from { 255.255.255.255 or 172.26.2.1 } to any out
65312 allow icmp from { 255.255.255.255 or 172.26.2.1 } to any out icmptypes 0
65313 allow icmp from any to { 255.255.255.255 or 172.26.2.1 } in icmptypes 8
65314 pipe tablearg ip from table(3) to any in
65315 pipe tablearg ip from any to table(4) in
65316 pipe tablearg ip from table(3) to any out
65317 pipe tablearg ip from any to table(4) out
65318 pipe tablearg ip from table(1) to any in
65319 pipe tablearg ip from any to table(2) out
65532 fwd 127.0.0.1,8002 tcp from any to any dst-port 80 in
65533 allow tcp from any to any out
65534 deny ip from any to any
65535 allow ip from any to any

$ ipfw -x 2 table 1 list
172.26.2.100/32 mac 8a:7c:f4:f8:e1:6f 2000

$ ipfw -x 2 table 2 list
172.26.2.100/32 mac 8a:7c:f4:f8:e1:6f 2001

jbrown

Correct, I get the login page again and i cant ping anything.

any suggestions?