Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal for 1 AP on my network

    Captive Portal
    4
    11
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      ast
      last edited by

      Hi!

      Just want to ask if I can apply Captive Portal to our set up, we want to use captive portal on WIFI AP 2, is this workable on our set up?

      I don't want clients on WIFI AP 2 to have access to file sharing on our 192.168.2.xxx network.

      TIA!

      ast
      pfsense_chart.png
      pfsense_chart.png_thumb

      1 Reply Last reply Reply Quote 0
      • NogBadTheBadN
        NogBadTheBad
        last edited by

        AP2 isn't an access-point its a Wi-Fi router, its WAN interface is on the same subnet that you want to block it will also be doing a NAT :)

        Get a couple of proper access-points and have multiple SSIDs it will make your life so much easier.

        Or if you have to use the Wi-Fi router connect it to another ethernet interface on your pfSense box and have it on its own network with firewall rules to block, remember to switch off DHCP and enable it on the new pfSense interface.

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        1 Reply Last reply Reply Quote 0
        • A
          ast
          last edited by

          @NogBadTheBad:

          AP2 isn't an access-point its a Wi-Fi router, its WAN interface is on the same subnet that you want to block it will also be doing a NAT :)

          Get a couple of proper access-points and have multiple SSIDs it will make your life so much easier.

          Or if you have to use the Wi-Fi router connect it to another ethernet interface on your pfSense box and have it on its own network with firewall rules to block, remember to switch off DHCP and enable it on the new pfSense interface.

          Thanks a lot for the reply!

          Yeah,  I'm planning to just use the wifi capability of the wifi router, so will turn off dhcp and plug in via 1 of the ethernet port.  Do I need to make a VLAN?  Just can't figure out how to have DHCP on VLAN.

          My pfsense box have 4 NICs.

          TIA!

          ast

          1 Reply Last reply Reply Quote 0
          • NogBadTheBadN
            NogBadTheBad
            last edited by

            If you have spare NICs you can connect AP2 to that on it's own subnet.

            Andy

            1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

            1 Reply Last reply Reply Quote 0
            • A
              ast
              last edited by

              @NogBadTheBad:

              If you have spare NICs you can connect AP2 to that on it's own subnet.

              Thanks for the tip!  Made another subnet for AP2, and enabled Captive Portal.

              1 Reply Last reply Reply Quote 0
              • A
                ast
                last edited by

                I'm trying our Captive Portal but reached a road block :(  do i really need to make the HTML files to make CP work?  Are there any ready made HTML file for CP?

                TIA!

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  You don't need CP at all it sounds like. Just block traffic using rules on the new wifi subnet to destination 192.168.2.0/24 if you don't want those users to be able to access those addresses.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • A
                    ast
                    last edited by

                    @Derelict:

                    You don't need CP at all it sounds like. Just block traffic using rules on the new wifi subnet to destination 192.168.2.0/24 if you don't want those users to be able to access those addresses.

                    Hi!  Thanks for the tip!  Can I ask on how to block the new subnet from accessing the 192.168.2.xxx? I know how to make firewall rules, just got mental block on how to block access to different subnet.

                    Tia!

                    Ast

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by

                      Block all traffic on that interface to destination 192.168.2.0/24

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • A
                        ast
                        last edited by

                        @Derelict:

                        Block all traffic on that interface to destination 192.168.2.0/24

                        Thanks a lot for the tip!

                        1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator
                          last edited by

                          Didn't we already go over this in this thread.

                          https://forum.pfsense.org/index.php?topic=133348.0

                          That you could just create a firewall rule to block access on your wifi router 2 network, and that you didn't need to nat it, etc. etc.

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.